Skip to main content
Star us on GitHub Star

SoftHSMv2

Overview

SoftHSMv2 is a purely software-based implementation of PKCS#11. Because it is software it is not as secure as a physical HSM but it is very useful to explore the world of PKCS#11 and how it can be used with a Ziti-enabled client.

In this quickstart you will see the commands used to work with SoftHSMv2 and ziti. Since this is a quickstart limited context will be provided for each step. When appropriate there will be a small amount of context included to aid in understanding of what is happening and why.

caution

This quickstart intended audience is for more technically savvy individuals. You will need to be familiar with the command line interface of your operating system.

Prerequisites

  • SoftHSMv2 is downloaded and installed in a known location
  • OpenSC is installed and pkcs11-tool is either on the PATH or at a known location
  • ziti and ziti-tunnel are both on the path.

Let's Do This - SoftHSMv2

Here's the list of steps we'll accomplish in this quickstart:

  • Establish a bunch of environment variables to make it easy to copy/paste the other commands. You'll want to look at these environment variables. They need to be setup properly. If you have problems with this guide it is almost certainly because you have an environment variable setup incorrectly. Double check them.
  • Make a directory and generate a configuration file for SoftHSM
  • Use the Ziti CLI to:
    • create two identities - one demonstrating an RSA key, one EC
    • enroll the identities
    • create a test service
    • create test router/service policies
  • Use the pkcs11-tool provided by OpenSC to interact with SoftHSM to:
    • initialize the SoftHSM driver
    • create a key
  • Use ziti-tunnel to enroll the identities using SoftHSM
  • Use ziti-tunnel in proxy mode to verify things are working and traffic is flowing over the network

Establish Environment Variables

Open a command line and establish the following environment variables.

    # the name of the ziti controller you're logging into
export ZITI_CTRL=local-edge-controller
# the location of the certificate(s) to use to validate the controller
export ZITI_CTRL_CERT=/path/to/controller.cert

export ZITI_USER=myUserName
export ZITI_PWD=myPassword

# a name for the configuration
export HSM_NAME=softhsm_demo

# the path to the root of the softhsm config files
export HSM_ROOT=/home/cd/.softhsm

# path to the softhsm2 library
export PKCS11_MODULE=/usr/local/lib/softhsm/libsofthsm2.so

# the id of the key - you probably want to leave these alone unless you know better
export HSM_ID1=01
export HSM_ID2=02

# the pins used when accessing the pkcs11 api
export HSM_SOPIN=1111
export HSM_PIN=2222
export RSA_ID=${HSM_NAME}${HSM_ID1}_rsa
export EC_ID=${HSM_NAME}${HSM_ID2}_ec

# location for the config file and tokens to be placed
export HSM_DEST=${HSM_ROOT}/${HSM_NAME}
export HSM_LABEL=${HSM_NAME}-label
export SOFTHSM2_CONF=${HSM_DEST}/softhsm.config
export HSM_TOKENS_DIR="${HSM_DEST}/tokens/"

# make an alias for ease
alias p='pkcs11-tool --module $PKCS11_MODULE'

Make Directories and Generate Config Files

    cd ${HSM_ROOT}

rm -rf ${HSM_NAME}
mkdir -p ${HSM_TOKENS_DIR}

cd ${HSM_NAME}

# Create a text file at ${SOFTHSM2_CONF} with these contents but make sure you replace the tokendir entry with ${HSM_TOKENS_DIR}
cat > ${SOFTHSM2_CONF} <<HERE
# SoftHSM v2 configuration file

directories.tokendir = ${HSM_TOKENS_DIR}
objectstore.backend = file

# ERROR, WARNING, INFO, DEBUG
log.level = INFO

# If CKF_REMOVABLE_DEVICE flag should be set
slots.removable = false

# Enable and disable PKCS#11 mechanisms using slots.mechanisms.
slots.mechanisms = ALL
HERE

Use the Ziti CLI

    ziti edge login $ZITI_CTRL:1280 -u $ZITI_USER -p $ZITI_PWD

# create a new identity and output the jwt to a known location
ziti edge create identity device "${RSA_ID}" -o "${HSM_DEST}/${RSA_ID}.jwt"

# create a second new identity and output the jwt to a known location
ziti edge create identity device "${EC_ID}" -o "${HSM_DEST}/${EC_ID}.jwt"

Use pkcs11-tool to Setup SoftHSMv2

    p --init-token --label "ziti-test-token" --so-pin $HSM_SOPIN

# create a couple of keys - one rsa and one ec
p -p $HSM_PIN -k --key-type rsa:2048 --id "${HSM_ID1}" --label ziti-rsa-key --usage-sign --usage-decrypt
p -p $HSM_PIN -k --key-type EC:prime256v1 --id ${HSM_ID2} --label ziti-ecdsa-key --usage-sign --usage-decrypt

Use ziti-tunnel to Enroll the Identities

    ziti-tunnel enroll -j "${HSM_DEST}/${RSA_ID}.jwt" -k "pkcs11://${PKCS11_MODULE}?id=${HSM_ID1}&pin=${HSM_PIN}" -v
ziti-tunnel enroll -j "${HSM_DEST}/${EC_ID}.jwt" -k "pkcs11://${PKCS11_MODULE}?id=${HSM_ID2}&pin=${HSM_PIN}" -v

Use ziti-tunnel to Verify Things Work

    # if you only have a single edge router this command will work without the need for copy/paste
EDGE_ROUTER_ID=$(ziti edge list edge-routers | cut -d " " -f2)

# IF the above command doesn't work - run this command and get the id from the first edge-router.
# ziti edge list edge-routers

# then use the id returned from the above command and put it into a variable for use in a moment
# EDGE_ROUTER_ID={insert the 'id' from above - example: 64d4967b-5474-4f06-8548-5700ed7bfa80}

# remove/recreate the config - here we'll be instructing the tunneler to listen on localhost and port 9000
ziti edge delete config wttrconfig
ziti edge create config wttrconfig ziti-tunneler-client.v1 "{ \"hostname\" : \"localhost\", \"port\" : 9000 }"

# recreate the service with the EDGE_ROUTER_ID from above. Here we are adding a ziti service that will
# send a request to wttr.in to retrieve a weather forecast
ziti edge delete service wttr.ziti
ziti edge create service wttr.ziti "${EDGE_ROUTER_ID}" tcp://wttr.in:80 --configs wttrconfig

# start one or both proxies
ziti-tunnel proxy -i "${HSM_DEST}/${RSA_ID}.json" wttr.ziti:8000 -v &
ziti-tunnel proxy -i "${HSM_DEST}/${EC_ID}.json" wttr.ziti:9000 -v &

# use a browser - or curl to verify the ziti tunneler is listening locally and the traffic has flowed over the ziti network
curl -H "Host: wttr.in" http://localhost:8000
curl -H "Host: wttr.in" http://localhost:9000

Putting It All Together

Above we've only shown the commands that need to run and not what the output of those commands would look like. Here we'll see all the commands put together along with all the output from the commands. This section is long - you are warned! Also note that this content is subject to change. If the output you see is not identical it's because the software has changed since this information was captured. File an issue if you'd like to see it updated.

