search

keepassxreboot / keepassxc-browser

KeePassXC Browser Extension
GNU General Public License v3.0
1.78k stars 188 forks source link

IP address in URL field breaks connection to database, Firefox restart required #1778

Open mitohund opened 2 years ago

mitohund commented 2 years ago

Expected Behavior

I selfhost various services that I access via their IP addresses & ports, e.g. 192.168.1.50:1234. I just switched to KeePassXC on Debian Linux from KeePass on Windows, where IP addresses worked flawlessly.

Current Behavior

I see some regularities, but not entirely. If the URL field contains an IP address including https:// prefix, then this always leads to a broken connection. -> tl;dr: https://192.168.1.50:1234 never seems to work

If it's just the IP address including port, this works most of the time (even though it still leads to an https connection), but not always. Selfhosted Portainer and Adguard Home work fine, Nginx Proxy Manager does not. -> tl;dr: 192.168.1.50:1234 works with some services

Possible Solution

Steps to Reproduce (for bugs)

  1. Make sure, the URL field in KeePassXC contains something like https://192.168.1.50:1234 (which obviously needs to point to something, for instance selfhosted Nginx Proxy Manager)
  2. "KeePassXC-Browser has encountered an error: Cannot connect to KeePassXC. Check that browser integration is enabled in KeePassXC settings. "
  3. Click on "Reload".
  4. "KeePassXC-Browser has encountered an error: Key exchange was not successful. "
  5. It's impossible to reestablish connection to the database until Firefox is restarted.

Debug info

KeePassXC - 2.7.3 KeePassXC-Browser - 1.8.3.1 Operating system: Debian Linux Unstable / Sid Browser: Firefox

varjolintu commented 2 years ago

Update to KeePassXC 2.7.4 and try again.

mitohund commented 2 years ago

With 2.7.4 the situation is slightly better, but not solved: KeePassXC-Browser still does not offer login details, but at least the connection to KeePassXC does not seem to be broken anymore (I can still log into other website without having to restart Firefox).

droidmonkey commented 2 years ago

Make sure your urls are correct with the right port numbers. You might also need to define custom fields through the extension.

mitohund commented 1 year ago

All URLs/IPs and port numbers were correct. I also defined custom fields. Still didn't work. I ended up setting up URLs (subdomain.domain.tld) for all my self-hosted services and only exposed them within my private network. KeePassXC works fine now. The underlying issue however is not resolved.

varjolintu commented 1 year ago

I could not reproduce this. I used a local Python HTTP and HTTPS server. With HTTP the URL was http://127.0.0.1:8000 and the credentials worked normally. Same with the HTTPS server with URL https://127.0.0.1:8443.

cjaone commented 10 hours ago

Maybe it helps, maybe not related but I just tried with a connection to the local IP (without port suffix) of my "FritzBox" DSL router:

For me, if the URL entry in KeePass XC is ...

  1. ... just 192.168.2.1 then no credentials are offered -> fails
  2. ... https://192.168.2.1 then no credentials are offered -> fails
  3. ... http://192.168.2.1 then it works fine for me: the login credentials are offered -> works

@mitohund Is it possible that your site does not work with https but it does with http? I found out with (using your IP now): curl -I https://192.168.1.50:1234/ and curl -I http://192.168.1.50:1234/

(In my case the curl command successfully returned response 200 OK for HTTP but for HTTPS I got curl: (60) SSL certificate problem: self-signed certificate.)