External Access not working

[jpma89]

Hi folks,

my external is not working and always resets to OFF when I switch it ON after refreshing the settings page. At http://syncloud.it/user.html is also says: "External Address: Not provided".

Current system version: 962 Current installer version: 79

Thanks, JP

[cyberb]

Could you send us logs?

[jpma89]

Sure, just did so using the "Send logs" button. Please let me know in case you need any additional info.

[taschenlampe]

Hi! I am not a dev but maybe this here helps: Concerning the email notification please check this /opt/data/platform/user_platform.cfg is your email set there? I had a similar issue see here 213. External access make sure that you opened the correct ports (80/443) and that your router allows UPnP. See issue 226

[cyberb]

@jpma89 logs show you have no UPnP enabled on your router, did you change anything?

2016-12-31 09:11:10,398 - check_mapper - WARNING - NatPmpPortMapper mapper failed, message: NATPMPUnsupportedError(-11, 'The gateway does not support NAT-PMP'), {}
2016-12-31 09:11:10,399 - UpnpClient - INFO - initializing upnp
2016-12-31 09:11:15,048 - check_mapper - WARNING - UpnpPortMapper mapper failed, message: Exception('No UPnP device discovered',), {}
2016-12-31 09:11:15,049 - check_mapper - ERROR - None of mappers are working
2016-12-31 09:11:15,049 - Device - ERROR - Will not change access mode. Was not able to get working port drill.

[cyberb]

Is this still an issue?

[jpma89]

Unfortunately yes.

In the meantime my ISP replaced my router and changed my connection to IPv6 (DS Lite) which nowadays is common practise for cable ISPs at least in Germany.

Result is that I don't have an external IPv4 address anymore and my router does not (need to) support port forwarding.

When I try to active external access in Syncloud, I receive the following logs:

/opt/data/platform/log/platform.log:

2017-02-14 20:09:02,479 - SamStub - INFO - cmd: /opt/app/sam/bin/sam update
2017-02-14 20:09:02,935 - lsblk - INFO - parsing line: NAME="/dev/sda" SIZE="1.8T" TYPE="disk" MOUNTPOINT="" PARTTYPE="" FSTYPE="" MODEL="External USB 3.0"
2017-02-14 20:09:02,937 - lsblk - INFO - adding disk: External USB 3.0
2017-02-14 20:09:02,937 - lsblk - INFO - parsing line: NAME="/dev/sda1" SIZE="1.8T" TYPE="part" MOUNTPOINT="" PARTTYPE="0x83" FSTYPE="ext4" MODEL=""
2017-02-14 20:09:02,939 - lsblk - INFO - parsing line: NAME="/dev/mmcblk0" SIZE="3.7G" TYPE="disk" MOUNTPOINT="" PARTTYPE="" FSTYPE="" MODEL=""
2017-02-14 20:09:02,939 - lsblk - INFO - adding disk:
2017-02-14 20:09:02,940 - lsblk - INFO - parsing line: NAME="/dev/mmcblk0p1" SIZE="128M" TYPE="part" MOUNTPOINT="" PARTTYPE="0xc" FSTYPE="vfat" MODEL=""
2017-02-14 20:09:02,941 - lsblk - INFO - parsing line: NAME="/dev/mmcblk0p2" SIZE="2G" TYPE="part" MOUNTPOINT="/" PARTTYPE="0x83" FSTYPE="ext4" MODEL=""
2017-02-14 20:09:05,940 - SamStub - INFO - cmd: /opt/app/sam/bin/sam list
2017-02-14 20:09:06,214 - insider_port_config - INFO - getting port mapping for local_port=80: None
2017-02-14 20:09:06,219 - insider_port_config - INFO - getting port mapping for local_port=80: None
2017-02-14 20:09:06,224 - insider_port_config - INFO - getting port mapping for local_port=80: None
2017-02-14 20:09:06,229 - insider_port_config - INFO - getting port mapping for local_port=80: None
2017-02-14 20:09:06,233 - insider_port_config - INFO - getting port mapping for local_port=80: None
2017-02-14 20:09:06,237 - insider_port_config - INFO - getting port mapping for local_port=80: None
2017-02-14 20:09:06,242 - insider_port_config - INFO - getting port mapping for local_port=80: None
2017-02-14 20:10:02,559 - PlatformUserConfig - INFO - port_drilling_enabled = True
2017-02-14 20:10:02,590 - check_mapper - WARNING - NatPmpPortMapper mapper failed, message: NATPMPResultError(3, 'There was a network failure.  The gateway may not have an IP address.', <syncloud_platform.insider.NATPMP.PublicAddressResponse object at 0xb5ba5070>), {}
2017-02-14 20:10:02,591 - UpnpClient - INFO - initializing upnp
2017-02-14 20:10:03,624 - UpnpClient - INFO - ip: 0.0.0.0
2017-02-14 20:10:03,625 - check_mapper - WARNING - UpnpPortMapper mapper is working, returned external ip: 0.0.0.0
2017-02-14 20:10:03,641 - insider_port_config - INFO - getting port mapping for local_port=80: None
2017-02-14 20:10:03,669 - UpnpClient - INFO - ip: 0.0.0.0
2017-02-14 20:10:03,671 - RedirectService - WARNING - External ip is not public
2017-02-14 20:10:03,672 - RedirectService - WARNING - Will try server side client ip detection
2017-02-14 20:10:03,675 - RedirectService - INFO - request: {"web_port": null, "local_ip": "192.168.0.129", "platform_version": "962", "token": "64a466bbf0a941a1a327e9ab42397b50", "web_local_port": 80, "web_protocol": "http", "map_local_address": false}