Sample Output

The tabs to the right contain example output from running all the commands in sequence. If you want to see what the output would likely look like click one of the tabs to the right. Reminder - it's a lot of commands and a lot of output! :)

    cd@sg1 ~/.softhsm/softhsm_demo
$ # the name of the ziti controller you're logging into

cd@sg1 ~/.softhsm/softhsm_demo
$ export ZITI_CTRL=local-edge-controller

cd@sg1 ~/.softhsm/softhsm_demo
$ # the location of the certificate(s) to use to validate the controller

cd@sg1 ~/.softhsm/softhsm_demo
$ export ZITI_CTRL_CERT=/path/to/controller.cert

cd@sg1 ~/.softhsm/softhsm_demo
$

cd@sg1 ~/.softhsm/softhsm_demo
$ export ZITI_USER=myUserName

cd@sg1 ~/.softhsm/softhsm_demo
$ export ZITI_PWD=myPassword

cd@sg1 ~/.softhsm/softhsm_demo
$

cd@sg1 ~/.softhsm/softhsm_demo
$ # a name for the configuration

cd@sg1 ~/.softhsm/softhsm_demo
$ export HSM_NAME=softhsm_demo

cd@sg1 ~/.softhsm/softhsm_demo
$

cd@sg1 ~/.softhsm/softhsm_demo
$ # the path to the root of the softhsm config files

cd@sg1 ~/.softhsm/softhsm_demo
$ export HSM_ROOT=/home/cd/.softhsm

cd@sg1 ~/.softhsm/softhsm_demo
$ # location for the config file and tokens to be placed

cd@sg1 ~/.softhsm/softhsm_demo
$ export HSM_DEST=${HSM_ROOT}/${HSM_NAME}

cd@sg1 ~/.softhsm/softhsm_demo
$

cd@sg1 ~/.softhsm/softhsm_demo
$ # path to the softhsm2 library

cd@sg1 ~/.softhsm/softhsm_demo
$ export PKCS11_MODULE=/usr/local/lib/softhsm/libsofthsm2.so

cd@sg1 ~/.softhsm/softhsm_demo
$

cd@sg1 ~/.softhsm/softhsm_demo
$ # the id of the key - you probably want to leave these alone unless you know better

cd@sg1 ~/.softhsm/softhsm_demo
$ export HSM_ID1=01

cd@sg1 ~/.softhsm/softhsm_demo
$ export HSM_ID2=02

cd@sg1 ~/.softhsm/softhsm_demo
$

cd@sg1 ~/.softhsm/softhsm_demo
$ # the pins used when accessing the pkcs11 api

cd@sg1 ~/.softhsm/softhsm_demo
$ export HSM_SOPIN=1111

cd@sg1 ~/.softhsm/softhsm_demo
$ export HSM_PIN=2222

cd@sg1 ~/.softhsm/softhsm_demo
$ export RSA_ID=${HSM_NAME}${HSM_ID1}_rsa

cd@sg1 ~/.softhsm/softhsm_demo
$ export EC_ID=${HSM_NAME}${HSM_ID2}_ec

cd@sg1 ~/.softhsm/softhsm_demo
$

cd@sg1 ~/.softhsm/softhsm_demo
$ export HSM_DEST=${HSM_ROOT}/${HSM_NAME}

cd@sg1 ~/.softhsm/softhsm_demo
$ export SOFTHSM2_CONF=${HSM_DEST}/softhsm.config

cd@sg1 ~/.softhsm/softhsm_demo
$ export HSM_LABEL=${HSM_NAME}-label

cd@sg1 ~/.softhsm/softhsm_demo
$ export HSM_TOKENS_DIR="${HSM_DEST}/tokens/"

cd@sg1 ~/.softhsm/softhsm_demo
$

cd@sg1 ~/.softhsm/softhsm_demo
$ # make an alias for ease

cd@sg1 ~/.softhsm/softhsm_demo
$ alias p='pkcs11-tool --module $PKCS11_MODULE'

cd@sg1 ~/.softhsm/softhsm_demo
$ cd ${HSM_ROOT}

cd@sg1 ~/.softhsm
$

cd@sg1 ~/.softhsm
$ rm -rf ${HSM_NAME}
mkdir -p ${HSM_TOKENS_DIR}

cd ${HSM_NAME}

# Create a text file at ${SOFTHSM2_CONF} with these contents but make sure you replace the tokendir entry with ${HSM_TOKENS_DIR}
cat > ${SOFTHSM2_CONF} <<HERE
# SoftHSM v2 configuration file

directories.tokendir = ${HSM_TOKENS_DIR}
objectstore.backend = file

# ERROR, WARNING, INFO, DEBUG
log.level = INFO

cd@sg1 ~/.softhsm
$ mkdir -p ${HSM_TOKENS_DIR}

# If CKF_REMOVABLE_DEVICE flag should be set
slots.removable = false

cd@sg1 ~/.softhsm
$

cd@sg1 ~/.softhsm
$ cd ${HSM_NAME}

cd@sg1 ~/.softhsm/softhsm_demo
$

cd@sg1 ~/.softhsm/softhsm_demo
$ # Create a text file at ${SOFTHSM2_CONF} with these contents but make sure you replace the tokendir entry with ${HSM_TOKENS_DIR}

cd@sg1 ~/.softhsm/softhsm_demo
$ cat > ${SOFTHSM2_CONF} <<HERE
> # SoftHSM v2 configuration file
>
> directories.tokendir = ${HSM_TOKENS_DIR}
> objectstore.backend = file
>
> # ERROR, WARNING, INFO, DEBUG
> log.level = INFO
>
> # If CKF_REMOVABLE_DEVICE flag should be set
> slots.removable = false
>
> # Enable and disable PKCS#11 mechanisms using slots.mechanisms.
> slots.mechanisms = ALL
> HERE

cd@sg1 ~/.softhsm/softhsm_demo
$ ziti edge login $ZITI_CTRL:1280 -u $ZITI_USER -p $ZITI_PWD
# create a new identity and output the jwt to a known location
ziti edge create identity device "${RSA_ID}" -o "${HSM_DEST}/${RSA_ID}.jwt"

# create a second new identity and output the jwt to a known location
ziti edge create identity device "${EC_ID}" -o "${HSM_DEST}/${EC_ID}.jwt"Token: 28da1089-1636-4e6b-b5c7-96edc8d6162f

cd@sg1 ~/.softhsm/softhsm_demo
$

cd@sg1 ~/.softhsm/softhsm_demo
$ # create a new identity and output the jwt to a known location

cd@sg1 ~/.softhsm/softhsm_demo
$ ziti edge create identity device "${RSA_ID}" -o "${HSM_DEST}/${RSA_ID}.jwt"
dbf953bc-a987-4a89-a93d-0d6dac13150f
Enrollment expires at 2020-02-23T13:31:35.306053182Z

cd@sg1 ~/.softhsm/softhsm_demo
$

cd@sg1 ~/.softhsm/softhsm_demo
$ # create a second new identity and output the jwt to a known location

cd@sg1 ~/.softhsm/softhsm_demo
$ ziti edge create identity device "${EC_ID}" -o "${HSM_DEST}/${EC_ID}.jwt"
cfffe40d-b859-4a5a-ab4f-c9621a57ec85
Enrollment expires at 2020-02-23T13:31:36.676560457Z

cd@sg1 ~/.softhsm/softhsm_demo
$ p --init-token --label "ziti-test-token" --so-pin $HSM_SOPIN

