Reconnect Problem after changing 4G/WLAN or other way

[vsatmydynipnet]

Hi,

love Owntracks but have a hard problem. I track some IOS devices but they loose connection mostly when changing from 4G to WLAN or WLAN to 4G. Status then is not connected and it doesn't recover even its on for hours. If I go to settings and back, it reconnects without problem. Looks like if entering settings it disconnects ad reconnect. Would love to see this working! Thank you so much! Greetings.

[ckrey]

You will need to tell us a bit more if you want to get help

• Do you see an error message when you go to info (i)?
• MQTT or HTTP?
• Websockets or Plain?
• TLS or not?
• Client Certificates?
• What is the environment for your WLAN?
• Does the hostname you use resolve to a different address when in WLAN vs. 4G?

[vsatmydynipnet]

Hi, sorry, here are the infos:

• MQTT
• Plain
• TLS
• Authentication YES
• happens when changing into different WLAN's
  . hostname is always the same, it is a 2 server mosquitto setup where the outer side takes connections and forwardes mqtt to the inner mosquitto server.
• i created my own CA using client certificates and server certificates from it.

Actually i am laying down with flu, so i can't reproduce the error, but its something like unable to connect / not connected in the status box.

[ckrey]

Thanks for the info.

Does the app connect to the same box when in 4G or WLAN mode?

[vsatmydynipnet]

Yes, it works fine in all the WLAN's and vie LTE/4G. The only problem is, if the IOS device moves from e.g. WLAN to 4G while leaving the house for example, Owntracks connection sometimes not always, can't reconnect and waits forever. As soon as I go into settings, without changing anything, and go back it tries to reconnect, connects and works again.

[vsatmydynipnet]

Was able to reproducde the error today. Error in Box:

Fehler == Error

idle Der Vorgang konnte nicht abgeschlossen werden. (OSStatus-Fehler -9829.) {

"_kCFStreamErrorCodeKey" = "-9829";

"_kCFStreamErrorDomainKey" = 3;

}

[ckrey]

see #408 and #379

The error code indicates the peer does request a client certificate but the client does not provide one.

We tried to track that problem down with regards to the issues mentioned above but could not figure it out.

[vsatmydynipnet]

As I said, like yesterday:

• Device moved from LTG/4G to WLAN
• Error comes up Owntracks App war running on the device
• Without changing WLAN or connectivity: enter settings once and go back it reconnects and everything is fine.

Suggestions:

In case of this error let Owntracks do the same as it does when entering settings and go back, IMHO disconnet and do a full reset of the connection, and all should be fine.

Thank you for looking into this

[ckrey]

I would like to understand the problem before trying to avoid the problem.

I have a setup here with one mosquitto, self signed server certificate and client certificate. Transition from Wifi to 4G and vice versa works fine.

Can you share your mosquitto logs?

[vsatmydynipnet]

It often works, I agree, but as mentioned too often it doesn't. Mosquitto Logs not public, but I dont have a proble to share it via Riot Messenger (e2e encrypted). Mail me at vs@mydynip.net in English or German.

[ckrey]

Thanks for the logs

Interesting: the error occurs when the (probably NATed) origin address changes in the 4G network, not when transitioning from 4G to WIFI.

Maybe the client needs to reset the TLS context...

anonymized mosquitto.log

# Connection from 4G, ok
Apr  4 17:36:49 mqtt mosquitto[576]: New connection from <4G>.36.224 on port 8883.
Apr  4 17:36:49 mqtt mosquitto[576]: Client IPHONE disconnected.
Apr  4 17:36:49 mqtt mosquitto[576]: New client connected from <4G>.36.224 as IPHONE (c0, k60, u'IPHONE').
Apr  4 17:37:04 mqtt mosquitto[576]: Client IPHONE disconnected.
Apr  4 17:42:05 mqtt mosquitto[576]: New connection from <4G>.36.224 on port 8883.
Apr  4 17:42:06 mqtt mosquitto[576]: Client IPHONE disconnected.

# Connection from 4G, but other (NATed) origin, results in SSL error, error remains
Apr  4 17:42:06 mqtt mosquitto[576]: New client connected from <4G>.36.224 as IPHONE (c0, k60, u'IPHONE').
Apr  4 17:42:19 mqtt mosquitto[576]: Client IPHONE disconnected.
Apr  4 19:48:20 mqtt mosquitto[576]: New connection from <4G>.6.94 on port 8883.
Apr  4 19:48:23 mqtt mosquitto[576]: OpenSSL Error: error:140890C7:SSL routines:ssl3_get_client_certificate:peer did not return a certificate
Apr  4 19:48:23 mqtt mosquitto[576]: Socket error on client <unknown>, disconnecting.
Apr  4 19:49:47 mqtt mosquitto[576]: New connection from <4G>.6.94 on port 8883.
Apr  4 19:49:48 mqtt mosquitto[576]: OpenSSL Error: error:140890C7:SSL routines:ssl3_get_client_certificate:peer did not return a certificate
Apr  4 19:49:48 mqtt mosquitto[576]: Socket error on client <unknown>, disconnecting.
Apr  4 19:51:18 mqtt mosquitto[576]: New connection from <4G>.6.94 on port 8883.
Apr  4 19:51:18 mqtt mosquitto[576]: OpenSSL Error: error:140890C7:SSL routines:ssl3_get_client_certificate:peer did not return a certificate

