Ziti -tunnel-sdk-c for terminating the TCP session locally

Hi,
This is my weekend attempt to understand how ziti-tunnel-sdk-c can be used to terminate the tcp session locally by using lwip and pass the intercepted TCP payload to some server (using some transport, it could be very well another TCP session, for example).

This is what I want to achieve:
Browser(TCP App) ----->tun interface(created by ziti)---->ziti lwip (extract TCP payload)---->my-code-prints-the-packet[it doesn’t exist yet]

Here’s what I think I need to do:
1. run ziti-edge-tunnel on ubuntu [cmd: ziti-edge-tunnel run]
[I am assuming that this will create a tun interface which will start intercepting all the TCP, for example, packets].
2. Modify some ziti sdk file which is extracting the payload to print the packet.

Question is, how do I achieve above?

Here’s what I have done so far:
I have cloned GitHub - openziti/ziti-tunnel-sdk-c
I have compiled the code
mkdir ziti-tunnel-sdk-c/build
cd ziti-tunnel-sdk-c/build
cmake … && make

When I run ziti-edge-tunnel, I get following error:
sudo ./ziti-edge-tunnel run
[ 0.000] WARN ziti-edge-tunnel:programs/ziti-edge-tunnel/ziti-edge-tunnel.c:199 run(): No DNS support specified; services won’t be available by DNS names
[ 0.007] INFO ziti-tunnel-sdk-c:lib/ziti_tunnel.c:44 ziti_tunneler_init(): Ziti Tunneler SDK (v0.7.14)
[ 0.008] INFO ziti-sdk:build/_deps/ziti-sdk-c-src/library/ziti.c:194 ziti_init_opts(): Ziti C SDK version 0.17.13-local @b9e3ed2(HEAD) starting at (2020-12-06T14:21:32.996)
[ 0.008] ERROR ziti-sdk:build/_deps/ziti-sdk-c-src/library/ziti.c:200 ziti_init_opts(): config or controller/tls has to be set
[ 0.008] ERROR ziti-edge-tunnel:programs/ziti-edge-tunnel/ziti-edge-tunnel.c:111 run_tunnel(): failed to initialize ziti

I need a quick help from the experts on what’s the next step for me. If there is a documentation available then that will be even great.

Hi @shikumar,

Can we take a step back and clarify some things first. Do you have a controller up and running and available? Do you have an edge router up and running? Those two componets are definitely needed. Secondly do you need to use the tunneler sdk in this way? It’s a lot easier to start out using the prebuilt ziti-tunnel which you can get from here and read about here but maybe you need to use the tunneler sdk for some reason? It’d certainly be wise to make sure the overall overlay is working first though before going too far down that path.

Does that help at all? I’m happy to try to get you through this and get it working. There’s still a fair amount of doc we have not written yet so please just ask back on this post and we can try to get you up and running.

Hi @TheLumberjack,
No, I don’t have a controller up and running. I got interested in ziti because it is using lwip. My interest is just to leverage the lwip hooks from ziti code and play with lwip tcp stack. And to do this, I want to intercept the packet and pass it to lwip stack. Conceptually, it should be straight forward but this is my only few hours weekend effort, without help it may end up taking long time. That’s why I am reaching out to you folks.
My interest is in using the code, compiling it and make above app (the application stack I mentioned in the original message) working. I don’t just want to download image as it doesn’t give me the feel for lwip code.

Hi @shikumar,

I understand better what you’re trying to do now, thanks. If you are only interested in the lwip bits you could start by removing code that’s in your path that deals with DNS and exclusively use IP addresses.

Ziti itself focuses on providing a truly zero trust paradigm and this particular project is trying to be a “tunneling app” in that paradigm so it’s doing a fair amount of other stuff you may not be interested in. In short it will:

  • use an enrolled identity to validate the client is authorized to use the ziti network
  • query the controller for all the services assigned to this identity
  • provide the ‘intercept’ capabilities you’re looking for both for IP and DNS (in conjunction with dnsmasq)

Personally, I always find it easier to learn/debug unfamiliar code with a client that’s operational. That’s where I was heading with the controller. If you have the controller up and running you at least setup and use an identity and then use the existing ziti-edge-tunnel code to ‘step through’ and see what’s going on, when and how but I can see that you might not need or want that.

I honestly think starting a controller and enrolling an identity will be easier for you. So here’s a quick set of steps that will get you to a ‘working controller and enrolled identity’. you should then be able to use that identity and debug the app. These steps should take you no more than five or ten total minutes.

Make a directory under HOME and setup some variables:

  • mkdir -p ~/ziti-tunneler-sdk-c-demo
  • cd ~/ziti-tunneler-sdk-c-demo
  • demodir=$(pwd)
  • zitidir=${demodir}/ziti

clone the repo to get some setup scripts:

  • git clone git@github.com:openziti/ziti.git ${demodir}/ziti
  • cd ${demodir}/ziti
  • git checkout update-local-quickstart

download a set of binaries to get you going:

  • wget https://netfoundry.jfrog.io/netfoundry/ziti-release/ziti-all/0.17.5/ziti-all.0.17.5.tar.gz
  • tar xvf ziti-all.0.17.5.tar.gz

setup some fake hostnames to allow the scripts to succeed:

  • echo "127.0.0.1 local-ziti-controller local-ziti-edge-controller local-ziti-zac local-ziti-edge-router local-ziti-edge-wss-router local-ziti-fabric-router-br local-ziti-fabric-router-blue local-ziti-fabric-router-red" | sudo tee -a /etc/hosts

startup a local ziti-controller and ziti-routers

  • ${zitidir}/quickstart/local/init.sh ${zitidir}/amd64/linux/ local-ziti

enroll a ziti identity so that you can have the existing code run without too much effort

  • ziti-tunnel enroll test_identity.jwt

setup an ip intercepted service that intercepts 11.11.11.11:2222 and sends to eth0.me [edited]

