Overview

Tunneler allows regular apps, such as a web browser, on your computer to access your NetFoundry network with a proxy. Tunneler can also host a service for the network e.g. a local server on the computer where tunneler is running.

Using Tunneler With Your NetFoundry Network

Your choice: proxy or hosting or both

 ziti-tunnel is an interactive command-line interface (CLI) and works best on Linux as a transparent proxy (tproxy). Alternatively, Tunneler has an opaque proxy mode that will bind a specified set of services to the loopback (localhost) interface.proxy is the only mode of operation on MacOS and Windows.

Download and Install

  1. Create an Endpoint in your NetFoundry Network
    general article about Endpoints
  2. Downloadziti-tunnel
    Important: get the right version of Tunneler! The endpoint detail page has a DOWNLOAD button for the correct version of Tunneler for your network.
    1. v7 downloads
    2. v6 downloads
  3. ziti-tunnel is built for portability and so can be run wherever it is downloaded or copied.

Enroll and Run

Linux

  1. Enrollziti-tunnel. The permanent identity JSON file will be created in the same directory as the enrollment token.
    $ ./ziti-tunnel enroll --jwt myTunneler.jwt
  2. Configure Linux DNS
    1. Set primary to theziti-tunnelbuilt-in nameserver (default: udp://127.0.0.1:53).
    2. Set a secondary internet nameserver.
  3. The NET_ADMIN Linux capability is required for transparent proxy mode.
  4. The run command will select the best mode, typically transparent proxy (tproxy)
    $ sudo ./ziti-tunnel run --identity myTunneler.json
  5. Outgoing data that matches a Service by domain name or IP address is securely directed over the overlay fabric instead of the normal IP underlay, i.e. the internet.

MacOS

  1. Enrollziti-tunnel. The permanent identity JSON file will be created in the same directory as the enrollment token
    $ ./ziti-tunnel enroll --jwt myTunneler.jwt
  2. Specify a list of services to bind on the loopback interface like "{service name}":{local port}
    $ ./ziti-tunnel proxy --identity myTunneler.json "my secret service":8888 "my favorite service":9999
  3. Outgoing data for a proxied service must be sent to that service's bound local port. It is then securely directed over the overlay fabric instead of the normal IP underlay, i.e. the internet.

Windows

  1. Enrollziti-tunnel. The permanent identity JSON file will be created in the same directory as the enrollment token
    C:\> .\ziti-tunnel.exe enroll --jwt myTunneler.jwt 
  2. Specify a list of services to bind on the loopback interface like "{service name}":{local port}
    C:\> .\ziti-tunnel.exe proxy --identity myTunneler.json "my secret service":8888 "my favorite service":9999
  3. Outgoing data for a proxied service must be sent to that service's bound local port. It is then securely directed over the overlay fabric instead of the normal IP underlay, i.e. the internet.

Hosting a Service

Hosting a service requires no configuration of Tunneler itself and the steps are the same for Linux, MacOS, and Windows. Tunneler will simply host any services it is allowed to host in your NetFoundry network. To host a service with this install of Tunneler:

  1. make a note of the endpoint name used by the Tunneler install that will host the service
  2. ensure the server is reachable by the computer where Tunneler is installed
  3. create a service in your NetFoundry network and select this Tunneler's endpoint name
  4. restart Tunneler

 

 

Was this article helpful?
0 out of 0 found this helpful

Comments

0 comments

Article is closed for comments.