# create a couple of keys - one rsa and one ec
p -p $HSM_PIN -k --key-type rsa:2048 --id "${HSM_ID1}" --label ziti-rsa-key --usage-sign --usage-decrypt
p -p $HSM_PIN -k --key-type EC:prime256v1 --id ${HSM_ID2} --label ziti-ecdsa-key --usage-sign --usage-decryptUsing slot 0 with a present token (0x0)
Token successfully initialized

cd@sg1 ~/.softhsm/softhsm_demo
$ p --init-pin --pin $HSM_PIN --so-pin $HSM_SOPIN
Using slot 0 with a present token (0x7f834e53)
User PIN successfully initialized

cd@sg1 ~/.softhsm/softhsm_demo
$

cd@sg1 ~/.softhsm/softhsm_demo
$ # create a couple of keys - one rsa and one ec

cd@sg1 ~/.softhsm/softhsm_demo
$ p -p $HSM_PIN -k --key-type rsa:2048 --id "${HSM_ID1}" --label ziti-rsa-key --usage-sign --usage-decrypt
Using slot 0 with a present token (0x7f834e53)
Key pair generated:
Private Key Object; RSA
label: ziti-rsa-key
ID: 01
Usage: decrypt, sign, unwrap
Public Key Object; RSA 2048 bits
label: ziti-rsa-key
ID: 01
Usage: encrypt, verify, wrap

cd@sg1 ~/.softhsm/softhsm_demo
$ p -p $HSM_PIN -k --key-type EC:prime256v1 --id ${HSM_ID2} --label ziti-ecdsa-key --usage-sign --usage-decrypt
Using slot 0 with a present token (0x7f834e53)
Key pair generated:
Private Key Object; EC
label: ziti-ecdsa-key
ID: 02
Usage: decrypt, sign, unwrap
Public Key Object; EC EC_POINT 256 bits
EC_POINT: 0441046f9ae0bbc3cbe62e6bbad50ad673add3ba1ee5a07f5391893df956c53d67c62b727ca1004fe9b44027e8e1f1605a602946257b1b1d20ba00342cec85c13a0462
EC_PARAMS: 06082a8648ce3d030107
label: ziti-ecdsa-key
ID: 02
Usage: encrypt, verify, wrap

cd@sg1 ~/.softhsm/softhsm_demo
$ ziti-tunnel enroll -j "${HSM_DEST}/${RSA_ID}.jwt" -k "pkcs11:///${PKCS11_MODULE}?id=${HSM_ID1}&pin=${HSM_PIN}" -v
DEBU[0000] jwt to parse: eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJlbSI6Im90dCIsImV4cCI6MTU4MjQ2NDY5NSwiaXNzIjoiaHR0cHM6Ly9sb2NhbC1lZGdlLWNvbnRyb2xsZXI6MTI4MCIsImp0aSI6IjIzOTNjNDgwLTc0NGMtNDc3OS05NjU3LWNhOTdlMzUzOWQ0ZiIsInN1YiI6ImRiZjk1M2JjLWE5ODctNGE4OS1hOTNkLTBkNmRhYzEzMTUwZiJ9.OucLqJYgvGO0zov3ADI4oM0i0CASfpD6GUUAck5cBKVJqUN8jsdHe272CwnR7TH1w7uUNr5zPDJnwklVRQ0kzgxqFe9lGqNOxKtYecr-oI50K-J_OShPu_LkJ8dpmUk-OEzc1mq29KsIVu9GLUI43FLYD7SWFZZFsYk6iB8H4PPRrUNZucTcApgNNHljlwl8n-my5N3STqazJf7YUIHOh-OiW8rJFXZYf5gri_B6uDGQo-ZcMOISWCTRjPxe2boHK0ymrUanbe_i9vHbOQRIik7J6xOEA2-Vu-QW9WY4bEvl0_LChdV4YBG09EtWsJndl1AIsD0AP0fCjgD6FifAbpmiZx_YoqOM-KCbN9Vts9_FobNfT0rt9s7RzcHImj22jxEQtSNVbrjnulPwzhBM2PnOKrHJtq8KGgsGlC-aC1pUkiRS-eMHDOshDUFk16p56UXm9QS4d1rPmCQ8yksgEdeurRydmBKCr2tr1v9hC7gSxY1sOBF-b9k7HBGuinomuyeF6CRRMRYMiYz26suZXvP70ufJ5Z2h6hYqvIIGtpk_MxMuVl8r9iylWq3P7oqbDo74g3p3OSFwRUDm5llBuZKJUzQXYE3435NdpHeStKu4K2VYvGGCxpWe950ONrAGzwSYtYdOVvkgGxBreO3RNiQN427XD9yZw66pXXqIRV0
INFO[0000] using engine : pkcs11
DEBU[0000] loading key context=pkcs11 url="pkcs11:////usr/local/lib/softhsm/libsofthsm2.so?id=01&pin=2222"
INFO[0000] using driver: //usr/local/lib/softhsm/libsofthsm2.so context=pkcs11
WARN[0000] slot not specified, using first slot reported by the driver (2139311699) context=pkcs11
DEBU[0000] found signing mechanism context=pkcs11 sign mechanism=0
DEBU[0000] no cas provided in caPool. using system provided cas
DEBU[0000] fetching certificates from server
DEBU[0000] loading key context=pkcs11 url="pkcs11:////usr/local/lib/softhsm/libsofthsm2.so?id=01&pin=2222"
INFO[0000] using driver: //usr/local/lib/softhsm/libsofthsm2.so context=pkcs11
WARN[0000] slot not specified, using first slot reported by the driver (2139311699) context=pkcs11
DEBU[0000] found signing mechanism context=pkcs11 sign mechanism=0
enrolled successfully. identity file written to: /home/cd/.softhsm/softhsm_demo/softhsm_demo01_rsa.json
cd@sg1 ~/.softhsm/softhsm_demo
$ ziti-tunnel enroll -j "${HSM_DEST}/${EC_ID}.jwt" -k "pkcs11:///${PKCS11_MODULE}?id=${HSM_ID2}&pin=${HSM_PIN}" -v
DEBU[0000] jwt to parse: eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJlbSI6Im90dCIsImV4cCI6MTU4MjQ2NDY5NiwiaXNzIjoiaHR0cHM6Ly9sb2NhbC1lZGdlLWNvbnRyb2xsZXI6MTI4MCIsImp0aSI6ImJlZTJlY2U3LTE4ZTAtNGQ3Zi04NmRlLTU4NmM5MTAyNDY3YiIsInN1YiI6ImNmZmZlNDBkLWI4NTktNGE1YS1hYjRmLWM5NjIxYTU3ZWM4NSJ9.nRCE-_osr6rdVUcfyR-irvAWitCSK0pm7WaG0hOC0-O22SFs8tYw7uKvbGmNkFoVsUYK4y6A4X77Q6JPNPDIzwWl1TO788B4UiJNh6x5jFEKMawzzPbq-wGq0PLstLsULOryxRtIMdHRYaCrxspC9mIZTrIWe85iPPjirOJ0Pgq0-Li2hZmBtlFOh8zTzYGmXVQtKhA-obIDSa12Nrt6gpgpNl1Ob_EXWWkwC5rcdm4yKpiKx7wYjxBRKc4ZLODmNahe69KiG5XD9A5I5o6YWQDs-pgl3Op44U9Kk94fGSZPcgzkPUC8NaX1eWgYh6RCMs3uSp6TMi8bRisPCOW770K3CxPpCS1fKg9rpyPninFShjRMvsbf999ldWh3YKmLJXvtinQF3szbmCsVaTI4-NxlkhLcdL2Qo6ivLz_kddNfzmDFcOEcLerR0D_Ugt0mPi0RidgkX0J00uXqd1SqYyI3b68KyVd5U3hIoL8NRQ1gAluky0jSe-xj5vfTgxYiJNZlUqCA4DvGdXl98NiWu40eHEz5ksKePbB_LVCmcMW3mPNdQjmDw4fdKvfZs0FdqgOcBGzbfQznpt3UV1pgL7Kdl6EfZppP1FNjqaxHyiEqkdINY0X5k33CDV4IVuS0ZDbOuQHInfG2ggLLS_vykC37w5iJe19ECSMWd_JzgQc
INFO[0000] using engine : pkcs11
DEBU[0000] loading key context=pkcs11 url="pkcs11:////usr/local/lib/softhsm/libsofthsm2.so?id=02&pin=2222"
INFO[0000] using driver: //usr/local/lib/softhsm/libsofthsm2.so context=pkcs11
WARN[0000] slot not specified, using first slot reported by the driver (2139311699) context=pkcs11
DEBU[0000] found signing mechanism context=pkcs11 sign mechanism=0
DEBU[0000] EC oid[1.2.840.10045.3.1.7], rest: [], err: <nil> context=pkcs11
WARN[0000] failed to get mechanism info [1044] context=pkcs11 error="pkcs11: 0x70: CKR_MECHANISM_INVALID"
DEBU[0000] no cas provided in caPool. using system provided cas
DEBU[0000] fetching certificates from server
DEBU[0000] loading key context=pkcs11 url="pkcs11:////usr/local/lib/softhsm/libsofthsm2.so?id=02&pin=2222"
INFO[0000] using driver: //usr/local/lib/softhsm/libsofthsm2.so context=pkcs11
WARN[0000] slot not specified, using first slot reported by the driver (2139311699) context=pkcs11
DEBU[0000] found signing mechanism context=pkcs11 sign mechanism=0
DEBU[0000] EC oid[1.2.840.10045.3.1.7], rest: [], err: <nil> context=pkcs11
WARN[0000] failed to get mechanism info [1044] context=pkcs11 error="pkcs11: 0x70: CKR_MECHANISM_INVALID"
enrolled successfully. identity file written to: /home/cd/.softhsm/softhsm_demo/softhsm_demo02_ec.json
cd@sg1 ~/.softhsm/softhsm_demo
$ # run this command and get the id from the first edge-router.