Is this the expected behaviour with IPv6?

[jpma89]

Commerical NAS providers offer special services to support IPv6 (e.g. Synology QuickConnect). Would it make sense to raise a feature request at Syncloud for such kind of functionality?

Thanks, JP

[jpma89]

Logs when activating external access with system version 1267 (VBox image):

/opt/data/platform/log/platform.log:

2017-02-14 20:47:19,328 - Device - INFO - set_access: protocol=https, external_access=True
2017-02-14 20:47:19,329 - tls - INFO - running certbot
2017-02-14 20:47:19,329 - certbot - INFO - running certbot
2017-02-14 20:47:19,329 - SamStub - INFO - cmd: /opt/app/sam/bin/sam list
2017-02-14 20:47:20,086 - certbot - WARNING - Missing command line flag or config entry for this setting:
Please choose an account
Choices: ['localhost@2017-02-12T13:18:45Z (0346)', 'localhost@2017-02-12T13:18:02Z (f146)', 'localhost@2017-02-12T13:19:40Z (5813)']
2017-02-14 20:47:20,086 - tls - WARNING - unable to generate real certificate: Command '/opt/app/platform/bin/certbot --logs-dir=/opt/data/platform/log --config-dir=/opt/data/platform/certbot --agree-tos --email paddy_klein@web.de certonly  --webroot --webroot-path /opt/app/platform/www/public/_site -d jpvbox2.syncloud.it -d files.jpvbox2.syncloud.it -d mail.jpvbox2.syncloud.it -d diaspora.jpvbox2.syncloud.it -d nextcloud.jpvbox2.syncloud.it -d owncloud.jpvbox2.syncloud.it -d sam.jpvbox2.syncloud.it -d platform.jpvbox2.syncloud.it ' returned non-zero exit status 1
2017-02-14 20:47:20,086 - tls - WARNING - Missing command line flag or config entry for this setting:
Please choose an account
Choices: ['localhost@2017-02-12T13:18:45Z (0346)', 'localhost@2017-02-12T13:18:02Z (f146)', 'localhost@2017-02-12T13:19:40Z (5813)']
2017-02-14 20:47:20,087 - PlatformUserConfig - INFO - port_drilling_enabled = True
2017-02-14 20:47:20,102 - check_mapper - WARNING - NatPmpPortMapper mapper failed, message: NATPMPResultError(3, 'There was a network failure.  The gateway may not have an IP address.', <syncloud_platform.insider.NATPMP.PublicAddressResponse object at 0x7f5ba2aadd90>), {}
2017-02-14 20:47:20,103 - UpnpClient - INFO - initializing upnp
2017-02-14 20:47:21,154 - UpnpClient - INFO - ip: 0.0.0.0
2017-02-14 20:47:21,155 - check_mapper - WARNING - UpnpPortMapper mapper is working, returned external ip: 0.0.0.0
2017-02-14 20:47:21,156 - insider_port_config - INFO - getting port mapping for local_port=443: None
2017-02-14 20:47:21,157 - PortDrill - INFO - Sync one mapping: 443
2017-02-14 20:47:21,157 - PortDrill - INFO - Trying 443
2017-02-14 20:47:21,198 - UpnpPortMapper - INFO - existing router mappings for 443: []
2017-02-14 20:47:21,250 - UpnpPortMapper - INFO - mapping 443->443 (external->local)
2017-02-14 20:47:21,401 - UpnpPortMapper - INFO - ports after mapping [443]
2017-02-14 20:47:21,402 - PortProber - INFO - probing 443
2017-02-14 20:47:22,868 - PortProber - INFO - response status_code: 404
2017-02-14 20:47:22,869 - PortProber - INFO - response text: Port is not reachable
2017-02-14 20:47:22,869 - UpnpClient - INFO - removing 443 port mapping
2017-02-14 20:47:22,943 - PortDrill - INFO - Trying 10000
2017-02-14 20:47:22,997 - UpnpPortMapper - INFO - existing router mappings for 443: []
2017-02-14 20:47:23,060 - UpnpPortMapper - INFO - mapping 10000->443 (external->local)
2017-02-14 20:47:23,200 - UpnpPortMapper - INFO - ports after mapping [10000]
2017-02-14 20:47:23,200 - PortProber - INFO - probing 10000
2017-02-14 20:47:24,643 - PortProber - INFO - response status_code: 404
2017-02-14 20:47:24,643 - PortProber - INFO - response text: Port is not reachable
2017-02-14 20:47:24,644 - UpnpClient - INFO - removing 10000 port mapping
2017-02-14 20:47:24,723 - PortDrill - INFO - Trying 10001
2017-02-14 20:47:24,767 - UpnpPortMapper - INFO - existing router mappings for 443: []
2017-02-14 20:47:24,818 - UpnpPortMapper - INFO - mapping 10001->443 (external->local)
2017-02-14 20:47:24,959 - UpnpPortMapper - INFO - ports after mapping [10001]
2017-02-14 20:47:24,960 - PortProber - INFO - probing 10001
2017-02-14 20:47:26,416 - PortProber - INFO - response status_code: 404
2017-02-14 20:47:26,416 - PortProber - INFO - response text: Port is not reachable
2017-02-14 20:47:26,417 - UpnpClient - INFO - removing 10001 port mapping
2017-02-14 20:47:26,600 - PortDrill - INFO - Trying 10002
2017-02-14 20:47:26,653 - UpnpPortMapper - INFO - existing router mappings for 443: []
2017-02-14 20:47:26,703 - UpnpPortMapper - INFO - mapping 10002->443 (external->local)
2017-02-14 20:47:26,841 - UpnpPortMapper - INFO - ports after mapping [10002]
2017-02-14 20:47:26,842 - PortProber - INFO - probing 10002
2017-02-14 20:47:28,286 - PortProber - INFO - response status_code: 404