  • SVC_NAME=iphost
  • SVC_HOST=11.11.11.11
  • SVC_PORT=2222
  • TCP_HOST_PORT=tcp:eth0.me:80
  • ziti edge controller create config "${SVC_NAME}svcconfig" ziti-tunneler-client.v1 '{ "hostname" : "'"${SVC_HOST}"'", "port" : '"${SVC_PORT}"' }'
  • ziti edge controller create service "${SVC_NAME}svc" --configs "${SVC_NAME}svcconfig"
  • ziti edge controller create terminator "${SVC_NAME}svc" "${ZITI_EDGE_ROUTER_NAME}" $TCP_HOST_PORT

clone the ziti-tunnel-sdk-c repo and build it (i expect you can skip these steps)

  • git clone git@github.com:openziti/ziti-tunnel-sdk-c.git
  • tunnelsdkcdir=${zitidir}/ziti-tunnel-sdk-c
  • cmake -S ${tunnelsdkcdir} -B ${tunnelsdkcdir}/build
  • cmake --build ${tunnelsdkcdir}/build

run the built executable or run from the IDE debugger:

  • ~/ziti-tunneler-sdk-c-demo/ziti/ziti-tunnel-sdk-c/build/programs/ziti-edge-tunnel/ziti-edge-tunnel run ./test_identity.json

At this point you should be able to curl 11.11.11.11:2222 and see intercepted traffic…

when you’re done, cleanup this folder if you want - it contains the environment you just setup…

  • rm -rf ~/.ziti/quickstart/local-ziti/

I know it seems like a lot of steps but they all should be copy/paste for you so shouldn’t take too long. Let me know if you get this far or if i’ve scared you off! :slight_smile:

Excellent! Thanks @TheLumberjack for the elaborate response. Your passionate response is inspiring me to again wake up at 4 AM tomorrow to try these steps you mentioned, I can’t wait till the weekend.

Quickly glanced through the steps, they are very clear. I should be able to get it done. And of course, knowing that people like you are to there to help, it gives extra assurance. Thank you! You will hear from me tomorrow.

I have “ZITI IS RUNNING local-ziti:” prompt from where I setup the intercepted service for 11.11.11.11:2222 by running ziti edge controller commands like you mentioned.

And then I ran ziti-edge-tunnel run ./test_identify.json [I copied this json file from ~/.ziti/quickstart/local-ziti from where I am running the command]
I got following error:

[ 0.000] INFO lib/ziti_tunnel.c:44 ziti_tunneler_init() Ziti Tunneler SDK (v0.7.22)
[ 0.000] INFO build/_deps/ziti-sdk-c-src/library/ziti.c:190 ziti_init_opts() Ziti C SDK version 0.18.2-local @75d81a3(HEAD) starting at (2020-12-09T15:01:36.811)
[ 0.000] ERROR build/_deps/ziti-sdk-c-src/library/ziti.c:195 ziti_init_opts() config or controller/tls has to be set
[ 0.000] ERROR programs/ziti-edge-tunnel/ziti-edge-tunnel.c:112 run_tunnel() failed to initialize ziti

pretty much all the steps you mentioned went smooth except that I had to download jq and dos2unix packages. ALso, instead of using git@github.com:openziti/ziti-tunnel-sdk-c.git, I used https://github.com/openziti/ziti-tunnel-sdk-c.git [I am just listing out the things I did differently, it shouldn’t make any difference]

Awesome - we’re almost there! the changes you made are perfectly reasonable and I’m glad you made it through those and thanks for that feedback.

Just to make sure things all wired up correctly… let’s check a few things…

In your post you mention: ziti-edge-tunnel run ./test_identify.json <-- did you mistype that in the comment? or in the shell too? that should be a ‘t’ as in “identity” not an ‘f’ as in “identify” those letters both look the same, and make two different valid words! so is there a chance you just typo’ed that on the command line?

Let’s start there since I THINK that’s the problem… :slight_smile: to be clear the command you should run is:

ziti-edge-tunnel run ./test_identiy.json (notice here: test_identi**t**y.json

The next thing to check is that this file is valid json. It contains your private key and things are ‘ok’. Here’s what one of mine looks like:

{
    "ztAPI": "https://local-ziti-controller:443",
    "id": {
        "key": "pem:-----BEGIN EC PRIVATE KEY-----\nM.....=\n-----END EC PRIVATE KEY-----\n",
        "cert": "pem:-----BEGIN CERTIFICATE-----\nMI.....3dw==\n-----END CERTIFICATE-----\n",
        "ca": "pem:-----BEGIN CERTIFICATE-----\nMI.....6fOT\n-----END CERTIFICATE-----\n"
    },
    "configTypes": null
}

does your config seem valid?

good eye but it was a typo. I am using test_identity.json :slight_smile:

