I try to create a DoT Gateway with nginx. However, i get every time when i try to connect via Android private DNS a status 500 response.
My Nginx config looks like this:
stream {
log_format basic '$remote_addr [$time_local] $protocol $status $bytes_sent $bytes_received $session_time $upstream_addr';
upstream dns {
server 8.8.8.8:53;
}
server {
listen 853 ssl;
access_log /var/log/nginx/dot-access.log basic;
error_log /var/log/nginx/dot-error.log;
ssl_certificate /etc/letsencrypt/live/my.domain.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/my.domain.com/privkey.pem;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_session_timeout 4h;
ssl_handshake_timeout 10s;
proxy_pass dns;
}
}
I have tried to solve the error with https://medium.com/#nykolas.z/troubleshooting-dns-over-tls-e7ca570b6337 and https://www.aaflalo.me/2019/03/dns-over-tls/. A test request with https://getdnsapi.net/query/ works fine and i get "status": GETDNS_RESPSTATUS_GOOD. In in /var/log/nginx/dot-access.log i see
185.49.141.27 [01/Oct/2021:11:59:57 +0200] TCP 200 56 130 0.210 8.8.8.8:53
However, if i enter "my.domain.com" in Android private DNS settings, i get the error message "Connection not possible" and in /var/log/nginx/dot-access.log
84.33.44.28 [01/Oct/2021:11:55:01 +0200] TCP 500 0 0 0.131 -
For me, this means that this setup basically works, however not with Android Private DNS. Anyone with ideas?
I have exactly the same setup and it worked until yesterday.
There seems to be an issue with Let's Encrypt certificates:
https://twitter.com/WatfordJC/status/1443611562028245005
The problem can be solved by adding --preferred-chain="ISRG Root X1" to your certbot request. I just force renewed my certificate and now it is working again.
Other users discussing the topic: https://www.reddit.com/r/Adguard/comments/pynis4/agh_android_private_dns_couldnt_connect/
Related
I'm new to Dart and Flutter. I know a bit about Sockets. Here is my question:
I tried to create a TCP socket on a emulator with flutter (on android emulator Pixel 3A API 33) and connect it with another emulator(identical but diffrent emulator, Pixel 3A API 33). I got en error it says "Connection Refused (OS Error: Connection refused, errno = 111),address = 0.0.0.0, port = 36802)
I'm trying to make p2p chat application using flutter. I'm creating a socket in here in p1:
myPort = 43761;
String mysocketIP = "0.0.0.0";
final Future<ServerSocket> mySocket = ServerSocket.bind(mysocketIP, myPort);
and listening the socket like this in p1:
mySocket.then((ServerSocket listenSocket) {
listenSocket.listen((Socket mysocket) {
mysocket.listen((Uint8List data) async {
String mysocketResponse = String.fromCharCodes(data);
String strData = utf8.decode(data);
if(mysocketResponse == "///initiate"){
p2pSocket.add(utf8.encode("Got you message"));
}
print(strData);
});
});
});
All code in p1 about socket is given.
And here comes p2, which is client. Trying to connect to p1:
(I'm getting relevant port and ip from a server. That part works fine, I tested. serverResponse is the response from server. recKey means reciever's key. Its not relevant to my problem. Just another stuff.
code comes to else if block and executes but in Socket.connect line it blows.
late String recieverClientIP;
late int recieverClientPORT;
/*
...
...
*/
else if(serverResponse.length>=8 && serverResponse.substring(0,8)=="//recKey") {
targetsKey = serverResponse.substring(8);
// p2p sohbeti baslatıyoruz.
p2pSocket = await Socket.connect(recieverClientIP, recieverClientPORT);
//p2pSocket.write("///initiate");
}
;
Here is the erros message I get:
ERROR MESSAGE
I realized that in error, it says another port number. I'm using (IP 0.0.0.0) port number 47761 in p1 and in error it says another port number. Maybe it about it? I don't know I'm so confused.
