400: bad request, with web relay DNS to router (PC RDP ok.) URL translate issue?

[siliconhippy]

Describe the bug

I get 400: bad request when trying to connect to a local network router via a meshagent device.

1. My meshagent device works fine with a jellyfin server dashboard ( DietPi port is 8097 here), access via Router.

2.The 'systemctl status meshcentral' tells me that the relay is running on 'relay.mobicloudtv.com', in LAN+WAN hybrid mode:

root@ip-172-26-1-107:~# systemctl status meshcentral
● meshcentral.service - MeshCentral Server
     Loaded: loaded (/etc/systemd/system/meshcentral.service; enabled; vendor preset: enabled)
     Active: active (running) since Fri 2023-09-08 18:04:45 UTC; 14min ago
   Main PID: 373 (node)
      Tasks: 22 (limit: 2287)
     Memory: 379.9M
        CPU: 12.433s
     CGroup: /system.slice/meshcentral.service
             ├─373 /usr/bin/node /meshcentral/node_modules/meshcentral/meshcentral
             └─617 /usr/bin/node /meshcentral/node_modules/meshcentral/meshcentral --launch 373

Sep 08 18:04:45 ip-172-26-1-107 systemd[1]: Started MeshCentral Server.
Sep 08 18:04:53 ip-172-26-1-107 node[373]: MeshCentral HTTP redirection server running on port 80.
Sep 08 18:04:53 ip-172-26-1-107 node[373]: MeshCentral v1.1.10, Hybrid (LAN + WAN) mode, Production mode.
Sep 08 18:04:56 ip-172-26-1-107 node[373]: MeshCentral Intel(R) AMT server running on 54.157.28.223:4433.
Sep 08 18:04:56 ip-172-26-1-107 node[373]: MeshCentral HTTPS server running on 54.157.28.223:443.
Sep 08 18:04:56 ip-172-26-1-107 node[373]: MeshCentral HTTPS relay server running on relay.mobicloudtv.c>
lines 1-17/17 (END)

I set up meshentral server via the usual npm method from the meshcentral.com page download instructions.

My Google Domains has A record for the domain, and CNAME for relay.domain pointing to domain, configured a day ago.

I go to Router, click on the meshagent device (whose properties show the device IP and gateway, 10.10.5.100), and then do 'Add Relay map', then enter for router access '10.10.5.100' with port 80 for http. Then click open on the Relay map entry...

Your config.json file

{
"$schema": "https://raw.githubusercontent.com/Ylianst/MeshCentral/master/meshcentral-config-schema.jso>
"__comment1__": "This is a simple configuration file, all values and sections that start with undersco>
"__comment2__": "See node_modules/meshcentral/sample-config-advanced.json for a more advanced example.>
"settings": {
"cert": "54.157.28.223",
"_WANonly": true,
"_LANonly": true,
"_sessionKey": "MyReallySecretPassword1",
"port": 443,
"_aliasPort": 443,
"redirPort": 80,
"_redirAliasPort": 80,
"_RelayPort":453,
"RelayDNS": "relay.mobicloudtv.com",
"_WebRelay":{"DNS":true}, 
"MPS": false
},
"domains": {
"": {
"_title": "MyServer",
"_title2": "Servername",
"_minify": true,
"_newAccounts": true,
"_userNameIsEmail": true
}
},
"_letsencrypt": {
"__comment__": "Requires NodeJS 8.x or better, Go to https://letsdebug.net/ first before trying Let'>
"email": "myemail@mydomain.com",
"names": "myserver.mydomain.com",
"skipChallengeVerification": true,
"production": false
}
}

[si458]

what router device are your using? i think for example pfsense uses https 443 mainly but has http 80 to then forward the user to https 443

EDIT: just tried it here with one of our sites BT hub router,

1. right clicked clients device
2. add relay map
3. set ip oo the router ip into the remote ip field
4. give it a fancy name if you like (optional)
5. clicked ok
6. went into mappings
7. then clicked open next to the relay
8. opened firefox and the router no problems?

[siliconhippy]

Hmmm...maybe I should use Edge not Chrome, as soon as I get back? 😳

I have no SSL setup as you can see.

I am trying to remotely access a ZTE telco cobranded WiFi home DSL router.

So I am assuming my Meshcentral configuration is fine ...some problem with my Chrome browser given SSL cert self signed issues?

[si458]

Hmmm...maybe I should use Edge not Chrome, as soon as I get back? 😳

I have no SSL setup as you can see.

I am trying to remotely access a generic Xiaomi WiFi home router.

So I am assuming my Meshcentral configuration is fine ...some problem with my Chrome browser given SSL cert self signed issues?

how would you normally access the router if u was on the remote device in the web browser? http://IP or https://IP or do you do http://IP then it diverts to self-signed warning which means its diverting to https://IP

[siliconhippy]

I use http:// or port 80 for Xiaomi router access.

Anyway trying both http and https in Add Relay map makes no difference, in either Chrome or Edge browser.