This is my test_identity.json

~/.ziti/quickstart/local-ziti$ more test_identity.json
{“ztAPI”:“https://local-ziti-edge-controller:1280”,“id”:{“key”:“pem:-----BEGIN RSA PRIVAT
E KEY-----\nMIIJKAIBAAKCAgEAwUDyJP9nQY3r0nEjPfciHWO9K/vG1Qj4Rh8mXYgwtLlgA8M8\n0TjHB1ugqzO
D2s8oG+eqw5IeB52o/aA/Aqu9n73Z7GOp6LBEKqTQ7OWVkKT8u7Yr\nYuNT4bNUQ2/aJyVYlJOoMRMlxC6kAeLSFk
UfGhMIXYru1LDcqTP0yjw0INuXTAp5\nMkXEwv/IPSMrzlCUpFufQBkYUtt0gdWWsRMCoCYtkMJyWwJQ4JFh5msdB
WgnitqE\n4Lm3AVk9gwOiOsAQkuQD5xbwiX2ezL0H6X3M/LZ3BKcjqm5nsL4XYh/avTZ20cfj\n3HhMC++f0j/dHU
1T00CS/bqnaIJ3nzgiuHoJkIjvLMGeXYoPBgczOHAsm/CpsCcI\nzVBPjmcr07hSQKxAaOqRr9ffkYFHjah0xvSC7
klKtcH9FKl38J4h+BN95HE9P1ri\nujOzRmU9Kzcw0yVQ596np50UEYMcyTiMqCspdk3av9bALxVfWqh8Jn2+qEgu
W1Mp\nYNCd33qiJAEE9TxVOjhKZJKjHKURoVodwoE6/xtxI5P6+9/vuURzfEZe3aDQsyWs\nlOVYVEd7PQ8udo5SO
6M8DsPAFgRsS0n7vDHWTIxNBZtusac6LUIdoRsZURqluHEs\nxIFOmH/vBBIXPQ8JYs2pTlM6VetzaiWjrD9DDgA8
iNz8rq2bGy0UOYGrIKUCAwEA\nAQKCAgBXsYvv5AHMCoWncfWHCdzuLzNJgS/hvfdDgqEbMlC/wZrjOjYfzr7qBNc
s\nuOytXvGZcA/aPTTpSc7EgHH3WU1r7m+0SCly0IGuRCoWRbwP7f5Ng8W+Ut/efEzR\naTE6MEU47qQU2NZ7Zpq/
zFh/CJCreVWDdScZVsRa95uuJZGWE29dbyc9+9Dkl8Ma\nkxouvfwldPoX0QtrlfARdoWyBqlbWNe2Z7YSvENNFEu
zjomVyYSgCrbfbwavUvqJ\nuB1mwX8D2Po4Y/10to9X4rNzbcWWK4pojxutG/prhmb//Op6j/ttCGLKyb/gbrU8\n
aASDZnKSWywYfRm4X/O+SW/f/GjX5NVN1y+NM0BCEQGKICVoUKNlj33cC1o15/UT\nANLIScqJd8D3EiXxVKkkPJH
OFVwsqzouZ8e0mZhmx4RudKP6Tt2Ri3MQvG3Gf+hJ\n2P8iI/QaU5ZSbfBSXVlaD7BTVDj88vQ6kG/1l4fJLFmHlS
8RTKB4ncJBNl6Idopz\nlUqvu0pCtslPPeXGrxtjNEGPyv+TmTYDJ6YDr46qq5ZihQkRv0gd89YeFDT2IorB\nObz
moQkNVAIziiGSu8PX2aPFnhxBXcejMGTlHgDPhXKO0ZNUkRGzAyrTdeRgKzIG\nsHPERR+dgLAbSJFDLABn0Md7VD
VygbSKuAKVM1JmeWelWCAYgQKCAQEA/ggTWa6+\nT+M8t+oJSIhei7su1rdUutGLtIR4qfontA21IBI0UFpJUp6vT
xc1a2fi6z/2aKOa\nofwKpjtEOply/fW7mNWqJFxYW5Sago046SSs2CrJTKRn6CiksMjted32mTTMKBhY\nFZ04Sn
GtRc+Tb4cfpfHdMYhkzPFJj1I3NcfH9UtO3g5lgPoU61SR+EjembrV5pU9\nfSC+Xlgw7fX5jAz3XPX/RGe5ykhjc
IlieZDc+ooJ6ty0e3yftuu0qSh1WQdVvxLZ\nNvMPmQTlGTjGpVkcj2eyQ/EtutGUPfmkUJrGVMeblngzwGk3KigT
eAVlozoBCoNa\nF69Z+j5tnQ+WxQKCAQEAwsBOBhvZBBTk9QGWpUhaBlsG/eh4zlJQHmliqqVAiV5g\n0or+RSaum
zj2ZyfQKLMtZGedu/biJtf+lq2WUgYIbDaLWa397T8g8xKCP/066ll5\nFa8u78SY5kllIEgh2UtrfnmkEVGPMZIl
XKG4eWTURSCiACiAbCJOkb2cEAJ/TmfL\nPpjweRkSCUbZG/oO3QTnrVDuCMW0jx7hMUgiNi2o3LNMZN2mOyxOoz1
EnZ6PETzB\nxgcUqFzYHnBbnfspLzk2WMCc2E23B+vAk9wEr3gjmot09OhDzuw8UKlHR5u1pIOB\nsHxLJhV40PVa
Aq09T1jwiIqQDAAHtNYkJKgHV+cAYQKCAQBrMu03g048WCBfXBve\nx+1d+feiFGtlCthxrRVeZXoruT0d85Cv9+n
JO72vGpQoZwaTT8KkFaZDhSDZVVlN\ngUPNd81aiY/rGC0ROHybaw0BFcD619NqzFYs2jnlgGT2cHyH2ofsw5koRd
hjUeVU\n+Gu3PMZWOOKm7G/dLFVmbcNupofzM3xsqJac/uulA2M160pEhVuOmpwAGbk8Bute\n/9X3C+G3EPhP3ZX
BjxqnetJbio42C9pzif9/vO+JOZ5bY/9hOn8syr9vONL0N+SV\n6CerzxcGTTQlB7nMhHSSUq7MdQQM8s7tiHwOTl
hBKfhNRbnGT8vwq81xAUZvG7kV\n9mYhAoIBAQCMH7WD67F/oFEEf/oWPjKX9BLZydRyDwOafhUB1xjSPdfIZT2CH
8zt\n3lRb8GdzgUgdv/fb8EzTygFiBM/tgG26/pvREMFtXEim3CBfTiJ/z5Sxp3RMC9Y/\ni3t5eKzyHbPgMkF8PI
