I've migrated a web application that sends push notifications to Android apps using Google Cloud Messaging from my local workstation to a server.
Connecting to https://android.googleapis.com/gcm/send worked perfectly from my workstation. My list of allowed IPs in my Google API project includes my server's IP (and I've triple checked it), but when I connect using the exact same API key from the server, I am always getting a 401 (unauthorized) response back from Google.
I am connecting from a Linode VPS, and when I wget the same URL, I can see that it is going over IPV6. I've copied my server's IPV6 address from http://whatismyv6.com/ and also included that in the list of allowed IPs, but still I'm still only getting 401 responses.
My guess is it's related to IPV6, so I'll go ahead and try to force connecting over IPV4- but I'm curious about whether anyone else has experienced this.
Interesting. It suddenly just started working. Out of curiosity, I removed my IPV6 address, tried again and it failed. Then after adding it back, it failed a few times before started working again.
It seems that it may just take a little while for Google to accept the IPV6 address?
I guess I'll leave this question / answer though, in case anyone else experiences it. Make sure your server's IPV6 address is in the allowed list, then just go refill your coffee and try again later.
Related
I've set up an ec2 instance in aws with a parse server on it. I'm using it for an android app and it works just fine from the emulator on my host machine, except that it doesn't from any other machine/device - be it another emulator from another pc, doesn't matter if its on the same network or not, or an android phone.
I tried setting up another parse server in back4app and it works just as expected there, however that is not that much of a good solution since the free plan reaches its limit in the middle of the workflow of my app and that's not sufficient even for the presentation that I have to make.
As for the aws - I opened all traffic for all ports both on the inbound and outbound tabs from the security group - still nothing.
I tried accessing the dashboard via browser from another device and that works just fine but whenever I try to login from the app, it just times out - no response. Logs don't show anything, except for the fact that I have received the timeout toast. I tried connecting both to the dns and the public ipv4
Parse.enableLocalDatastore(this);
Parse.initialize(new Parse.Configuration.Builder(getApplicationContext())
.applicationId("{{appId}}")
.clientKey("{{masterKey}}")
.server("http://{{addr}}:80/parse/")
.build()
);
I'm pretty certain that its something to do with aws's security policy that I have missed to configure, since I'm not changing anything major when I try to connect to the back4app and the aws. Fact is - they both work from the emu, but aws doesn't from the phone.
I have a nodejs v0.10 server with socket.io (v0.9.16) running on Openshift, for the past 2 months it has no problem receiving data from my Android apps connecting to the server using AndroidAsync (https://github.com/koush/AndroidAsync). Suddenly after Openshift upgrade its service on 25th Feb the Android app fail to connect to the server. Every time the app tries to connect the server, the server will output an error, I run Socket.IO in debug mode and this appear (debug: destroying non-socket.io upgrade).
Funny thing is, the same server also host my web client running the same socket.io library, and it has no problem whatsoever with the web client. Can someone please point me to the right direction? I am connecting to the server with http://www.xxxxxx.com:8000/ where 8000 is the websocket port given by Openshift.
I read that "destroying non-socket.io upgrade" might due to invalid/incompatible socket.io js file, I tried to do a manual check on the socket.io file by typing this in my browser
http://www.xxxxxx.com:8000/socket.io/1/
I got this return code:
An-vI1BJofr45j9c_GmH:60:60:websocket,htmlfile,xhr-polling,jsonp-polling
PS: My Android code hasn't been changed, and so is my server code.
PPS: I have successfully connect in localhost environment and my own server. So the problem is most probably originated from Openshift, not sure what have been updated to break it.
All of a sudden it works again without any code changes. I would however recommended anyone using my approach of connecting to backend server to have a http push backup just incase any future server updates breaks it again.
Would appreciate if anyone from Openshift can help clarify this to prevent sudden death on running production apps. Thanks.
Make sure to check OpenShift Online's system status page to see if your apps have been impacted by a system outage. (fyi: we run on top of AWS)
I would definitely consider using one of OpenShift Online's paid hosting plans for production quality applications. Apps that are created using paid plans go onto a separate array of machines (more resources), and are configured to be more highly-available (no sleeping due to inactivity).
Hope this helps answer your question. Please close if so.
Wonder if anyone here happen to know the ip range of google's gcm server (for android push notification)?
I need the information so that our network team can open the firewall port for our UAT environment for incoming UAT test.
I tried to lookup from developer.android.com/google/gcm/ but no luck.
Our network team refused to open all ip range from asn 15169 which is a rather huge list.
I think there is an existing question IP address for Google Cloud Messaging server and the person found out that those are not published by Google. I also tried to look for it once but couldn't find. I might be wrong but I am pretty sure they don't publish that. Maybe instead of using corporate wifi, you can use direct 3G or 4G data plan.
In a comment on why GCM is not giving push notification in android device? question someone has mentioned that He opened the ports 5258,29,30 and then he was able to receive the regId from GCM server behind firewall.