cd@sg1 ~/.softhsm/softhsm_demo
$ ziti edge list edge-routers
id: c34734a4-d5de-430b-a5dc-7fa05363b28d name: local-edge-router role attributes: {}

cd@sg1 ~/.softhsm/softhsm_demo
$ EDGE_ROUTER_ID=c34734a4-d5de-430b-a5dc-7fa05363b28d

cd@sg1 ~/.softhsm/softhsm_demo
$ # remove/recreate the config - here we'll be instructing the tunneler to listen on localhost and port 9000

cd@sg1 ~/.softhsm/softhsm_demo
$ ziti edge delete config wttrconfig
ziti edge create config wttrconfig ziti-tunneler-client.v1 "{ \"hostname\" : \"localhost\", \"port\" : 9000 }"

# recreate the service with the EDGE_ROUTER_ID from above. Here we are adding a ziti service that will
# send a request to wttr.in to retreive a weather forecast
ziti edge delete service wttr.ziti
ziti edge create service wttr.ziti "${EDGE_ROUTER_ID}" tcp://wttr.in:80 --configs wttrconfig

# start one or both proxies
ziti-tunnel proxy -i "${HSM_DEST}/${RSA_ID}.json" wttr.ziti:8000 -v &
ziti-tunnel proxy -i "${HSM_DEST}/${EC_ID}.json" wttr.ziti:9000 -v &

cd@sg1 ~/.softhsm/softhsm_demo
$ ziti edge create config wttrconfig ziti-tunneler-client.v1 "{ \"hostname\" : \"localhost\", \"port\" : 9000 }"
384166bd-0781-4189-ae66-6789cc1952b2

cd@sg1 ~/.softhsm/softhsm_demo
$

cd@sg1 ~/.softhsm/softhsm_demo
$ # recreate the service with the EDGE_ROUTER_ID from above. Here we are adding a ziti service that will

cd@sg1 ~/.softhsm/softhsm_demo
$ # send a request to wttr.in to retreive a weather forecast

cd@sg1 ~/.softhsm/softhsm_demo
$ ziti edge delete service wttr.ziti

cd@sg1 ~/.softhsm/softhsm_demo
$ ziti edge create service wttr.ziti "${EDGE_ROUTER_ID}" tcp://wttr.in:80 --configs wttrconfig
eb5c5fe8-5781-4760-9962-90ab708027f2

cd@sg1 ~/.softhsm/softhsm_demo
$

cd@sg1 ~/.softhsm/softhsm_demo
$ # start one or both proxies

cd@sg1 ~/.softhsm/softhsm_demo
$ ziti-tunnel proxy -i "${HSM_DEST}/${RSA_ID}.json" wttr.ziti:8000 -v &
[1] 14821

cd@sg1 ~/.softhsm/softhsm_demo
$ ziti-tunnel proxy -i "${HSM_DEST}/${EC_ID}.json" wttr.ziti:9000 -v &
[2] 14822