SdFBxRxAJpRcT9X/dvybRtGVoSvqx1UHaswT2Zco1DdGhn\nyFQaLxdWq1rOdzZtlWLOv1ckEFSdSsj+0vsab+hVF
xIVndWq2xTxQBfkFeAlK3hM\nnmctCjOdyLpzrVKsx230Awpy2JF+dyCW59RlCmEPlyXmm4Wv3jcZgY1koGmpozVk
\nk8QJvQAqAUI/3AK8v6DL2m/y9/sgohLBAoIBAH8td8q59ObZBnkWopYQMxIngmUI\nLxyzaRFCrG6R4j+SfweP1
VldoT9Yd366vvsCNL7XVQZln4bB1BeHQWNWqcWysTLJ\nvE5Vwc3aqvwXAoEJ9T2PpMV9V1kVNtoXRinP3vuRSfad
VkKt81F2sjeCAhaLFIRi\nLAaj98YapJdJJs1J043ZAeNgjcOt42CPninFejGAmSOGcrB3O4Jgfd9oW6r2b+ZR\nw
dBFjCv/gWMVvN3CFbLTnHnPfrz9m3gJJD3K6ax0SjyMiV9EjgNxeLm1pUETFa93\nmAVMRB8al4GJkI3YSk+PrJEF
q9HVp9uGEKllvEb9IHB9I+6Xjt9ckw3GcRk=\n-----END RSA PRIVATE KEY-----\n”,“cert”:“pem:-----B
EGIN CERTIFICATE-----\nMIIFdzCCA1+gAwIBAgIDAUblMA0GCSqGSIb3DQEBCwUAMHIxCzAJBgNVBAYTAlVT\n
MRIwEAYDVQQHEwlDaGFybG90dGUxEzARBgNVBAoTCk5ldEZvdW5kcnkxEDAOBgNV\nBAsTB0FEVi1ERVYxKDAmBgN
VBAMTH2xvY2FsLXppdGktc2lnbmluZy1pbnRlcm1l\nZGlhdGUwHhcNMjAxMjA5MTQyODMyWhcNMjExMjA5MTQyOT
MyWjBAMQswCQYDVQQG\nEwJVUzETMBEGA1UEChMKTmV0Rm91bmRyeTEcMBoGA1UEAxMTc2hpa3VtYXItVmly\ndHV
hbEJveDCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAMFA8iT/Z0GN\n69JxIz33Ih1jvSv7xtUI+EYfJl
2IMLS5YAPDPNE4xwdboKszg9rPKBvnqsOSHged\nqP2gPwKrvZ+92exjqeiwRCqk0OzllZCk/Lu2K2LjU+GzVENv2
iclWJSTqDETJcQu\npAHi0hZFHxoTCF2K7tSw3Kkz9Mo8NCDbl0wKeTJFxML/yD0jK85QlKRbn0AZGFLb\ndIHVlr
ETAqAmLZDCclsCUOCRYeZrHQVoJ4rahOC5twFZPYMDojrAEJLkA+cW8Il9\nnsy9B+l9zPy2dwSnI6puZ7C+F2If2
r02dtHH49x4TAvvn9I/3R1NU9NAkv26p2iC\nd584Irh6CZCI7yzBnl2KDwYHMzhwLJvwqbAnCM1QT45nK9O4UkCs
QGjqka/X35GB\nR42odMb0gu5JSrXB/RSpd/CeIfgTfeRxPT9a4rozs0ZlPSs3MNMlUOfep6edFBGD\nHMk4jKgrK
XZN2r/WwC8VX1qofCZ9vqhILltTKWDQnd96oiQBBPU8VTo4SmSSoxyl\nEaFaHcKBOv8bcSOT+vvf77lEc3xGXt2g
0LMlrJTlWFRHez0PLnaOUjujPA7DwBYE\nbEtJ+7wx1kyMTQWbbrGnOi1CHaEbGVEapbhxLMSBTph/7wQSFz0PCWL
NqU5TOlXr\nc2olo6w/Qw4APIjc/K6tmxstFDmBqyClAgMBAAGjSDBGMA4GA1UdDwEB/wQEAwIE\nsDATBgNVHSUE
DDAKBggrBgEFBQcDAjAfBgNVHSMEGDAWgBQXhB29bjc+osdoaiYm\n7SB5Dn+qOTANBgkqhkiG9w0BAQsFAAOCAgE
AA3g2wy3I9ZSP8Mn4PWVi+FiMILa0\nWtVctbtc5uzYm4dVYYRvAVZ0q++hV85LnfSPtsbRFGFI6vzn4XzrWSRKOw
MVPtvB\ngEGNDNjl74Wt6upDGfpgFYtHTHwaCXxvM/OztIMupNzmWXgULbLk1AaPufyrOrUi\nKtqf9KEwLtf97vX
D0qTwNnhCU+u8FqZe+kEivzgNql+5+9jxADKBD0K9H0d6WjN2\nZTBY41TQ1VRdQZkO75p8px1TwyoISGFX9zuBUH
8DQydT+761dYqhJP8bnkofEbbj\nnCNf7TZTyGHRSO20ReVQ3UWLP3hO4y7W2T464VCjxal7x+Hqcr+/GIhfL8Vbp
lb/\nvwg6GkkUMsPkhmwLQtZ/38IsbOW/0YscDSMp2+xNCrRycfSjZ3b/4uQZap6TBh4B\nwwZszd84uY5S+BSByt
fkgolGKVNPwPHHsQWvToXBYDrgX17wxy4rdN2IIebme5Kp\njpE8mHvJIFSeusTtA+stxg6IVImy254+KFdzw3FK5
Ros/X1owjFOk6cUYdBT+ieF\n6CDUJ8q4hhmvEejBhcHrU37Q2QnB8CoDpL0Ql8ei3WLH+81uutfHVQ/rcyzNXzDZ
\nhtZX0ARClByzx/87bcRTTsmbOanJnCRVXaOS9yvnzGvUbKUw7nrtRxmsw8wshHHw\nnfVhMse95wxM4l8=\n—
–END CERTIFICATE-----\n”,“ca”:“pem:-----BEGIN CERTIFICATE-----\nMIIGBDCCA+ygAwIBAgIQSZi9
1Km5gqqubhKTfU5h9DANBgkqhkiG9w0BAQsFADB1\nMQswCQYDVQQGEwJVUzESMBAGA1UEBxMJQ2hhcmxvdHRlMRM