2017-02-14 20:47:28,287 - PortProber - INFO - response text: Port is not reachable
2017-02-14 20:47:28,287 - UpnpClient - INFO - removing 10002 port mapping
2017-02-14 20:47:28,563 - PortDrill - INFO - Trying 10003
2017-02-14 20:47:28,605 - UpnpPortMapper - INFO - existing router mappings for 443: []
2017-02-14 20:47:28,663 - UpnpPortMapper - INFO - mapping 10003->443 (external->local)
2017-02-14 20:47:28,808 - UpnpPortMapper - INFO - ports after mapping [10003]
2017-02-14 20:47:28,808 - PortProber - INFO - probing 10003
2017-02-14 20:47:30,266 - PortProber - INFO - response status_code: 404
2017-02-14 20:47:30,266 - PortProber - INFO - response text: Port is not reachable
2017-02-14 20:47:30,267 - UpnpClient - INFO - removing 10003 port mapping
2017-02-14 20:47:30,348 - PortDrill - INFO - Trying 10004
2017-02-14 20:47:30,561 - UpnpPortMapper - INFO - existing router mappings for 443: []
2017-02-14 20:47:30,632 - UpnpPortMapper - INFO - mapping 10004->443 (external->local)
2017-02-14 20:47:30,765 - UpnpPortMapper - INFO - ports after mapping [10004]
2017-02-14 20:47:30,765 - PortProber - INFO - probing 10004
2017-02-14 20:47:32,204 - PortProber - INFO - response status_code: 404
2017-02-14 20:47:32,204 - PortProber - INFO - response text: Port is not reachable
2017-02-14 20:47:32,204 - UpnpClient - INFO - removing 10004 port mapping
2017-02-14 20:47:32,274 - PortDrill - INFO - Trying 10005
2017-02-14 20:47:32,321 - UpnpPortMapper - INFO - existing router mappings for 443: []
2017-02-14 20:47:32,378 - UpnpPortMapper - INFO - mapping 10005->443 (external->local)
2017-02-14 20:47:32,548 - UpnpPortMapper - INFO - ports after mapping [10005]
2017-02-14 20:47:32,549 - PortProber - INFO - probing 10005
2017-02-14 20:47:34,002 - PortProber - INFO - response status_code: 404
2017-02-14 20:47:34,003 - PortProber - INFO - response text: Port is not reachable
2017-02-14 20:47:34,004 - UpnpClient - INFO - removing 10005 port mapping
2017-02-14 20:47:34,079 - PortDrill - INFO - Trying 10006
2017-02-14 20:47:34,128 - UpnpPortMapper - INFO - existing router mappings for 443: []
2017-02-14 20:47:34,181 - UpnpPortMapper - INFO - mapping 10006->443 (external->local)
2017-02-14 20:47:34,332 - UpnpPortMapper - INFO - ports after mapping [10006]
2017-02-14 20:47:34,333 - PortProber - INFO - probing 10006
2017-02-14 20:47:35,785 - PortProber - INFO - response status_code: 404
2017-02-14 20:47:35,787 - PortProber - INFO - response text: Port is not reachable
2017-02-14 20:47:35,789 - UpnpClient - INFO - removing 10006 port mapping
2017-02-14 20:47:35,864 - PortDrill - INFO - Trying 10007
2017-02-14 20:47:35,920 - UpnpPortMapper - INFO - existing router mappings for 443: []
2017-02-14 20:47:35,982 - UpnpPortMapper - INFO - mapping 10007->443 (external->local)
2017-02-14 20:47:36,120 - UpnpPortMapper - INFO - ports after mapping [10007]
2017-02-14 20:47:36,121 - PortProber - INFO - probing 10007
2017-02-14 20:47:37,575 - PortProber - INFO - response status_code: 404
2017-02-14 20:47:37,577 - PortProber - INFO - response text: Port is not reachable
2017-02-14 20:47:37,578 - UpnpClient - INFO - removing 10007 port mapping
2017-02-14 20:47:37,650 - Device - ERROR - Unable to add new port 443: Unable to add mapping, tried 10 times
2017-02-14 20:47:37,650 - insider_port_config - INFO - getting port mapping for local_port=443: None
2017-02-14 20:47:37,670 - UpnpClient - INFO - ip: 0.0.0.0
2017-02-14 20:47:37,671 - RedirectService - WARNING - External ip is not public
2017-02-14 20:47:37,671 - RedirectService - WARNING - Will try server side client ip detection
2017-02-14 20:47:37,672 - RedirectService - INFO - request: {"web_port": null, "local_ip": "192.168.0.241", "platform_version": "1267", "token": "4475cfc5152c4e1faccffe70a108e218", "web_local_port": 443, "web_protocol": "https", "map_local_address": false}
2017-02-14 20:47:38,681 - SamStub - INFO - cmd: /opt/app/sam/bin/sam list
2017-02-14 20:47:38,776 - insider_port_config - INFO - getting port mapping for local_port=443: None
2017-02-14 20:47:38,777 - insider_port_config - INFO - getting port mapping for local_port=443: None
2017-02-14 20:47:38,778 - insider_port_config - INFO - getting port mapping for local_port=443: None
2017-02-14 20:47:38,780 - insider_port_config - INFO - getting port mapping for local_port=443: None
2017-02-14 20:47:38,781 - insider_port_config - INFO - getting port mapping for local_port=443: None
2017-02-14 20:47:38,782 - insider_port_config - INFO - getting port mapping for local_port=443: None
2017-02-14 20:47:38,783 - insider_port_config - INFO - getting port mapping for local_port=443: None
2017-02-14 20:47:38,783 - events - INFO - /opt/app/platform/bin/on_domain_change.py not found
2017-02-14 20:47:38,784 - events - INFO - /opt/app/sam/bin/on_domain_change.py not found