cd@sg1 ~/.softhsm/softhsm_demo
$ [ 0.005] INFO github.com/netfoundry/ziti-edge/tunnel/intercept/proxy.(*interceptor).Start: starting proxy interceptor
[ 0.007] INFO github.com/netfoundry/ziti-edge/tunnel/intercept/proxy.(*interceptor).Start: starting proxy interceptor
[ 0.006] DEBUG github.com/netfoundry/ziti-foundation/identity/engines/pkcs11.(*engine).LoadKey [pkcs11]: {url=[pkcs11:////usr/local/lib/softhsm/libsofthsm2.so?id=02&pin=2222]} loading key
[ 0.007] INFO github.com/netfoundry/ziti-foundation/identity/engines/pkcs11.(*engine).LoadKey [pkcs11]: using driver: //usr/local/lib/softhsm/libsofthsm2.so
[ 0.008] DEBUG github.com/netfoundry/ziti-foundation/identity/engines/pkcs11.(*engine).LoadKey [pkcs11]: {url=[pkcs11:////usr/local/lib/softhsm/libsofthsm2.so?id=01&pin=2222]} loading key
[ 0.008] INFO github.com/netfoundry/ziti-foundation/identity/engines/pkcs11.(*engine).LoadKey [pkcs11]: using driver: //usr/local/lib/softhsm/libsofthsm2.so
[ 0.019] WARNING github.com/netfoundry/ziti-foundation/identity/engines/pkcs11.(*engine).LoadKey [pkcs11]: slot not specified, using first slot reported by the driver (2139311699)
[ 0.020] WARNING github.com/netfoundry/ziti-foundation/identity/engines/pkcs11.(*engine).LoadKey [pkcs11]: slot not specified, using first slot reported by the driver (2139311699)
[ 0.023] DEBUG github.com/netfoundry/ziti-foundation/identity/engines/pkcs11.(*engine).LoadKey [pkcs11]: {sign mechanism=[0]} found signing mechanism
[ 0.024] DEBUG github.com/netfoundry/ziti-foundation/identity/engines/pkcs11.(*engine).LoadKey [pkcs11]: {sign mechanism=[0]} found signing mechanism
[ 0.023] DEBUG github.com/netfoundry/ziti-foundation/identity/engines/pkcs11.loadECDSApub [pkcs11]: EC oid[1.2.840.10045.3.1.7], rest: [], err: <nil>
[ 0.023] WARNING github.com/netfoundry/ziti-foundation/identity/engines/pkcs11.getECDSAmechanism [pkcs11]: {error=[pkcs11: 0x70: CKR_MECHANISM_INVALID]} failed to get mechanism info [1044]
[ 0.025] INFO github.com/netfoundry/ziti-sdk-golang/ziti.(*contextImpl).Authenticate: attempting to authenticate
[ 0.024] INFO github.com/netfoundry/ziti-sdk-golang/ziti.(*contextImpl).Authenticate: attempting to authenticate
[ 0.060] DEBUG github.com/netfoundry/ziti-sdk-golang/ziti.(*contextImpl).Authenticate: {token=[de50dbc8-a00b-49aa-8fcc-285be8babdb4] id=[25692bf8-6cb1-4133-8b86-575a8ea65f09]} Got api session: {25692bf8-6cb1-4133-8b86-575a8ea65f09 de50dbc8-a00b-49aa-8fcc-285be8babdb4}
[ 0.060] DEBUG github.com/netfoundry/ziti-sdk-golang/ziti.(*contextImpl).getServices: using api session token de50dbc8-a00b-49aa-8fcc-285be8babdb4
[ 0.069] DEBUG github.com/netfoundry/ziti-sdk-golang/ziti.(*contextImpl).Authenticate: {token=[45eae1d0-8ad0-4428-9900-c328ed9e3d23] id=[b8654830-b9e9-4450-9116-072ab4e8cca5]} Got api session: {b8654830-b9e9-4450-9116-072ab4e8cca5 45eae1d0-8ad0-4428-9900-c328ed9e3d23}
[ 0.069] DEBUG github.com/netfoundry/ziti-sdk-golang/ziti.(*contextImpl).getServices: using api session token 45eae1d0-8ad0-4428-9900-c328ed9e3d23
[ 0.106] DEBUG github.com/netfoundry/ziti-sdk-golang/ziti.(*contextImpl).getServices: using api session token de50dbc8-a00b-49aa-8fcc-285be8babdb4
[ 0.113] DEBUG github.com/netfoundry/ziti-sdk-golang/ziti.(*contextImpl).getServices: using api session token 45eae1d0-8ad0-4428-9900-c328ed9e3d23
[ 0.160] INFO github.com/netfoundry/ziti-edge/tunnel/intercept.updateServices: starting tunnel for newly available service netcat7256
[ 0.160] DEBUG github.com/netfoundry/ziti-edge/tunnel/intercept/proxy.interceptor.Intercept: {service=[netcat7256]} service netcat7256 was not specified at initialization. not intercepting
[ 0.160] INFO github.com/netfoundry/ziti-edge/tunnel/intercept.updateServices: starting tunnel for newly available service wttr.ziti
[ 0.160] DEBUG github.com/netfoundry/ziti-sdk-golang/ziti.(*contextImpl).getSession: requesting session from https://local-edge-controller:1280/sessions
[ 0.160] DEBUG github.com/netfoundry/ziti-sdk-golang/ziti.(*contextImpl).getSession: {service_id=[eb5c5fe8-5781-4760-9962-90ab708027f2]} requesting session
[ 0.170] INFO github.com/netfoundry/ziti-edge/tunnel/intercept.updateServices: starting tunnel for newly available service wttr.ziti
[ 0.170] DEBUG github.com/netfoundry/ziti-sdk-golang/ziti.(*contextImpl).getSession: requesting session from https://local-edge-controller:1280/sessions
[ 0.170] DEBUG github.com/netfoundry/ziti-sdk-golang/ziti.(*contextImpl).getSession: {service_id=[eb5c5fe8-5781-4760-9962-90ab708027f2]} requesting session
[ 0.200] DEBUG github.com/netfoundry/ziti-edge/tunnel/intercept/proxy.interceptor.Intercept: {service=[wttr.ziti] id=[a5291ddc-a86e-48c9-975e-662bc3bcb0d7]} acquired network session
[ 0.200] INFO github.com/netfoundry/ziti-edge/tunnel/intercept/proxy.(*interceptor).handleTCP: {service=[wttr.ziti] addr=[0.0.0.0:8000]} service is listening
[ 0.221] DEBUG github.com/netfoundry/ziti-edge/tunnel/intercept/proxy.interceptor.Intercept: {service=[wttr.ziti] id=[d4330d93-a6e1-4e48-91e1-cb26520f09d2]} acquired network session
[ 0.222] INFO github.com/netfoundry/ziti-edge/tunnel/intercept.updateServices: starting tunnel for newly available service netcat7256
[ 0.222] DEBUG github.com/netfoundry/ziti-edge/tunnel/intercept/proxy.interceptor.Intercept: {service=[netcat7256]} service netcat7256 was not specified at initialization. not intercepting
[ 0.222] INFO github.com/netfoundry/ziti-edge/tunnel/intercept/proxy.(*interceptor).handleTCP: {service=[wttr.ziti] addr=[0.0.0.0:9000]} service is listening
jobs
[1]- Running ziti-tunnel proxy -i "${HSM_DEST}/${RSA_ID}.json" wttr.ziti:8000 -v &
[2]+ Running ziti-tunnel proxy -i "${HSM_DEST}/${EC_ID}.json" wttr.ziti:9000 -v &

