[Freedombox-discuss] Can't get android phone to connect to radicale.
A. F. Cano
afc at shibaya.lonestar.org
Wed Feb 8 04:34:09 UTC 2017
On Tue, Feb 07, 2017 at 12:41:54PM -0500, Daniel Gnoutcheff wrote:
> On 02/06/2017 11:15 PM, A. F. Cano wrote:
> > Failed to obtain certificate for domain <domain>.freedombox.rocks: Failed
> > authorization procedure. <domain>.freedombox.rocks (http-01):
> > urn:acme:error:connection :: The server could not connect to the client
> > to verify the domain :: Could not connect to <domain>.freedombox.rocks
>
> From this, it sounds like the HTTP server on <domain>.freedombox.rocks
> is not reachable from the public Internet. It needs to be in order for
> the "http-01" validation method to work [1].
>
> What happens if you try to visit http://<domain>.freedombox.rocks/ in a
> browser, preferably from a public Wifi network or some other independent
> network?
Trying this from a real outside network will have to wait until
saturday, but trying it from an inside machine it seems that DNS does
its job and sends the packets to the right place. I get:
Your connection is not secure
The owner of <domain>.freedombox.rocks has configured their website
improperly. To protect your information from being stolen, Firefox has
not connected to this website.
This site uses HTTP Strict Transport Security (HSTS) to specify that
Firefox only connect to it securely. As a result, it is not possible to
add an exception for this certificate.
> What happens when you run
>
> getent ahosts <domain>.freedombox.rocks
>From the same internal machine I get:
75.226.115.229 STREAM <domain>.freedombox.rocks
75.226.115.229 DGRAM
75.226.115.229 RAW
This address is the same one that ifconfig reports on the freedombox for
the ppp0 interface, which is the outside interface. So it seems to be
working.
> from a Linux workstation?
>
> Is the freedombox behind another router? If so, have we verified port
No. The ppp connection is the outside interface, via a CDMA phone.
> forwarding for tcp ports 80 and 443?
>
>
> > Stopping orbot and disabling the firewall seem to not fix the issue.
>
> Right. I think we *also* need to fix certificate issue.
I'll keep digging into the iptables rules. I have a lot to learn in
this area so it might take a while.
> > I don't see any packets going to/from the phone with wireshark,
>
> Are you running wireshark on the freedombox itself? If not, I'm not
> sure I'd trust that packet dump. Capturing unicast traffic that doesn't
I'm running wireshark on the machine that has the wifi interface to
which the android phone connects (wlan0) and capturing the packets of
that interface. This android phone is not the same one I use to connect
to the internet via ppp.
I'm also learning the many options of wireshark and I'm quite
overwhelmed by the amount of packets wireshark is displaying. I've
tried to restrict what gets displayed to what comes/goes from/to the
android phone (static IP address), but I'm still getting flooded with
MDNS packets.
> involve the capturing host is tricky business [2]. Maybe try tcpdump on
> the freedombox (via ssh)?
>
> [1] https://tools.ietf.org/html/draft-ietf-acme-acme-05#section-7.2
>
> [2] https://wiki.wireshark.org/CaptureSetup/WLAN
Thanks. I'll check this next but I wanted to send out what I can
quickly.
Augustine
More information about the Freedombox-discuss
mailing list