# Connection from WIF, SSL error remains
Apr  4 20:01:26 mqtt mosquitto[576]: New connection from <WIFI>.18 on port 8883.
Apr  4 20:01:26 mqtt mosquitto[576]: OpenSSL Error: error:140890C7:SSL routines:ssl3_get_client_certificate:peer did not return a certificate
Apr  4 20:01:26 mqtt mosquitto[576]: Socket error on client <unknown>, disconnecting.
Apr  4 20:02:21 mqtt mosquitto[576]: New connection from <WIFI>.18 on port 8883.
Apr  4 20:02:22 mqtt mosquitto[576]: OpenSSL Error: error:140890C7:SSL routines:ssl3_get_client_certificate:peer did not return a certificate
Apr  4 20:02:22 mqtt mosquitto[576]: Socket error on client <unknown>, disconnecting.
Apr  4 20:02:26 mqtt mosquitto[576]: New connection from <WIFI>.18 on port 8883.
Apr  4 20:02:27 mqtt mosquitto[576]: Client IPHONE disconnected.

# Stop and Restart Connection by enter/leave Settings
Apr  4 20:02:27 mqtt mosquitto[576]: New client connected from <WIFI>.18 as IPHONE (c0, k60, u'IPHONE').
Apr  4 20:02:27 mqtt mosquitto[576]: IPHONE 1 owntracks/+/+
Apr  4 20:02:27 mqtt mosquitto[576]: IPHONE 1 owntracks/+/+/event
Apr  4 20:02:27 mqtt mosquitto[576]: IPHONE 1 owntracks/+/+/info
Apr  4 20:02:27 mqtt mosquitto[576]: IPHONE 1 owntracks/IPHONE/IPHONE/cmd
Apr  4 20:02:28 mqtt mosquitto[576]: Client IPHONE disconnected.

[vsatmydynipnet]

Saw that while checking the Logs too. In my opinion there should be some hard reset if it can't reconnect within e.g. 3-5 Minutes. This would alt least solve my problems and I would be able to add our devices to the system. :-) Thank you very much for your help.

[ckrey]

@mabnz @vsatmydynipnet I have a tentative fix I would like you to test.
Please send me your email here or directly mailto:c@ckrey.de
I will include you in our beta testing

[vsatmydynipnet]

Hi, Email is not a problem, but actually can install only from Apple App Store to these devices. Email is vs@mydynip.net.

[ckrey]

@vsatmydynipnet then there will be a problem to test before releasing it to the public

[vsatmydynipnet]

Good Morning, I can report that actually with FreeBSD 11.1 p11 / IOS 11.4.1 (Iphone 5s) I can*t reprodruce the problem anymore. So I am not really helpful for testing.

[ckrey]

@squeepip I just sent you an invitation to test 9.9.4 in Testflight. Thanks in advance for your feedback

[acowley]

I am experiencing this problem, too. Same configuration, I think:

Going from WiFi to LTE, the iOS application (version 9.9.3) can no longer connect to the broker, and Status shows,

idle The operation couldn’t be completed. (OSStatus error -9829.) {
    "_kCFStreamErrorCodeKey" = "-9829";
    "_kCFStreamErrorDomainKey" = 3;
}

MQTT, Plain, TLS, self-signed client certificate. The iOS app can communicate with the MQTT broker successfully when on either network type, but if I go from WiFi to LTE, I need to kill the app (swipe up) and restart it for it to connect successfully. I'm seeing this on two different iPhones (a 6 and an 8) both running iOS 12.1.

EDIT
Trying to recreate the problem at home, I turn WiFi on/off and watch mosquitto.log on the server.

• I can very rarely recreate the problem (peer did not return a certificate in server log). Perhaps this is because I have the iOS app in the foreground in order to manually trigger the updates, while the app when backgrounded behaves differently with respect to its connection with the server.

• Turning WiFi on and off, I was eventually able to get into a state -- with WiFI off -- where the iOS app reported connecting in its Status for a long time (> 1minute) after the server log included a Client <unknown> has exceeded timeout, disconnecting. The iOS app eventually reported an error 9806 in Status. I entered the Settings screen and then backed out; the app immediately connected to the server.

This is a different error code, so not precisely the same problem, but perhaps reflective of some corner case in the server connection logic. In any case, it does seem like retrying the server connection some number of times or at some time interval could be worthwhile.

[acowley]

I was able to build the current git master version of the app, and unfortunately experienced the same error message that doesn't clear up until I manually tap on Settings and then immediately go back. Since I've had trouble reproducing the error while sitting at a desk, it seems likely that it is associated with background processing. I can try working on the bug now that I can load fresh builds onto a device, and I'd be receptive to any specific suggestions for changes to try.

[ckrey]

I didn't get a response from you @squeepip

[ckrey]

The next iOS version >= 12.0.2 will include the tentative fix

[ckrey]

version >= 12.0.2