cd@sg1 ~/.softhsm/softhsm_demo
$ curl -H "Host: wttr.in" http://localhost:8000
[ 8.289] DEBUG github.com/netfoundry/ziti-foundation/channel2.(*classicDialer).Create [tls:local-edge-router:3022]: started
[ 8.302] DEBUG github.com/netfoundry/ziti-foundation/transport/tls.Dial: server provided [2] certificates
[ 8.302] DEBUG github.com/netfoundry/ziti-foundation/channel2.(*classicDialer).sendHello [u{classic}->i{}]: started
[ 8.304] DEBUG github.com/netfoundry/ziti-foundation/channel2.(*classicDialer).sendHello [u{classic}->i{}]: exited
[ 8.304] DEBUG github.com/netfoundry/ziti-foundation/channel2.(*classicDialer).Create [tls:local-edge-router:3022]: exited
[ 8.304] DEBUG github.com/netfoundry/ziti-foundation/channel2.(*channelImpl).rxer [ch{ziti-sdk}->u{classic}->i{D8nP}]: started
[ 8.305] DEBUG github.com/netfoundry/ziti-foundation/channel2.(*channelImpl).txer [ch{ziti-sdk}->u{classic}->i{D8nP}]: started
[ 8.306] DEBUG github.com/netfoundry/ziti-sdk-golang/ziti/edge.(*muxAddSinkEvent).Handle: {connId=[1]} Added sink to mux. Current sink count: 1
[ 8.306] DEBUG github.com/netfoundry/ziti-sdk-golang/ziti/edge.(*MsgMux).AddMsgSink: {connId=[1]} added to msg mux
[ 8.544] DEBUG github.com/netfoundry/ziti-foundation/channel2.(*channelImpl).rxer [ch{ziti-sdk}->u{classic}->i{D8nP}]: waiter found for message. type [60784], sequence [1], replyFor [1]
[ 8.544] DEBUG github.com/netfoundry/ziti-sdk-golang/ziti/internal/edge_impl.(*edgeConn).Connect: {connId=[1]} connected
[ 8.544] INFO github.com/netfoundry/ziti-edge/tunnel.Run: {src-remote=[127.0.0.1:60053] src-local=[127.0.0.1:8000] dst-local=[:1] dst-remote=[wttr.ziti]} tunnel started
[ 8.545] DEBUG github.com/netfoundry/ziti-sdk-golang/ziti/edge.(*MsgChannel).WriteTraced: {chSeq=[-1] edgeSeq=[1] connId=[1] type=[EdgeDataType]} writing 71 bytes
[ 8.547] DEBUG github.com/netfoundry/ziti-sdk-golang/ziti/internal/edge_impl.(*edgeConn).Read: {connId=[1]} read buffer = 32768 bytes
[ 9.968] DEBUG github.com/netfoundry/ziti-sdk-golang/ziti/edge.(*MsgEvent).Handle: {seq=[1] connId=[1]} handling received EdgeDataType
[ 9.968] DEBUG github.com/netfoundry/ziti-sdk-golang/ziti/internal/edge_impl.(*edgeConn).Read: {connId=[1]} got buffer from queue 8907 bytes
[ 9.968] DEBUG github.com/netfoundry/ziti-sdk-golang/ziti/internal/edge_impl.(*edgeConn).Read: {connId=[1]} read buffer = 32768 bytes
Weather report: Laurelton, United States

Mist
_ - _ - _ - 35..39 °F
_ - _ - _ ↑ 5 mph
_ - _ - _ - 3 mi
0.2 in
┌─────────────┐
┌──────────────────────────────┬───────────────────────┤ Thu 13 Feb ├───────────────────────┬──────────────────────────────┐
│ Morning │ Noon └──────┬──────┘ Evening │ Night │
├──────────────────────────────┼──────────────────────────────┼──────────────────────────────┼──────────────────────────────┤
│ .-. Light drizzle │ .-. Light drizzle │ _`/"".-. Moderate or he…│ _`/"".-. Patchy light s…│
│ ( ). 39..41 °F │ ( ). 41..46 °F │ ,\_( ). 33..39 °F │ ,\_( ). 30..+35 °F │
│ (___(__) ↗ 3-5 mph │ (___(__) → 8-10 mph │ /(___(__) → 7-9 mph │ /(___(__) → 6-8 mph │
│ ‘ ‘ ‘ ‘ 3 mi │ ‘ ‘ ‘ ‘ 1 mi │ * * * * 5 mi │ * * * 4 mi │
│ ‘ ‘ ‘ ‘ 0.2 in | 66% │ ‘ ‘ ‘ ‘ 0.0 in | 64% │ * * * * 0.0 in | 29% │ * * * 0.0 in | 57% │
└──────────────────────────────┴──────────────────────────────┴──────────────────────────────┴──────────────────────────────┘
┌─────────────┐
┌──────────────────────────────┬───────────────────────┤ Fri 14 Feb ├───────────────────────┬──────────────────────────────┐
│ Morning │ Noon └──────┬──────┘ Evening │ Night │
├──────────────────────────────┼──────────────────────────────┼──────────────────────────────┼──────────────────────────────┤
│ Overcast │ Cloudy │ _`/"".-. Patchy snow po…│ \ / Partly cloudy │
│ .--. 8..21 °F │ .--. 12..23 °F │ ,\_( ). 10..21 °F │ _ /"".-. 1..14 °F │
│ .-( ). ↘ 9-12 mph │ .-( ). ↘ 10-11 mph │ /(___(__) ↘ 11-14 mph │ \_( ). ↓ 9-15 mph │
│ (___.__)__) 6 mi │ (___.__)__) 6 mi │ ‘ * ‘ * 6 mi │ /(___(__) 5 mi │
│ 0.0 in | 0% │ 0.0 in | 0% │ * ‘ * ‘ 0.0 in | 0% │ 0.0 in | 0% │
└──────────────────────────────┴──────────────────────────────┴──────────────────────────────┴──────────────────────────────┘
┌─────────────┐
┌──────────────────────────────┬───────────────────────┤ Sat 15 Feb ├───────────────────────┬──────────────────────────────┐
│ Morning │ Noon └──────┬──────┘ Evening │ Night │
├──────────────────────────────┼──────────────────────────────┼──────────────────────────────┼──────────────────────────────┤
│ \ / Sunny │ \ / Sunny │ Overcast │ Overcast │
│ .-. 14..17 °F │ .-. 19..24 °F │ .--. 21..30 °F │ .--. 17..26 °F │
│ ― ( ) ― → 2 mph │ ― ( ) ― ↑ 3-4 mph │ .-( ). ↑ 9-13 mph │ .-( ). ↑ 8-14 mph │
│ `-’ 6 mi │ `-’ 6 mi │ (___.__)__) 6 mi │ (___.__)__) 6 mi │
│ / \ 0.0 in | 0% │ / \ 0.0 in | 0% │ 0.0 in | 0% │ 0.0 in | 0% │
└──────────────────────────────┴──────────────────────────────┴──────────────────────────────┴──────────────────────────────┘