With https in Chome, I get the usual 'unsafe' warning, but in all cases, the result is still 'http://localhost:random port' in browser window, and '400:Bad Request' on browser page.

So maybe I should try to access another device in this local nework later...

[si458]

thats weird because it works here fine, even using https, as the BT router offers a self-signed cert haha (im using meshcentralrouter)

i have a feeling the 400/Bad Request, is coming from your router! so it is infact working, its just your router doesnt like the relaying

i have a similar issue where i can relay a bt router using meshcentralrouter no problem (http) but if i create a relay group through the same computer in the web ui, then try relaying using the web browser, all the assets of the bt router dont load and just show an error 403 forbidden

can you do a screenrecord/pics when you have chance in case its something else?

[si458]

also the RelayDNS is only used for relaying http connects in your web browser, it has no affect on using meshcentralrouter

[siliconhippy]

Thanks for engaging .... 👻

1. There really isn't much screenshot worthy stuff here.

Meshcentral seems to be configured correctly; the Router works fine with the meshagent device in the local network with the Xiaomi router in question.

Meshagent device is a DietPi.com server mode PC running Jellyfin media server that is dashboard accessible on port 8097 from Meshcentral Router menu.

2. Also apologize - this local network router is actually a co branded ZTE home WiFi DSL router, with internet access via DSL.

Normally these routers have 192.168.0.1 gateway, but my friend changed it to another range, 10.10.5.100 so that the Xiaomi router sub net can have the 192.168.0.1 gateway address.

(The Xiaomi router is attached to it, forming a sub net.)

3. By the way I forgot to state I had exactly the same 400 problem with first setting up for RelayPort 453, even though I setup inbound/outbound port 453 open on my Windows PC accessing the AWS Lightsail Meshcentral server, Meshcentral server itself ( via Firewall inbound; AWS firewall is open outbound by default), and also the DietPi meshagent device ( via ufw allow (inbound) and confirmed the default all open outbound.) So I then moved over to RelayDNS assuming I had a port firewall problem with RelayPort setup !

4. *** One thought: my DietPi is in server mode and hence no GUI or browser installed: should this be a problem, as the web relay tries to log into the router via router web http interface? 😕 However http:8097 DietPi Jellyfin dashboard is accessible via Meshcentral Router...but then, Jellyfin runs its own webserver !

So maybe I need to set up x11/vnc forwarding on DietPi? Or install Chrome or desktop xfce as alternative on DietPi? ( Not very savvy here.)

5. I have asked my friend ( running this local network now) to set up testing a Windows PC in this local network....will keep you posted.

[siliconhippy]

I installed nginx webserver on my DietPI, 'apt install nginx.' Now when I go to Meshcentral > Router- >Add Relay Map, and input 127.0.0.1. I get the "Welcome to nginx, further config required' page.

But still the router access via hhtp 80, 10.10.5.100 gives the same 400 bad request result.

[si458]

I installed nginx webserver on my DietPI, 'apt install nginx.' Now when I go to Meshcentral > Router- >Add Relay Map, and input 127.0.0.1. I get the "Welcome to nginx, further config required' page.

But still the router access via hhtp 80, 10.10.5.100 gives the same 400 bad request result.

What about installing nginx on a different computer in the same network, then trying to relay to that pc? If it relays OK, then it's the router giving the 400 error, and there isn't anything you can do

[siliconhippy]

Simon,

Well, I was able to start a RDP session via Router Add Relay Map to a Windows PC in the same network !

So looks like something is screwed up with the DSL router...hopefully someone else might be able to help !

But thanks again for the guidance.

[si458]

@siliconhippy I'm guessing it will be doing something like it's checking the url, and as the url is localhost:12345 (example) rather than 192.168.1.254 then it's returning a bad request

I have a similar issue with ricoh printers, the Web ui doesn't work correctly with relaying, so I have to just use the remote pc and use its Web browser

[siliconhippy]

OK, so if this is a url translation problem, maybe someone has thought of a fix !

[siliconhippy]

I changed my DietPi/meshagent device location from behind ZTE router to behind a subnet Xiaomi router. This time, I got a '502: Bad gateway' error !

So I prompted Bard, and the gist is, that:

a. most home wifi routers are not allowed outside local network access to prevent hacking, and

b. the 'localhost: port' may not be acceptable to routers instead of the gateway e.g. 192.168.0.1 IP for (a) reason.

Thus the remedy is one or both of:

A. local network router needs firewall change to allow access from meshcentral server IP (domain),

B. the meshcentral config.json file needs this addition, for the particular local router gateway address and port:

{ "server": { "host": "localhost", "port": 8080 }, "router": { "ip": "192.168.0.1", "port": 80 } }

This looks complex, given the config.json entry above will need to change with every new local router (assuming 8080 is meshcentral local port.)

Maybe then, in absence of a better fix, I could just access a local device with browser via Router menu, then use the browser to access the local router !