search

gravitl / netmaker

Netmaker makes networks with WireGuard. Netmaker automates fast, secure, and distributed virtual networks.
https://netmaker.io
Other
9.5k stars 552 forks source link

[Bug]: netclient unable connect to mq server #1464

Closed czongxin closed 2 years ago

czongxin commented 2 years ago

Contact Details

hybgpx@163.com

What happened?

netclient was unable to connect to the MQ server because of a certificate problem。

i have see #1100 and #1186, but not resolved

Version

v0.14.6

What OS are you using?

Linux

Relevant log output

--- netclient
Aug 19 00:10:29 VM-32-13-ubuntu netclient[376475]: [netclient] 2022-08-19 00:10:29 started daemon for server  broker.domain.com
Aug 19 00:10:29 VM-32-13-ubuntu netclient[376475]: [netclient] 2022-08-19 00:10:29 netclient daemon started for server:  broker.domain.com
Aug 19 00:10:59 VM-32-13-ubuntu netclient[376475]: [netclient] 2022-08-19 00:10:59 unable to connect to broker, retrying ...
Aug 19 00:11:00 VM-32-13-ubuntu netclient[376475]: Ping tcp://broker.domain.com:443(ip:443) - Connected - time=4.732861ms
Aug 19 00:11:01 VM-32-13-ubuntu netclient[376475]: Ping tcp://broker.domain.com:443(ip:443) - Connected - time=4.634077ms
Aug 19 00:11:02 VM-32-13-ubuntu netclient[376475]: Ping tcp://broker.domain.com:443(ip:443) - Connected - time=3.616715ms
Aug 19 00:11:03 VM-32-13-ubuntu netclient[376475]: [netclient] 2022-08-19 00:11:03 could not connect to broker broker.domain.com connect timeout
Aug 19 00:11:03 VM-32-13-ubuntu netclient[376475]: [netclient] 2022-08-19 00:11:03 connection issue detected.. attempt connection with new certs and broker infor>

------ mq

1660839139: New connection from 172.22.0.3:35410 on port 8883.
1660839139: OpenSSL Error[0]: error:14094412:SSL routines:ssl3_read_bytes:sslv3 alert bad certificate
1660839139: Client <unknown> disconnected: Protocol error.
1660839143: New connection from 172.22.0.3:35412 on port 8883.
1660839143: OpenSSL Error[0]: error:14094412:SSL routines:ssl3_read_bytes:sslv3 alert bad certificate
1660839143: Client <unknown> disconnected: Protocol error.
1660839147: New connection from 172.22.0.3:35414 on port 8883.
1660839147: OpenSSL Error[0]: error:14094412:SSL routines:ssl3_read_bytes:sslv3 alert bad certificate
1660839147: Client <unknown> disconnected: Protocol error.
1660839151: New connection from 172.22.0.3:35416 on port 8883.
1660839151: OpenSSL Error[0]: error:14094412:SSL routines:ssl3_read_bytes:sslv3 alert bad certificate
1660839151: Client <unknown> disconnected: Protocol error.

Contributing guidelines

Amansinghtech commented 2 years ago

I am having the same issue right now. It took my entire day and i am still stuck with this issue here.

mattkasun commented 2 years ago

Have your tried the MQ troubleshooting steps described at this gist

czongxin commented 2 years ago

I use this gist, netclient now is ok, but mq always has error:

1660872933: New connection from 172.22.0.3:53806 on port 8883. 1660872933: OpenSSL Error[0]: error:14094412:SSL routines:ssl3_read_bytes:sslv3 alert bad certificate 1660872933: Client disconnected: Protocol error. 1660872937: New connection from 172.22.0.3:53808 on port 8883. 1660872937: OpenSSL Error[0]: error:14094412:SSL routines:ssl3_read_bytes:sslv3 alert bad certificate 1660872937: Client disconnected: Protocol error. 1660872941: New connection from 172.22.0.3:53810 on port 8883. 1660872941: OpenSSL Error[0]: error:14094412:SSL routines:ssl3_read_bytes:sslv3 alert bad certificate 1660872941: Client disconnected: Protocol error.