wEQYDVQQKEwpOZXRG\nb3VuZHJ5MRAwDgYDVQQLEwdBRFYtREVWMSswKQYDVQQDEyJsb2NhbC16aXRpLWNv\nbnRy
b2xsZXItaW50ZXJtZWRpYXRlMB4XDTIwMTIwOTE0MjcwM1oXDTIxMTIwOTE0\nMjgwMVowezELMAkGA1UEBhMCVVM
xEjAQBgNVBAcTCUNoYXJsb3R0ZTETMBEGA1UE\nChMKTmV0Rm91bmRyeTEQMA4GA1UECxMHQURWLURFVjExMC8GA1
UEAxMobG9jYWwt\neml0aS1jb250cm9sbGVyIHNlcnZlciBjZXJ0aWZpY2F0ZTCCAiIwDQYJKoZIhvcN\nAQEBBQA
DggIPADCCAgoCggIBAK/oPUdCRIvo030sQorXyT76CwSk2YIz2JMz6cmD\nFa2Z+V6SpYioJ7yFsijVJ/H6pFw5P0
2YBYKfzwRhzslWn+fJLVbPCUiFkDP3f/m5\n62Hh4R5xIDTwCLljkJg8F9mVrheAvZNsLfVYPrk3yhnkDYmYZmLT3
rLXzEVyaOER\nTJIZq+YfUstB6Pf2QrWnrSoy1DamA30PjPUFgK8zwbR7/5rs+uYzYOfvY8iuzD9l\nqkiwRGSb+E
HvSlOokjrcetXVgBo3Q069feYjGPAn28cKCV4ePZU1YsHRF/7mh7zv\n3IBanS+mNeqFtR1bMKOp8LBT3ebW5NCU+
ZRiyfNEtZr21q2Ptx3RspfuHrd4XTnB\nByc3fRpHO0HmDT0tpJTCEj7WT36mBb2aZqm9Y8kMmH/Cvi7xVaNWNEwL
pEaXIPcy\n0HlqBtqajQ10bsLLwbbQm6+fmLO7eZJlXDmXfP7W4aoItZcP099eaA/bco/s0g5z\nIbevRrIWFC9NI
d6vsYe1dlaprFbAZLYoxGmWM9BnJoJJlvCcGL1A10pylXrtr1ow\n3wu71Hikne3RfWreAXabBtLab7GEzyvf8D6+
K04fgung9hN/GBZKLkQZomq8oWwN\nr4l4S+UOw39C3YNr4pqvzJvX26LWZtrfF+xkTuiM7VhpgLjOFWfwbbpgG5l
RR9kq\nfHf/AgMBAAGjgYkwgYYwDgYDVR0PAQH/BAQDAgXgMAwGA1UdEwEB/wQCMAAwHQYD\nVR0OBBYEFMzEAEgB
AZ0cbu2o+NTtj2lsCUhhMB8GA1UdIwQYMBaAFFYUAGgIxZR7\n1h1al0pzZwjBXtDUMCYGA1UdEQQfMB2CFWxvY2F
sLXppdGktY29udHJvbGxlcocE\nfwAAATANBgkqhkiG9w0BAQsFAAOCAgEAj9OUgoOGuU7mdLYCpw7CHch3RWK+1l
mc\nBOtqneMSrsMs4Ij8VqWCC131ADnV7AUEW4MnGCjljqEoGoyAKErcbtkj5pBfh2dm\nU9vad5Xaa5yD2YZabeh
8xTgnCTkLlhJOsPjaJiMQ+JgA6rTKNc8cdmVteBnkF6Q7\n5hFeiKCgjfPbRsdETnXXYpZbo/Wz3M00VNF+Ulb89F
BvDYk2PnedCdTWYypEi3nJ\nxKhLGx2uqLJ/9nzLww39kvM4TQHwZD+5oq5WqII9GR7YSqP/1Em4P/rhz9XQaIuZ
npcz8Vs5kpWSArmeFelZDch49l1yjHna2YnSpfQfpFquGKCsCLT3rN7Vb+9AbIk+B\nAsHKQk2XzdGAfNewPvPQls
SaYgBi/FqIztpIMMiWFcTLbKZCvd+mH6pDJyB1GkiX\n9B+hsAg1N33zwFWK3rBbPiTBJHrlg6SYWrgJPt2EHX5FF
wK/M1dQyx+vspeuGDcf\ndb/t/14CdrgP3mAd+qGakI5+Z9G+t3XkEfKIXEaURNnYEdSf6e/+q5hQBD55eUD2\ny9
xAbYzFxB4rR0KH/Aq/BimOy8g6CBFqhfwWTSUiYwoTWtCVbZVarvAQNOf/LYft\nGNVO4uCUJCSz58P/WQyI5wZmk
c2VV5Gu5FBJIeDBcEKE3Uf5s9aXOnBlt+r/XDVv\n4iL5HUPkl0Y=\n-----END CERTIFICATE-----\n-----BE
GIN CERTIFICATE-----\nMIIF3jCCA8agAwIBAgIRAOMJAApHYy78KB5HUFX3QiAwDQYJKoZIhvcNAQELBQAw\ne
DELMAkGA1UEBhMCVVMxEjAQBgNVBAcTCUNoYXJsb3R0ZTETMBEGA1UEChMKTmV0\nRm91bmRyeTEQMA4GA1UECxMH
QURWLURFVjEuMCwGA1UEAxMlbG9jYWwteml0aS1j\nb250cm9sbGVyLXJvb3QtY2EgUm9vdCBDQTAeFw0yMDEyMDk
xNDI2MzlaFw0zMDEy\nMDcxNDI3MzdaMHUxCzAJBgNVBAYTAlVTMRIwEAYDVQQHEwlDaGFybG90dGUxEzAR\nBgNV
BAoTCk5ldEZvdW5kcnkxEDAOBgNVBAsTB0FEVi1ERVYxKzApBgNVBAMTImxv\nY2FsLXppdGktY29udHJvbGxlci1
pbnRlcm1lZGlhdGUwggIiMA0GCSqGSIb3DQEB\nAQUAA4ICDwAwggIKAoICAQCxWMUsm9+eReZMx4l9DdCu+pJt0a
c6vLBond39ARbo\n3AQnsgDLRSPsVg1E/no9CVMC9bLr1wMaJs9UL69utBem3pjWITfMKzbsKYda+vho\nSR3jJiE
xVjyxr2+k6w4nbEKK86YHVK+kmpj3FOXDGFgWp7jtFcSCHIj1QVbVDMU6\n7t2c5EYysYSxi33FbGrlMP8h0HM1EQ
hhjJwMyZ0jfjiNDIg5gxA9IpEpx+rHJ+zm\ncYhJixzLny4KSH7xTEBIy420X/vsuDSLl77yApR7gReMkWik709A/