By the way I'm using Android Stuido. With Emulator. Emulator I'm using is Pixel 3A API 33 x86 64
EDÄ°T: I'm using 10.2.2.2 in Server, 0.0.0.0 in p1. I can not create a socket with 10.0.2.2 in p1 it gives error. That's why I'm using 0.0.0.0 it's working.
Thanks in advance.
I'm trying to send a simple GET request using FUEL to my webserver, when I try to debug, I can see what happens when I click the button in the app, then I get this output:
I/DpmTcmClient: RegisterTcmMonitor from: $Proxy1
I/System.out: --> GET http://1.1.1.1/post.php
Body : (empty)
Headers : (0)
I/System.out: <-- -1 http://1.1.1.1/post.php
Response :
Length : 0
I/System.out: Body : (empty)
Headers : (0)
I've changed the IP to a random open one, using my real IP in the script.
This is my script (which is taken from github)
uttonClickMe.setOnClickListener{
Fuel.get("http://1.1.1.1/post.php")
.response { request, response, result ->
println(request)
println(response)
val (bytes, error) = result
if (bytes != null) {
println("[response bytes] ${String(bytes)}")
}
}
}
However I see nothing on my servers end in the logs about requests coming thru, can someone point me in the right direction?
I figured it out, even thru I tried with and without ssl, it was with an invalid ssl cert, it is now working with domain and valid ssl.
I'm setting TLS + SRTP on my VoIP app in android. So far i have compiled PJSIP 2.8 with OpenSSL 1.0.2g. making call without srtp works fine, but when i force to use SRTP, call in not make.
I enable SRTP with following code:
AccountConfig.getMediaConfig().setSrtpUse(pjmedia_srtp_use.PJMEDIA_SRTP_MANDATORY);
AccountConfig.getMediaConfig().setSrtpSecureSignaling(1);
TLS works fine, because if I set secureSignaling to 1 (need TLS transport) and srtpUse to disable, I still can make call and it works fine.
I checked my server with Zoiper, and Zoiper could make a secure call.
So, I'm sure problem is from my configuration of SRTP.
This is my configs on Android App:
TLS Transport :
sipTpConfig.getTlsConfig().setMethod(pjsip_ssl_method.PJSIP_TLSV1_METHOD);
sipTpConfig.getTlsConfig().setVerifyServer(false);
sipTpConfig.getTlsConfig().setVerifyClient(false);
sipTpConfig.getTlsConfig().setRequireClientCert(false);
Port = 5061
and Media Config:
AccountConfig.getMediaConfig().setSrtpUse(pjmedia_srtp_use.PJMEDIA_SRTP_MANDATORY);
AccountConfig.getMediaConfig().setSrtpSecureSignaling(1);
AccountConfig.getMediaConfig().getTransportConfig().getTlsConfig().setMethod(pjsip_ssl_method.PJSIP_TLSV1_METHOD);
In my Server (Asterisk 13.26) I have these configs:
Sip.conf :
[general]
context=internal
externaddr= 192.168.1.2
externip= 192.168.1.2
externtcpport=5060
externudpport=5060
externtlsport=5061
tcpbindaddr=0.0.0.0:5060
udpbindaddr=0.0.0.0:5060
tlsbindaddr=0.0.0.0:5061
allowguest=no
allowoverlap=no
srvlookup=no
allow=all
alwaysauthreject=yes
canreinvite=no
nat=force_rport,comedia
session-timers=refuse
localnet=192.168.1.0/255.255.255.0
tcpenable=yes
srtpcapable=yes
tlsenable=yes
tlscertfile=/etc/asterisk/keys/asterisk.pem
tlscafile=/etc/asterisk/keys/ca.crt
tlscipher=ALL
tlsclientmethod=tlsv1
encryption=yes
direct_media=no
media_encryption_optimistic=false
media_encryption=sdes
[6002]
type=friend
host=dynamic
secret=12345
context=internal
transport=tls
had anyone same issue or know a way to fix this ?