Amansinghtech commented 2 years ago

i tried to troubleshoot with the given methods, but client connecting and disconnecting it seems. i my case i added - traefik.http.routers.mqtt_websocket.rule=Host(broker.nekione.com) this label under mq service in docker-compose.yaml. SSL issue is fixed but there is some new issue i just found

1660886129: New connection from 172.18.0.5:60496 on port 1883. 1660886129: New client connected from 172.18.0.5:60496 as ljMEzgtfruS1kcP0Pd5qUa1 (p2, c1, k60). 1660886129: Client ljMEzgtfruS1kcP0Pd5qUa1 disconnected. 1660886130: New connection from 172.18.0.5:60498 on port 1883. 1660886130: New client connected from 172.18.0.5:60498 as ss0yPHvelGS1kdcwHp6Xb3x (p2, c1, k60). 1660886358: New connection from 172.18.0.5:60504 on port 1883. 1660886358: New client connected from 172.18.0.5:60504 as 1eL7mR5dtMoHpEplm35Qp4J (p2, c1, k60). 1660886358: Client 1eL7mR5dtMoHpEplm35Qp4J disconnected. 1660886848: New connection from 172.18.0.5:60510 on port 1883. 1660886848: New client connected from 172.18.0.5:60510 as UtD7zspemCPUwI0OGEdd1Lx (p2, c1, k60). 1660886848: Client UtD7zspemCPUwI0OGEdd1Lx disconnected. 1660886854: New connection from 172.18.0.5:60512 on port 1883. 1660886854: New client connected from 172.18.0.5:60512 as sYsqzuqHP9B3OyLOfi1LcZg (p2, c1, k60). 1660886854: Client sYsqzuqHP9B3OyLOfi1LcZg disconnected.

mattkasun commented 2 years ago

@Amansinghtech those mq logs are expected in a functional setup

afeiszli commented 2 years ago

Are you still experiencing this issue?

czongxin commented 2 years ago

Are you still experiencing this issue?

has fix

arnonh commented 2 years ago

@Amansinghtech have you managed to get the mqtt working through websocket?

Amansinghtech commented 2 years ago

@Amansinghtech have you managed to get the mqtt working through websocket?

No i didn't, i just used an older version of netmaker and it worked for me, also the new release 15.0 is also working great when i last tested.

Exchizz commented 2 years ago

i tried to troubleshoot with the given methods, but client connecting and disconnecting it seems. i my case i added - traefik.http.routers.mqtt_websocket.rule=Host(broker.nekione.com) this label under mq service in docker-compose.yaml. SSL issue is fixed but there is some new issue i just found

1660886129: New connection from 172.18.0.5:60496 on port 1883. 1660886129: New client connected from 172.18.0.5:60496 as ljMEzgtfruS1kcP0Pd5qUa1 (p2, c1, k60). 1660886129: Client ljMEzgtfruS1kcP0Pd5qUa1 disconnected. 1660886130: New connection from 172.18.0.5:60498 on port 1883. 1660886130: New client connected from 172.18.0.5:60498 as ss0yPHvelGS1kdcwHp6Xb3x (p2, c1, k60). 1660886358: New connection from 172.18.0.5:60504 on port 1883. 1660886358: New client connected from 172.18.0.5:60504 as 1eL7mR5dtMoHpEplm35Qp4J (p2, c1, k60). 1660886358: Client 1eL7mR5dtMoHpEplm35Qp4J disconnected. 1660886848: New connection from 172.18.0.5:60510 on port 1883. 1660886848: New client connected from 172.18.0.5:60510 as UtD7zspemCPUwI0OGEdd1Lx (p2, c1, k60). 1660886848: Client UtD7zspemCPUwI0OGEdd1Lx disconnected. 1660886854: New connection from 172.18.0.5:60512 on port 1883. 1660886854: New client connected from 172.18.0.5:60512 as sYsqzuqHP9B3OyLOfi1LcZg (p2, c1, k60). 1660886854: Client sYsqzuqHP9B3OyLOfi1LcZg disconnected.

I had to add that label as well.. Thanks for sharing !