Ziti Mobile Edge Prevents LAN Traffic From Resolving/Connecting

Support General Questions
1

Having ziti mobile edge active on android prevents network printers from being visible while on wifi.
I have also noticed that this prevents things like "private DNS" on android from resolving/connecting.

Regarding printing, I also created a service that forwards a number of ports to a network printer, but it always shows the printer as offline.
To be certain, I forwarded a port range of 1-65535, and allowed TCP and UDP.

2

can you elaborate on your setup? What Android Print Service do you use?
maybe a screenshot of your Settings/Print Service with and without tunneler active?

3

Sure!

I am using the default print service.

Here is a screenshot without the tunneler active:

Tunnel-Inactive
Tunnel-Inactive864×1920 40.9 KB

Here is a screenshot with the tunneler active:

Tunnel-Active
Tunnel-Active864×1920 39.3 KB

I created the service with these commands:

ziti edge create config printer-intercept-config intercept.v1 '{"protocols":["tcp", "udp"], "addresses":["printer.domain.com"], "portRanges":[{"low":80, "high":80}, {"low":443, "high":443}, {"low":8080, "high":8080}, {"low":9100, "high":9100}, {"low":515, "high":515}, {"low":631, "high":631}, {"low":161, "high":161}, {"low":137, "high":139}, {"low":445, "high":445}, {"low":25, "high":445}]}'
ziti edge create config printer-host-config host.v1 '{"address":"xxx.xxx.xxx.xxx","forwardProtocol":true,"forwardPort":true,"allowedProtocols":["tcp", "udp"],"allowedPortRanges":[{"low":80, "high":80}, {"low":443, "high":443}, {"low":8080, "high":8080}, {"low":9100, "high":9100}, {"low":515, "high":515}, {"low":631, "high":631}, {"low":161, "high":161}, {"low":137, "high":139}, {"low":445, "high":445}, {"low":25, "high":445}]}'
ziti edge create service printer --configs printer-intercept-config,printer-host-config
ziti edge create service-policy printer-dial-policy Dial --semantic AnyOf --service-roles @printer-id-goes-here --identity-roles '#all-services'
ziti edge create service-policy printer-bind-policy Bind --semantic AnyOf --service-roles @printer-id-goes-here --identity-roles @router-id-goes-here

I did try this with wireguard, and it fails to find the printer there as well.

4

what version of ZME are you running?

5

I am running version 0.12.2 :slight_smile:

6

so, as far as I can tell, you have two unrelated issues:

  1. lan printer discovery when ZME is running
  2. connecting a printer over ziti network

re (1) - I've tried several devices I have and all of them (including development emulators) did not have any issues with my local printer discovery

screen-20241213-1316362

re (2) I have not tried to setup a printer service

Edit: what happens if you try to add printer by IP address while ZME is running?

Edit2: make sure you don't have a service that might intercept local traffic