t/Qo/TamZT9\nZKsLAVHGpm8J0FyLiBbcDTToKbdzNsO8dpqoLv8/WnEbqle3TKJWIUjDsujdPpcl\nYP8frArZAR
NYXokE5GoNNoC+TLnv+N3dBkFSuOZDaSmBqBew/49g2teYVeYrEF87\nvmEd1ticp2nWDa2HjWZ3oosi5KFKicUyo
N7yppVzQJXOL8AsBcXCFj0gjH0NVkbn\ng89vVL5SMztMttfxOjxMtIMzH4YsaBDfQsxmdLyZvgPUrmN4RV5DEdMb
4Ml4pSKp\nkGB6qv5PzELly4TVfsbJp1cEQfKyVqjckScw52YmdAPXW24KvehqarcMjyqtbq+t\nj6yHnc+VsxdL9
qdR/kOK6du3vED3gK0OTS9YK1M6fqpeOg9qtKw7BnGUrz18p5rh\nfQIDAQABo2YwZDAOBgNVHQ8BAf8EBAMCAYYw
EgYDVR0TAQH/BAgwBgEB/wIBATAd\nBgNVHQ4EFgQUVhQAaAjFlHvWHVqXSnNnCMFe0NQwHwYDVR0jBBgwFoAUeo1
vsyye\n24J5ffKGVztVKErFyeIwDQYJKoZIhvcNAQELBQADggIBAHVJsG0legI6CTuADS5h\nnQVUJPoFK/qrkjDU
+rxfS+GRdalT2wuxRxkyQ0UwRPDvqq/sQFUEeEj/723DzbbI\ntwy0rZQBz0g6N51JtMt0tavawRbd452WNPUd6aW
UT7srlpQGkdjYkAHWTjbTet8E\nTdxxrK4e9DyQ5lXS1uGrZkKATqvsqeqOWcFDoAJZPdcL76TSxpswXvSt8Az7td
mQ\nI+haDqULwFNtH6wK+g2atnoDdWHC+fhEZIrLuNcB4J9tAabw2WcIYDhFxjfp5CvK\nFFTaepO4KDKiXe9NPqH
NCaIIc+KwcCNMAI/wpE6He5D0QS4HjdvsBEqeKFZb2SJ0\nlhzWEdVsF1zewul0RDWtwfidh2FmftfoR2C1858tvR
RfruhJr22Yq1PQPz2jcdAM\n4k7Y4d/Grp3XisR7kCOrXQ6McjrV1EPdHGQoxf5yVPakds44ZB2yRG44GnAwshjg
ny3X9XbXFl0V6jvAsvLoWIGAv7OgyjWQJhcJg+zG/OQEXTB38EwFPPaZmaBS35NY+\nG5DyFQKnJGJtDFwwCgNEle
SmpX+W9+3QulASyXZhqsbyzJNBAtbJddYS48SnHEeK\nOSi5n4htFTnut9JPqB5MFxvjFx29kwx4WIKU38thMZASD
Y/L1QkuxXtO42B/8rKr\nv+qHSnCpJLoh1TKFbdTESa2s\n-----END CERTIFICATE-----\n-----BEGIN CERT
IFICATE-----\nMIIF5zCCA8+gAwIBAgIQArrW6k/bZiIDfnVDrh33bTANBgkqhkiG9w0BAQsFADB9\nMQswCQYDV
QQGEwJVUzESMBAGA1UEBxMJQ2hhcmxvdHRlMRMwEQYDVQQKEwpOZXRG\nb3VuZHJ5MRAwDgYDVQQLEwdBRFYtREVW
MTMwMQYDVQQDEypsb2NhbC16aXRpLWVk\nZ2UtY29udHJvbGxlci1yb290LWNhIFJvb3QgQ0EwHhcNMjAxMjA5MTQ
yNjQ2WhcN\nMzAxMjA3MTQyNzM5WjB6MQswCQYDVQQGEwJVUzESMBAGA1UEBxMJQ2hhcmxvdHRl\nMRMwEQYDVQQK
EwpOZXRGb3VuZHJ5MRAwDgYDVQQLEwdBRFYtREVWMTAwLgYDVQQD\nEydsb2NhbC16aXRpLWVkZ2UtY29udHJvbGx
lci1pbnRlcm1lZGlhdGUwggIiMA0G\nCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDEDQP3PkqoM5v3nrsHiZljJk
qQ5wX2\ncMJQOZnEz+Fzieye5hH03Kj2LQdUrztzSP3eWNLr+QzvP23c09FfFTYQ8u6IbdrE\nzaA6y+Bi1eR+jBd
xv1u1mVkZkZ3agjZSXFEgUFi3w0vtT5hwo81lcxFmtHHMHbyL\nzFTTBPKMEk0I4qdEvIihuTrJbCsuC1zhNVd97S
ZQQzj+PN7rnrCYcr2d6Ehu8/dD\n0hX5aBBy4DdLOLXngifvqE0Q2DbvndlBlVEj/x868yYpRVPKNxTORTEHofDkA
e6b\n/FBrVJukmEJ6oRFPOu9s07Kdo7eQkLDZJd3kSkfKCZN4ZgdSSJ1hciMvFzOO3C7h\n8ZizhV/7f4OCaPOPTU
HBU8FBdqX+sD1B4NAt2HzasqFkH/YRcaaLZ0ofzSe9rHnL\n8BeOhSHDzrWkL4XwC7NvqNvV1RHWdiiLPvzAMgaUU
/L4WMX1Im3DATII607lQbKW\n75HrguP8BrGg13gjLTWQdUxhXxmOQP0VaXVdT5eO0pJn9biuYrWL1hyCQGVVMEqp
\nz9Fn9K/3SrFc1XQXRXUeV/ABs6TJ/eRuF1FrvGM98/H3+NptE0eN88DfOo7MmIMS\nnAcZJA429R8S6qs3CR5LR
zPn3OwQot8HR9cTTrD+XIKzrMbBT4pff0jHVtoOrtPv\nA5JxNARuJz5TdwIDAQABo2YwZDAOBgNVHQ8BAf8EBAMC
AYYwEgYDVR0TAQH/BAgw\nBgEB/wIBATAdBgNVHQ4EFgQUgS506KYyFJh9M1jqo/ht3yMaEEswHwYDVR0jBBgw\nF
oAUyJwbcR9dBI7bE2laZS+2JM3b3mowDQYJKoZIhvcNAQELBQADggIBAJHLeckn\nYoXNAVAQdcRGtXeLhjfzWEdT
e+7EhyXrd+aEWmuqjCfKq4XEZkMlYTgOMlrBsJaY\nzMxgN9skFXKnUq8DGEfO8c8N/c/9oeLqW/BlzOgVTbS521I