Follow @igor_chubin for wttr.in updates
[ 9.968] INFO github.com/netfoundry/ziti-edge/tunnel.myCopy: {dst-local=[:1] dst-remote=[wttr.ziti] src-remote=[127.0.0.1:60053] src-local=[127.0.0.1:8000]} stopping pipe
[ 9.968] DEBUG github.com/netfoundry/ziti-sdk-golang/ziti/internal/edge_impl.(*edgeConn).Close: {connId=[1]} close: begin
[ 9.968] DEBUG github.com/netfoundry/ziti-sdk-golang/ziti/edge.(*muxRemoveSinkEvent).Handle: {connId=[1]} Removed sink from mux. Current sink count: 0
[ 9.968] DEBUG github.com/netfoundry/ziti-sdk-golang/ziti/edge.(*MsgMux).RemoveMsgSinkById: {connId=[1]} removed from msg mux
[ 9.968] DEBUG github.com/netfoundry/ziti-sdk-golang/ziti/internal/edge_impl.(*edgeConn).Close: {connId=[1]} close: end

cd@sg1 ~/.softhsm/softhsm_demo
$ [ 10.969] DEBUG github.com/netfoundry/ziti-sdk-golang/ziti/internal/edge_impl.(*edgeConn).Read: {connId=[1]} sequencer closed, closing connection
[ 10.969] DEBUG github.com/netfoundry/ziti-sdk-golang/ziti/internal/edge_impl.(*edgeConn).Read: {connId=[1]} return EOF from closing/closed connection
[ 10.969] INFO github.com/netfoundry/ziti-edge/tunnel.myCopy: {src-remote=[wttr.ziti] src-local=[:1] dst-local=[127.0.0.1:8000] dst-remote=[127.0.0.1:60053]} stopping pipe
[ 10.969] INFO github.com/netfoundry/ziti-edge/tunnel.Run: {dst-remote=[wttr.ziti] src-remote=[127.0.0.1:60053] src-local=[127.0.0.1:8000] dst-local=[:1]} tunnel closed: 71 bytes sent; 8907 bytes received
curl -H "Host: wttr.in" http://localhost:9000
[ 14.253] DEBUG github.com/netfoundry/ziti-foundation/channel2.(*classicDialer).Create [tls:local-edge-router:3022]: started
[ 14.265] DEBUG github.com/netfoundry/ziti-foundation/transport/tls.Dial: server provided [2] certificates
[ 14.265] DEBUG github.com/netfoundry/ziti-foundation/channel2.(*classicDialer).sendHello [u{classic}->i{}]: started
[ 14.266] DEBUG github.com/netfoundry/ziti-foundation/channel2.(*classicDialer).sendHello [u{classic}->i{}]: exited
[ 14.266] DEBUG github.com/netfoundry/ziti-foundation/channel2.(*classicDialer).Create [tls:local-edge-router:3022]: exited
[ 14.266] DEBUG github.com/netfoundry/ziti-sdk-golang/ziti/edge.(*muxAddSinkEvent).Handle: {connId=[1]} Added sink to mux. Current sink count: 1
[ 14.266] DEBUG github.com/netfoundry/ziti-foundation/channel2.(*channelImpl).rxer [ch{ziti-sdk}->u{classic}->i{DGp7}]: started
[ 14.266] DEBUG github.com/netfoundry/ziti-sdk-golang/ziti/edge.(*MsgMux).AddMsgSink: {connId=[1]} added to msg mux
[ 14.266] DEBUG github.com/netfoundry/ziti-foundation/channel2.(*channelImpl).txer [ch{ziti-sdk}->u{classic}->i{DGp7}]: started
[ 14.405] DEBUG github.com/netfoundry/ziti-foundation/channel2.(*channelImpl).rxer [ch{ziti-sdk}->u{classic}->i{DGp7}]: waiter found for message. type [60784], sequence [1], replyFor [1]
[ 14.405] DEBUG github.com/netfoundry/ziti-sdk-golang/ziti/internal/edge_impl.(*edgeConn).Connect: {connId=[1]} connected
[ 14.405] INFO github.com/netfoundry/ziti-edge/tunnel.Run: {src-local=[127.0.0.1:9000] dst-local=[:1] dst-remote=[wttr.ziti] src-remote=[127.0.0.1:60058]} tunnel started
[ 14.405] DEBUG github.com/netfoundry/ziti-sdk-golang/ziti/internal/edge_impl.(*edgeConn).Read: {connId=[1]} read buffer = 32768 bytes
[ 14.405] DEBUG github.com/netfoundry/ziti-sdk-golang/ziti/edge.(*MsgChannel).WriteTraced: {connId=[1] type=[EdgeDataType] chSeq=[-1] edgeSeq=[1]} writing 71 bytes
[ 14.605] DEBUG github.com/netfoundry/ziti-sdk-golang/ziti/edge.(*MsgEvent).Handle: {seq=[1] connId=[1]} handling received EdgeDataType
[ 14.605] DEBUG github.com/netfoundry/ziti-sdk-golang/ziti/internal/edge_impl.(*edgeConn).Read: {connId=[1]} got buffer from queue 8907 bytes
[ 14.605] DEBUG github.com/netfoundry/ziti-sdk-golang/ziti/internal/edge_impl.(*edgeConn).Read: {connId=[1]} read buffer = 32768 bytes
Weather report: Laurelton, United States