Also I think the answer by #Eran on Which port and protocol does Google Cloud Messaging (GCM) use? will be of help. It says:
The device accesses the GCM servers on ports 5228-5230. If your organization has a firewall that restricts the traffic to or from the Internet, you'll need to configure it to allow connectivity with GCM. The ports to open are: 5228, 5229, and 5230. GCM typically only uses 5228, but it sometimes uses 5229 and 5230. GCM doesn't provide specific IPs. It changes IPs frequently. We recommend against using ACLs but if you must use them, take a broad approach such as the method suggested in this support link.
This is relevant if your device is connected to the internet via WiFi.
Hope this helps a bit.
Update:
As per Mark Whitaker answer to a similar question here, he mentions that:
Newer versions of Android also fall back to port 443 if ports 5228-5230 are blocked by a firewall.
Although there doesn't seem to be an official list still.
To add to what Shobhit Puri already said, I've also tried to find the answer to this question to be able to poke the appropriate holes in my firewall and am extremely disappointed with Google after concluding that the IP address used for Google Cloud Messaging is not obtained using a DNS request, or are obtained using DNS requests that subvert the Always On VPN functionality in Android.
By using the Always On VPN function in later versions of Android, I made sure that all traffic went through one of my servers. This also allowed me to use that server as a DNS Resolver and by activating query logging and rebooting the phone I was able to get a list of all of the DNS requests that it makes. Then, with some scripting magic I checked all of them, but none of them resolved to the IP address(es) that show up in my firewall logs with outbound port 5228 drops.
This leads me to conclude that the IP addresses used for GCM are obtained using a method other than DNS, such as Google Play Store web traffic.
Edit (Solution?): After running a script through all of my firewall logs going back as far as I have them and pulling out all of the dstport 5228 entries, I've been able to compile a list of IP addresses that GCM has tried to connect to. I can't say that this is a complete list, it will likely change based on geographic location, but notice the pattern...
74.125.28.188
74.125.129.188
74.125.20.188
173.194.79.188
74.125.142.188
74.125.192.188
74.125.140.188
74.125.139.188
74.125.137.188
74.125.134.188
74.125.130.188
173.194.68.188
173.194.76.188
I've created a group for all of those IP addresses and have configured my firewall to use that for my GCM whitelist. I have also setup a report to check for any dstport 5228 drops to let me know if I ever need to revisit this.
Recently my GCM push message notification didn't work anymore.
I didn't change anything, in my Google API Console, I've registred the IPV6 of my dedicated server if the whitelist IP address.
But when I try to reach GCM service I always get an error :
Unauthorized
Error 401
Also tried with IPV4 without success...
I've tried the same script on my own computer and everything works smooth ...
Any idea would be very appreciate :)
Thanks for your help
You need to put the server IP address in the whitelist ip addresses in google api console for GCM.
Edit:
you must use Key for server apps (with IP locking) instead of browser key.
i have had the same issue for 1 whole day ! but silly me...
in your Dev console>APIs & auth > make sure your "google cloud messaging for android" is ON !
That was my mistake.
And also first test by allowing all IPs.
I had the same issue. What resolved it for me was registering my public ip, waiting for a few minutes and then refreshing the google api console page.
I had the same problem and ended up adding "0::0/0" to my whitelist ip addresses. This fixed the problem for me. Though a better solution would be to get a real IPV6 to use for the server.
Would anyone know how to configure the emulator to make ssl connections via a proxy ?
I use the -http-proxy option when starting the emulator. I can access any website except those with https protocol.
Any idea ?
I've experienced similar problems with Android during a web project lately. The site works fine using ordinary HTTP from Android but when using HTTPS it works now and then. Some requests just fail and we get "Web page not found"-errors. The connections are sometimes very slow. After some further tests and investigation I found out that the problem was general for all HTTPS sites, not only for our site.
According to a bug report for Android others are reporting the same problem and Android has been hit by it since version 1.5:
http://code.google.com/p/android/issues/detail?id=3334
I removed the APN proxy in my HTC Desire, as stated in the bug report above, and then Android performed as expected on HTTPS sites. For our purpose we have made an exception for Android telephone so they are routed to the ordinary HTTP site instead.
In other words, it seems like Android has a general problem with proxies and that may be the cause of problem with the emulator. Vote on the bug, just follow the link above.
There are several possible reasons for that:
Can you access the HTTPS site with your real phone? If not, then probably the involved certificate is not considered as trusted from the app/webview. If you need to consider a certificate as trusted within your app, look at the following tutorial
Can you access HTTPS sites at all via your proxy from a webbrowser? Our enterprise proxy server does not allow HTTPS traffic (for whatever reason) at all. You could also sniff the traffic with Wireshark etc. to see if anything is sent back from the proxy or an error occurred.
What type of problem did you get when you try to connect to the website? Can you provide a stacktrace or LogCat output?