gotthardp / lorawan-server

Compact server for private LoRaWAN networks
https://gotthardp.github.io/lorawan-server
MIT License
956 stars 329 forks source link

Firewall Issues with port 8883 #514

Open Tamburasca opened 6 years ago

Tamburasca commented 6 years ago

This is not a bug report, it is a wish:

in order to circumvent FW issues with port 8883, would it also be possible to utilize MQTT with TLS client authentication on port 443 (ALPN), see also AWS's site on https://aws.amazon.com/de/blogs/iot/mqtt-with-tls-client-authentication-on-port-443-why-it-is-useful-and-how-it-works/

I'd be delighted on your reply. Thanx, Ralf A.

gotthardp commented 6 years ago

Hello. You can switch to 443 in the configuration. The ALPN is also supported.

The request for MQTT is a duplication of https://github.com/gotthardp/lorawan-server/issues/459.

Tamburasca commented 6 years ago

Hi Petr,

 

besides definining the environmental variables for the proxies in lorawan-server.service what needs to be done if the lorawan server can talk to the AWS IoT endpoint only over a proxy config? Thanks for your assistance.

 

Thanks, Ralf A.

 

Gesendet: Sonntag, 28. Oktober 2018 um 08:35 Uhr Von: "Petr Gotthard" notifications@github.com An: gotthardp/lorawan-server lorawan-server@noreply.github.com Cc: Tamburasca ralf.timmermann@gmx.de, Author author@noreply.github.com Betreff: Re: [gotthardp/lorawan-server] Firewall Issues with port 8883 (#514)

Hello. You can switch to 443 in the configuration. The ALPN is also supported.

The request for MQTT is a duplication of #459.

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub, or mute the thread.

gotthardp commented 6 years ago

Forgive me my ignorance, please, but what proxies and proxy config do you mean? There is no such functionality in this server.

Tamburasca commented 6 years ago

Hi Petr,

 

most likely did I not specify my problem in its entire detail.

 

The lorawan server is located on an EC2 instance in an AWS VPC with a firewall blocking it from the internet - being only openend to the corporate network. Hence, I cannot connect to the IoT, as there is also no endpoint service for IoT available by AWS.  However, we've got a proxy (port 80, 443, 8883) that can be used to get to the outside world. Can I utilize that proxy from the lorawan server such that I can connect to the AWS IoT endpoint? Thanks for your assistance and patience.

 

Best regards, Ralf A.  

Gesendet: Dienstag, 30. Oktober 2018 um 08:15 Uhr Von: "Petr Gotthard" notifications@github.com An: gotthardp/lorawan-server lorawan-server@noreply.github.com Cc: Tamburasca ralf.timmermann@gmx.de, Author author@noreply.github.com Betreff: Re: [gotthardp/lorawan-server] Firewall Issues with port 8883 (#514)

Forgive me my ignorance, please, but what proxies and proxy config do you mean? There is no such functionality in this server.

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub, or mute the thread.

gotthardp commented 6 years ago

Do you need to specify the proxy address or is it automatically intercepting the traffic? I assume you need to configure the proxy address somewhere, right?

Tamburasca commented 6 years ago

Do you need to specify the proxy address or is it automatically intercepting the traffic? I assume you need to configure the proxy address somewhere, right?

 

Yes, you are right, I need to specify the proxy address to the lorawan server somewhere in supplementary to the environment variables

Environment=http_proxy=http://proxy.aws.cnb:8080 Environment=https_proxy=http://proxy.aws.cnb:8080

in lorawan-server.service

 

The proxy does not seem to automatically intercepting the traffice. If it were the case I would see output from tcpdump host proxy.aws.cnb,

but it does not.

 

Your assistance is greatly appreciated. Ralf A.

 

 

 

Gesendet: Dienstag, 30. Oktober 2018 um 09:01 Uhr Von: "Petr Gotthard" notifications@github.com An: gotthardp/lorawan-server lorawan-server@noreply.github.com Cc: Tamburasca ralf.timmermann@gmx.de, Author author@noreply.github.com Betreff: Re: [gotthardp/lorawan-server] Firewall Issues with port 8883 (#514)

Do you need to specify the proxy address or is it automatically intercepting the traffic? I assume you need to configure the proxy address somewhere, right?

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub, or mute the thread.

gotthardp commented 6 years ago

I see. And what protocol do you (want to) use when connecting to AWS IoT? HTTP or MQTT? Do you have to use MQTT, or could you use HTTP? https://docs.aws.amazon.com/iot/latest/developerguide/protocols.html

Tamburasca commented 6 years ago

 

Presently, our admins opened ports 80, 443, and 8883 with the proxy (Squid). To be on the safe side 80 and 443 are granted anyway. 8883 was opened on my request. 

   

Gesendet: Dienstag, 30. Oktober 2018 um 11:54 Uhr Von: "Petr Gotthard" notifications@github.com An: gotthardp/lorawan-server lorawan-server@noreply.github.com Cc: Tamburasca ralf.timmermann@gmx.de, Author author@noreply.github.com Betreff: Re: [gotthardp/lorawan-server] Firewall Issues with port 8883 (#514)

I see. And what protocol do you (want to) use when connecting to AWS IoT? HTTP or MQTT? Do you have to use MQTT, or could you use HTTP? https://docs.aws.amazon.com/iot/latest/developerguide/protocols.html

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub, or mute the thread.

gotthardp commented 6 years ago

But which protocol you want to use? HTTP or MQTT?

Tamburasca commented 6 years ago

MQTT  

Gesendet: Dienstag, 30. Oktober 2018 um 14:27 Uhr Von: "Petr Gotthard" notifications@github.com An: gotthardp/lorawan-server lorawan-server@noreply.github.com Cc: Tamburasca ralf.timmermann@gmx.de, Author author@noreply.github.com Betreff: Re: [gotthardp/lorawan-server] Firewall Issues with port 8883 (#514)

But which protocol you want to use? HTTP or MQTT?

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub, or mute the thread.

gotthardp commented 6 years ago

I am afraid the library I am using does not support proxy. https://stackoverflow.com/questions/46592826/is-it-possible-to-configure-emqttc-to-use-proxy-information