J7yG1XXt8kKu76NCw\nP3nlBOVrucjGEZq6PFPA1P7NSzN2ptjl2KtoQzFJj+CnyUASFLqAwRyThBg+4rzq\nWtSH
IzFDrh+JsVlgXm7LHOqq8ecwa1/dGFv6vL8S2RhOCypGxP4Who200qxvSNFS\ningtsnlvvytJhY+yzb9NhSqWetr
O1MV1ZnQc4DpwYF2MyaRmtYPLN7d9LT9x7rpN\nDqfRy5wP2wz9MgEzA4GUSEflswOnc08SG2NnPs1JCWhimk9N/g
ziFjRTuH3e8ESl\nSSVd88ZfMeVZiPBhS+tHGRolnaRsrXs+NVivqPyK7StYwD/5g/XLOK+NtvA+vIIO\novLf0/m
4O2lVrtLcs9AMkoz6AuXKQ2TDeLXUyf1P1H1NfRZSMhDnvG3akXVgoVss\nKY3KX0er0N8ecV/QZ6blAEIriSzZ25
44f3TOuOxSMZxhzEAriuNEAW83iQYo1/kr\nKwGP4Oogl0UjXEkX+scCGAHrlBrL7NFi8k3z9c+mx8uDIobyxiik7
XUyP6Kv8jOA\nzPPEGKyPRppFDTneCf1gg969+wZZyFljy29P\n-----END CERTIFICATE-----\n-----BEGIN
CERTIFICATE-----\nMIIF6zCCA9OgAwIBAgIQQHLpDEw2bZEZE+ksEklRdjANBgkqhkiG9w0BAQsFADCB\niDELM
AkGA1UEBhMCVVMxEjAQBgNVBAcTCUNoYXJsb3R0ZTETMBEGA1UEChMKTmV0\nRm91bmRyeTEQMA4GA1UECxMHQURW
LURFVjE+MDwGA1UEAww1bG9jYWwteml0aS1z\naWduaW5nLWludGVybWVkaWF0ZV9zcHVyaW91c19pbnRlcm1lZGl
hdGUwHhcNMjAx\nMjA5MTQyNjUzWhcNMzAxMjA3MTQyNzUxWjByMQswCQYDVQQGEwJVUzESMBAGA1UE\nBxMJQ2hh
cmxvdHRlMRMwEQYDVQQKEwpOZXRGb3VuZHJ5MRAwDgYDVQQLEwdBRFYt\nREVWMSgwJgYDVQQDEx9sb2NhbC16aXR
pLXNpZ25pbmctaW50ZXJtZWRpYXRlMIIC\nIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAxW7NtQYoK1V6zF
l3Y6OLB1Mn\ngWPJzEDYm3a3n4TjamCKNqQJV6dQVtahTOpyIqlEqX/xFCVYpGUSwmELR0M20ivO\nJyWORgvHn5j
/7MWtftP4KyU0TZwuZ2d7QQk+Z51mirloY3ZOgWIvgAtF1GMbeoGm\nQdRaBo21zrPAjGQ+l49MO3XfPWRvvdmX1A
d+iBgrVQiNTDrh1cS9+LYfwm1jNQK5\nFK6bFkrU1vcElOGmJ4J0sOPwMwBLXjAHD0xHtiyFyD70Gm3ZUFz6QSmOi
MfIG9Dc\njuwU+9HrMKUcxoZT6FW+CXP/a5Isqk/olnIRT2vTlrD/OmranuF1PnNR61ZEYMlH\nszSdbZGndxbSum
dSqXPxKy9rQWsUFPBQpmSjzWXyIEN8zSOH7QCD+3Vmb3moNiZg\n9ZKiLd3ZP1dOLkosSf9Af7KOUJkueT6dTbNLt
ZXQoC4qE7UHCJ9lqMkWolqkoCu5\nt7TBazpWwW+p2UNnw4MS3DTVLdOWCMy+XC1PhIprJHA3Xlego7/qh4U/2pzC
V3qy\n89euKdFaBLolCFWK8LMiTUUSI2YPjXLYwccXWxAYFZoxgkJ1maaby3wpagWvwcom\nkPmODUxcekw2LF3Ii
B07T2zFuGpK561Xn4fSzJn1DYqnAQSXW891YnPR8TvB6Xi+\ntNOGuDu+/ZjxIQUaYj0CAwEAAaNmMGQwDgYDVR0P
AQH/BAQDAgGGMBIGA1UdEwEB\n/wQIMAYBAf8CAQEwHQYDVR0OBBYEFBeEHb1uNz6ix2hqJibtIHkOf6o5MB8GA1U
d\nIwQYMBaAFFeJxPo9z/WeDAmh29Nh1+mNzu7cMA0GCSqGSIb3DQEBCwUAA4ICAQBN\nTP2EjQQJiMILCj/ul85P
2UyYqHeZG8aaP30UbrdsjsHuzShcDptLgr5hPeCyachD\nh1kWcWegU5ar+F3AhzCDxpX3IORPa++nPlh3JHImimS
GHe5IYiqdDuiha1z+vcx8\nVZebNUGC/EsPQuHynrushB2dwP5weVp9BQfaz4ebmXVl7bcacopYB/lMUijTkiL9\n
jsKzxOp87zePyHV1F95uS9pigux+uRFohrTUGa23Cx2JSrNSSFaHrrzAf7y7J5wO\nCJ5GKcHxtRCQiESpDQDXkNC
N7TmvQEOb3T3O4oaucDZaTxKQ/6F4+E/fqXCvKa70\nDmDlnZMrhTbjyY1Z6AIEMsMG2VrUShT8obiG1AVr7tUkOd
LflsMcFdlRCSkVuXwy\nJ+PS3PbzU7ERdYGYmGptkQYMm9wNcD9c14gVebA/S8/QLLxn/0et7VRobjgED39O\nzIQ
nyBRxlquo0s3rlAvnvgrQyNNli3tFK9TpL/w5YwqV9IkdAnEvvMHyi2bZ9M1J\nYp4tnf/ACgzkdYt7sb1pgY0SXP
3XmseLV4mE9SOO0jfmt8pv5flI5UHThQXVWb6+\nJu0Prufhdl6Nu6zBpei0Q2YTKUkNGMJUjlJ4EjfI3meDqNrNh
JiJmwh4tMk2Wr8B\nCj2+GMUB6D4kIeRvOxgtXJACe5KamFL1y0VK6rsGtQ==\n-----END CERTIFICATE-----
n”},“configTypes”:null}