Log files of android and asterisk :
https://drive.google.com/file/d/18j98zp9FWJGRSvRdKy5k96VNbjUYaRc5/view?usp=sharing
https://drive.google.com/file/d/1eAeX5Gd6phIvKDLCRjVyD6uZV_CP9h6p/view?usp=sharing
I'm trying to create a muc_room with SMACK api on ejabberd.
after the transaction I get an error:
No response received within reply timeout. Timeout was 5000ms (~5s). Used filter: AndFilter: (FromMatchesFilter (full): instantroom2#localhost/pinit, StanzaTypeFilter: Presence).
the room is created since it is listed in the output of:
ejabberdctl muc_online_rooms localhost
when I look into my sql there is only the one room I created locally
also the timeout thing happens when I try to list muc rooms.
is anyone here familiar with this problem?
my ejabberd.yml:
mod_muc_admin: {}
mod_muc:
## host: "conference.#HOST#"
host: "#HOST#"
access:
- allow
access_admin:
- allow: admin
access_create: muc_create
access_persistent: muc_create
mod_muc_log: {}
## mod_multicast: {}
mod_offline:
access_max_user_messages: max_user_offline_messages
mod_ping: {}
## mod_pres_counter:
## count: 5
## interval: 60
UPDATE:
I found another strange thing, when I destroy muc_rooms they are not listed in muc_rooms_online but not being removed from mysql DB.
after I restart ejabberd they show up back again.
everytime i want to send a push notification to my cell i get the 302 Moved Error from the Google servers. It says, it moved to www.google.com. This doesn't seem correct. So i have the following information:
I am sitting behind a proxy, but i tried this also without a proxy. No effect.
CUrl commandline method works fine
Receiving the auth token from the Google servers works fine
Changing the auth token i want to send has no real effect (changing the last 3-4 characters)
Sending no registration id has no effect
Here is the code, that sends a push notification:
QString headerStr = QString("GoogleLogin auth=") + m_authCode;
qDebug(qPrintable(headerStr));
QUrl url;
url.addQueryItem("registration_id", m_pRegCode->text());
url.addQueryItem("collapse_key", "0");
url.addQueryItem("data.message", "data");
qDebug("%s", qPrintable(url.toString()));
qDebug("%s", qPrintable(QString(url.encodedQuery())));
QByteArray data;
data = url.encodedQuery();
QUrl header("https://android.apis.google.com/c2dm/send");
QNetworkRequest req(header);
req.setHeader(QNetworkRequest::ContentTypeHeader, "application/x-www-form-urlencoded;charset=UTF-8");
req.setHeader(QNetworkRequest::ContentLengthHeader, data.length());
req.setRawHeader(QByteArray("Authorization"), headerStr.toAscii());
qDebug("%s", qPrintable(req.url().toString()));
m_pPushRep = m_pManager->post(req, data);
The answer i receive is:
<HTML><HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8">
<TITLE>302 Moved</TITLE></HEAD><BODY>
<H1>302 Moved</H1>
The document has moved
here.
</BODY></HTML>
What am i doing wrong?
Edit: The solution was actually pretty simple: I had a whitespace at the end of my authentication id. This actually led to the errorcode. So for everyone who reads this in the far future: CHECK YOUR AUTHENTICATION CODE!
I ran into a similar issue. Worked from cURL but not from Qt. I however had to use the -k flag with cURL aka ignore ssl errors. After I did a simple ignoreSslErrors() on the QNetworkReply* it worked just fine for me, this might do the trick for you too. I now have this code to do the api call.
QNetworkRequest request(QUrl("https://android.apis.google.com/c2dm/send"));
QUrl postData;
postData.addQueryItem("collapse_key","1");
postData.addQueryItem("registration_id",id);
postData.addQueryItem("data.message",message);
request.setHeader(QNetworkRequest::ContentTypeHeader, "application/x-www-form-urlencoded;charset=UTF-8");
request.setHeader(QNetworkRequest::ContentLengthHeader, postData.encodedQuery().length());
request.setRawHeader("Authorization","GoogleLogin auth=....");
network->post(request,postData.encodedQuery())->ignoreSslErrors();
Which works just fine for me.