Mist
_ - _ - _ - 35..39 °F
_ - _ - _ ↑ 5 mph
_ - _ - _ - 3 mi
0.2 in
┌─────────────┐
┌──────────────────────────────┬───────────────────────┤ Thu 13 Feb ├───────────────────────┬──────────────────────────────┐
│ Morning │ Noon └──────┬──────┘ Evening │ Night │
├──────────────────────────────┼──────────────────────────────┼──────────────────────────────┼──────────────────────────────┤
│ .-. Light drizzle │ .-. Light drizzle │ _`/"".-. Moderate or he…│ _`/"".-. Patchy light s…│
│ ( ). 39..41 °F │ ( ). 41..46 °F │ ,\_( ). 33..39 °F │ ,\_( ). 30..+35 °F │
│ (___(__) ↗ 3-5 mph │ (___(__) → 8-10 mph │ /(___(__) → 7-9 mph │ /(___(__) → 6-8 mph │
│ ‘ ‘ ‘ ‘ 3 mi │ ‘ ‘ ‘ ‘ 1 mi │ * * * * 5 mi │ * * * 4 mi │
│ ‘ ‘ ‘ ‘ 0.2 in | 66% │ ‘ ‘ ‘ ‘ 0.0 in | 64% │ * * * * 0.0 in | 29% │ * * * 0.0 in | 57% │
└──────────────────────────────┴──────────────────────────────┴──────────────────────────────┴──────────────────────────────┘
┌─────────────┐
┌──────────────────────────────┬───────────────────────┤ Fri 14 Feb ├───────────────────────┬──────────────────────────────┐
│ Morning │ Noon └──────┬──────┘ Evening │ Night │
├──────────────────────────────┼──────────────────────────────┼──────────────────────────────┼──────────────────────────────┤
│ Overcast │ Cloudy │ _`/"".-. Patchy snow po…│ \ / Partly cloudy │
│ .--. 8..21 °F │ .--. 12..23 °F │ ,\_( ). 10..21 °F │ _ /"".-. 1..14 °F │
│ .-( ). ↘ 9-12 mph │ .-( ). ↘ 10-11 mph │ /(___(__) ↘ 11-14 mph │ \_( ). ↓ 9-15 mph │
│ (___.__)__) 6 mi │ (___.__)__) 6 mi │ ‘ * ‘ * 6 mi │ /(___(__) 5 mi │
│ 0.0 in | 0% │ 0.0 in | 0% │ * ‘ * ‘ 0.0 in | 0% │ 0.0 in | 0% │
└──────────────────────────────┴──────────────────────────────┴──────────────────────────────┴──────────────────────────────┘
┌─────────────┐
┌──────────────────────────────┬───────────────────────┤ Sat 15 Feb ├───────────────────────┬──────────────────────────────┐
│ Morning │ Noon └──────┬──────┘ Evening │ Night │
├──────────────────────────────┼──────────────────────────────┼──────────────────────────────┼──────────────────────────────┤
│ \ / Sunny │ \ / Sunny │ Overcast │ Overcast │
│ .-. 14..17 °F │ .-. 19..24 °F │ .--. 21..30 °F │ .--. 17..26 °F │
│ ― ( ) ― → 2 mph │ ― ( ) ― ↑ 3-4 mph │ .-( ). ↑ 9-13 mph │ .-( ). ↑ 8-14 mph │
│ `-’ 6 mi │ `-’ 6 mi │ (___.__)__) 6 mi │ (___.__)__) 6 mi │
│ / \ 0.0 in | 0% │ / \ 0.0 in | 0% │ 0.0 in | 0% │ 0.0 in | 0% │
└──────────────────────────────┴──────────────────────────────┴──────────────────────────────┴──────────────────────────────┘

Follow @igor_chubin for wttr.in updates
[ 14.605] INFO github.com/netfoundry/ziti-edge/tunnel.myCopy: {src-local=[127.0.0.1:9000] dst-local=[:1] dst-remote=[wttr.ziti] src-remote=[127.0.0.1:60058]} stopping pipe
[ 14.605] DEBUG github.com/netfoundry/ziti-sdk-golang/ziti/internal/edge_impl.(*edgeConn).Close: {connId=[1]} close: begin
[ 14.605] DEBUG github.com/netfoundry/ziti-sdk-golang/ziti/edge.(*muxRemoveSinkEvent).Handle: {connId=[1]} Removed sink from mux. Current sink count: 0
[ 14.605] DEBUG github.com/netfoundry/ziti-sdk-golang/ziti/edge.(*MsgMux).RemoveMsgSinkById: {connId=[1]} removed from msg mux
[ 14.605] DEBUG github.com/netfoundry/ziti-sdk-golang/ziti/internal/edge_impl.(*edgeConn).Close: {connId=[1]} close: end

cd@sg1 ~/.softhsm/softhsm_demo
$ [ 15.606] DEBUG github.com/netfoundry/ziti-sdk-golang/ziti/internal/edge_impl.(*edgeConn).Read: {connId=[1]} sequencer closed, closing connection
[ 15.606] DEBUG github.com/netfoundry/ziti-sdk-golang/ziti/internal/edge_impl.(*edgeConn).Read: {connId=[1]} return EOF from closing/closed connection
[ 15.606] INFO github.com/netfoundry/ziti-edge/tunnel.myCopy: {dst-local=[127.0.0.1:9000] dst-remote=[127.0.0.1:60058] src-remote=[wttr.ziti] src-local=[:1]} stopping pipe
[ 15.606] INFO github.com/netfoundry/ziti-edge/tunnel.Run: {dst-local=[:1] dst-remote=[wttr.ziti] src-remote=[127.0.0.1:60058] src-local=[127.0.0.1:9000]} tunnel closed: 71 bytes sent; 8907 bytes received
jobs
[1]- Running ziti-tunnel proxy -i "${HSM_DEST}/${RSA_ID}.json" wttr.ziti:8000 -v &
[2]+ Running ziti-tunnel proxy -i "${HSM_DEST}/${EC_ID}.json" wttr.ziti:9000 -v &

cd@sg1 ~/.softhsm/softhsm_demo
$ killall ziti-tunnel
[ 21.732] DEBUG github.com/netfoundry/ziti-edge/tunnel/intercept.ServicePoller: caught signal terminated
[ 21.731] DEBUG github.com/netfoundry/ziti-edge/tunnel/intercept.ServicePoller: caught signal terminated
[ 21.732] DEBUG github.com/netfoundry/ziti-edge/tunnel/intercept.ServicePoller: caught signal terminated
[ 21.731] DEBUG github.com/netfoundry/ziti-edge/tunnel/intercept.ServicePoller: caught signal terminated
[ 21.732] INFO github.com/netfoundry/ziti-edge/tunnel/intercept.updateServices: stopping tunnel for unavailable service: netcat7256
[ 21.731] INFO github.com/netfoundry/ziti-edge/tunnel/intercept.updateServices: stopping tunnel for unavailable service: wttr.ziti
[ 21.731] ERROR github.com/netfoundry/ziti-edge/tunnel/intercept.updateServices: failed to stop intercepting: StopIntercepting not implemented by proxy interceptor
[ 21.732] ERROR github.com/netfoundry/ziti-edge/tunnel/intercept.updateServices: failed to stop intercepting: StopIntercepting not implemented by proxy interceptor
[ 21.731] INFO github.com/netfoundry/ziti-edge/tunnel/intercept.updateServices: stopping tunnel for unavailable service: netcat7256
[ 21.732] INFO github.com/netfoundry/ziti-edge/tunnel/intercept.updateServices: stopping tunnel for unavailable service: wttr.ziti
[ 21.731] ERROR github.com/netfoundry/ziti-edge/tunnel/intercept.updateServices: failed to stop intercepting: StopIntercepting not implemented by proxy interceptor
[ 21.732] ERROR github.com/netfoundry/ziti-edge/tunnel/intercept.updateServices: failed to stop intercepting: StopIntercepting not implemented by proxy interceptor
[ 21.731] INFO github.com/netfoundry/ziti-edge/tunnel/intercept/proxy.(*interceptor).Stop: stopping proxy interceptor
[ 21.732] INFO github.com/netfoundry/ziti-edge/tunnel/intercept/proxy.(*interceptor).Stop: stopping proxy interceptor
[1]- Done ziti-tunnel proxy -i "${HSM_DEST}/${RSA_ID}.json" wttr.ziti:8000 -v
[2]+ Done ziti-tunnel proxy -i "${HSM_DEST}/${EC_ID}.json" wttr.ziti:9000 -v

cd@sg1 ~/.softhsm/softhsm_demo
$ jobs

cd@sg1 ~/.softhsm/softhsm_demo