pasting the command that I used this time:

ZITI IS RUNNING local-ziti: sudo build/programs/ziti-edge-tunnel/ziti-edge-tunnel run ~/.ziti/quickstart/local-ziti/test_identity.json
[ 0.000] INFO lib/ziti_tunnel.c:44 ziti_tunneler_init() Ziti Tunneler SDK (v0.7.22)
[ 0.000] INFO build/_deps/ziti-sdk-c-src/library/ziti.c:190 ziti_init_opts() Ziti C SDK version 0.18.2-local @75d81a3(HEAD) starting at (2020-12-09T15:36:05.922)
[ 0.000] ERROR build/_deps/ziti-sdk-c-src/library/ziti.c:195 ziti_init_opts() config or controller/tls has to be set
[ 0.000] ERROR programs/ziti-edge-tunnel/ziti-edge-tunnel.c:112 run_tunnel() failed to initialize ziti

it’s as though the file isn’t able to be read… i’m trying to get another command for you to try to just validate things. i’ll reply in a moment or two…

Ok - in your "ZITI IS RUNNING " shell can you run:

ziti-tunnel proxy -i ~/.ziti/quickstart/local-ziti/test_identity.json -v thisDoesNotMatter:1234 -v

This should produce output loooking like:

if ziti-tunnel works properly - i’ll dig into the ziti-edge-tunnel a bit

oh actually:

sudo build/programs/ziti-edge-tunnel/ziti-edge-tunnel run ~/.ziti/quickstart/local-ziti/test_identity.json

is the test_identity file in root’s home folder? maybe that’s the issue? give that the full path to test_identity.json

ZITI IS RUNNING local-ziti: ziti-tunnel proxy -i ~/.ziti/quickstart/local-ziti/test_identity.json -v thisDoesNotMatter:1234 -v
[ 1.093] INFO edge/tunnel/intercept.SetDnsInterceptIpRange: dns intercept IP range: 100.64.0.1 - 100.127.255.254
[ 1.093] INFO edge/tunnel/intercept/proxy.(*interceptor).Start: starting proxy interceptor
[ 1.096] DEBUG sdk-golang/ziti.(*contextImpl).Authenticate: attempting to authenticate
[ 1.188] DEBUG sdk-golang/ziti/edge/api.(*ctrlClient).Login: {apiSession=[SAzTAi13U]} logged in as test_identity/Q-zQQi13U
[ 1.188] DEBUG sdk-golang/ziti/edge/api.(*ctrlClient).GetServices: using apiSession apiSession token 1c9f98c1-cf26-4dc9-b1c3-77e21aa789f1
[ 1.264] INFO edge/tunnel/intercept.updateServices: starting tunnel for newly available service netcatsvc
[ 1.264] DEBUG edge/tunnel/intercept/proxy.interceptor.Intercept: {service=[netcatsvc]} service netcatsvc was not specified at initialization. not intercepting
[ 1.264] INFO edge/tunnel/intercept.updateServices: starting tunnel for newly available service zcatsvc
[ 1.264] DEBUG edge/tunnel/intercept/proxy.interceptor.Intercept: {service=[zcatsvc]} service zcatsvc was not specified at initialization. not intercepting
[ 1.264] INFO edge/tunnel/intercept.updateServices: starting tunnel for newly available service iperfsvc
[ 1.264] DEBUG edge/tunnel/intercept/proxy.interceptor.Intercept: {service=[iperfsvc]} service iperfsvc was not specified at initialization. not intercepting
[ 1.264] INFO edge/tunnel/intercept.updateServices: starting tunnel for newly available service httpbinsvc
[ 1.264] DEBUG edge/tunnel/intercept/proxy.interceptor.Intercept: {service=[httpbinsvc]} service httpbinsvc was not specified at initialization. not intercepting
[ 1.264] INFO edge/tunnel/intercept.updateServices: starting tunnel for newly available service iphostsvc
[ 1.264] DEBUG edge/tunnel/intercept/proxy.interceptor.Intercept: {service=[iphostsvc]} service iphostsvc was not specified at initialization. not intercepting
[ 1.264] DEBUG edge/tunnel/intercept.ServicePoller: caught signal urgent I/O condition

[ 21.097] DEBUG edge/tunnel/intercept.ServicePoller: caught signal urgent I/O condition
[ 21.098] DEBUG edge/tunnel/intercept.ServicePoller: caught signal urgent I/O condition
[ 41.097] DEBUG edge/tunnel/intercept.ServicePoller: caught signal urgent I/O condition

looks like things ran properly using ziti-tunnel. i’m betting if you use the full path to test_identity.json it’ll work (see my previous comment)

same error:

sudo build/programs/ziti-edge-tunnel/ziti-edge-tunnel run ~/.ziti/quickstart/local-ziti/test_identity.json
[ 0.000] INFO lib/ziti_tunnel.c:44 ziti_tunneler_init() Ziti Tunneler SDK (v0.7.22)
[ 0.000] INFO build/_deps/ziti-sdk-c-src/library/ziti.c:190 ziti_init_opts() Ziti C SDK version 0.18.2-local @75d81a3(HEAD) starting at (2020-12-09T15:46:41.373)
[ 0.000] ERROR build/_deps/ziti-sdk-c-src/library/ziti.c:195 ziti_init_opts() config or controller/tls has to be set
[ 0.000] ERROR programs/ziti-edge-tunnel/ziti-edge-tunnel.c:112 run_tunnel() failed to initialize ziti

no the full path without the ~… like :

sudo build/programs/ziti-edge-tunnel/ziti-edge-tunnel run /home/username/.ziti/quickstart/local-ziti/test_identity.json

ziti-edge-tunnel run -c ~/.ziti/quickstart/local-ziti/test_identity.json

-c did it. Thank you!

Nice! Such an easy typo! Thanks for the assist @scareything !