[cyberb]

Yes let's use separate IPv6 issue, I will be happy to understand how we can support it.

[coffeehabit]

I'd like to see more specific instructions for opening up the firewall to allow external access securely. I use a commercial router at home, and it seems opening up port 443 destined for the device from WAN isn't enough.

edit: In Wireshark, I'm seeing External Address Requests from my VM's IP to its gateway, destined for port 5351. I can see what happens when I allow this port to be opened from LAN to Local Management, chances are it's a one-time thing only. I would really, really like to have an option for non-PNP based access.

[cyberb]

@coffeeforcoffins I guess you are using apple router and nat-pmp is not enabled (https://en.m.wikipedia.org/wiki/NAT_Port_Mapping_Protocol) Please follow this issue https://github.com/syncloud/platform/issues/199 as we will start working on it soon.

@jpma89 Please follow this issue (https://github.com/syncloud/platform/issues/37) for ipv6 and add more details if you want or send us email so we could debug your case.

[cyberb]

Closing this one as we have two specific issues to track. Reopen if you feel they are not covering this problem.

[zhangzhengedu]

Syncloud is unable to open external access. My router is ASUS ac88u, which has opened UPnP.

顺便所以下，外部访问，在旧版本中是可以正常工作的

[cyberb]

Do you have public IP on your router? It should tell you what IP it tries to probe from outside. Are they the same? Do you have IPv6 address assigned to your device? You need to send us logs (Settings page) so we can see what exactly is happening and we can give you more advices in private. Do not share your IP addresses here, use support at syncloud dot it

[OnurUc]

Could you help me out with my external issues too? I have sent the error logs but didn't get an answer yet.

I have the Syncloud RPi and installed Nextcloud on it.

UPnP is turned on. Ports 80 and 443 are open and I inserted the open IP but it does not work.

Please let me know what I should do.

[cyberb]

If UPnP is working you do not need to open ports and specify IP. It is only needed when UPnP is not working or cannot get you default ports.