PPPD connection stops working in some seconds after startup - raspbian

There is a Raspberry PI 3B+ device with SIM7000E GSM module attached via UART. The goal is to configure pppd to have Internet access from Raspberry PI.
Problem definition: PPPD with the configuration provided below successfully establishes connection to the mobile network, so Raspberry has the access to Internet and you can ping various domain names in Internet. However this connection works only 1-2 dozens of seconds and then Internet access gets unavailable. The connection still exists for some time regardless the Internet access gets unavailable.
The contents of /etc/ppp/peers/gprs file:
user "congstar"
password "cs"
connect "/usr/sbin/chat -v -f /etc/chatscripts/pap -T *99#"
# Serial device to which the modem is connected.
/dev/ttyAMA0
# Baudrate
115200
nocrtscts
debug
nodetach
ipcp-accept-local
ipcp-accept-remote
# Assumes that your IP address is allocated dynamically by the ISP.
noipdefault
# Try to get the name server addresses from the ISP.
usepeerdns
# Use this connection as the default route.
defaultroute
# Replaces the default route
replacedefaultroute
# Makes pppd "dial again" when the connection is lost.
persist
# Do not ask the remote to authenticate.
noauth
The contents of /etc/chatscripts/pap file:
#REPORT CONNECT
ABORT BUSY
ABORT VOICE
ABORT "NO CARRIER"
ABORT "NO DIALTONE"
ABORT "NO DIAL TONE"
"" ATZ
OK AT+CGDCONT=1,"IP","internet.telekom","0.0.0.0",0,0
OK ATDT\T
CONNECT ""
I run pppd process with the command:
pppd call gprs
and it gives the output below:
Script /usr/sbin/chat -v -f /etc/chatscripts/pap -T *99# finished (pid 466), status = 0x0
Serial connection established.
using channel 1
Using interface ppp0
Connect: ppp0 <--> /dev/ttyAMA0
sent [LCP ConfReq id=0x1 <asyncmap 0x0> <magic 0xfa266a86> <pcomp> <accomp>]
rcvd [LCP ConfReq id=0x0 <asyncmap 0x0> <auth chap MD5> <magic 0xd0837b0a> <pcomp> <accomp>]
sent [LCP ConfAck id=0x0 <asyncmap 0x0> <auth chap MD5> <magic 0xd0837b0a> <pcomp> <accomp>]
rcvd [LCP ConfAck id=0x1 <asyncmap 0x0> <magic 0xfa266a86> <pcomp> <accomp>]
sent [LCP EchoReq id=0x0 magic=0xfa266a86]
rcvd [LCP DiscReq id=0x1 magic=0xd0837b0a]
rcvd [CHAP Challenge id=0x1 <ed30b6a62ef9f9424e0827f63f5233c0>, name = "UMTS_CHAP_SRVR"]
sent [CHAP Response id=0x1 <e1b557afa30e21d98517993f053097de>, name = "congstar"]
rcvd [LCP EchoRep id=0x0 magic=0xd0837b0a fa 26 6a 86]
rcvd [CHAP Success id=0x1 ""]
CHAP authentication succeeded
CHAP authentication succeeded
sent [CCP ConfReq id=0x1 <deflate 15> <deflate(old#) 15> <bsd v1 15>]
sent [IPCP ConfReq id=0x1 <compress VJ 0f 01> <addr 0.0.0.0> <ms-dns1 0.0.0.0> <ms-dns2 0.0.0.0>]
rcvd [LCP ProtRej id=0x2 80 fd 01 01 00 0f 1a 04 78 00 18 04 78 00 15 03 2f]
Protocol-Reject for 'Compression Control Protocol' (0x80fd) received
rcvd [IPCP ConfReq id=0x0]
sent [IPCP ConfNak id=0x0 <addr 0.0.0.0>]
rcvd [IPCP ConfRej id=0x1 <compress VJ 0f 01>]
sent [IPCP ConfReq id=0x2 <addr 0.0.0.0> <ms-dns1 0.0.0.0> <ms-dns2 0.0.0.0>]
rcvd [IPCP ConfReq id=0x1]
sent [IPCP ConfAck id=0x1]
rcvd [IPCP ConfNak id=0x2 <addr 10.30.47.58> <ms-dns1 10.74.210.210> <ms-dns2 10.74.210.211>]
sent [IPCP ConfReq id=0x3 <addr 10.30.47.58> <ms-dns1 10.74.210.210> <ms-dns2 10.74.210.211>]
rcvd [IPCP ConfAck id=0x3 <addr 10.30.47.58> <ms-dns1 10.74.210.210> <ms-dns2 10.74.210.211>]
Could not determine remote IP address: defaulting to 10.64.64.64
local IP address 10.30.47.58
remote IP address 10.64.64.64
primary DNS address 10.74.210.210
secondary DNS address 10.74.210.211
Script /etc/ppp/ip-up started (pid 473)
Script /etc/ppp/ip-up finished (pid 473), status = 0x0
No response to 4 echo-requests
Serial link appears to be disconnected.
Connect time 1683.8 minutes.
Sent 11846 bytes, received 2597 bytes.
Script /etc/ppp/ip-down started (pid 644)
sent [LCP TermReq id=0x2 "Peer not responding"]
Script /etc/ppp/ip-down finished (pid 644), status = 0x0
sent [LCP TermReq id=0x3 "Peer not responding"]
Connection terminated.
Modem hangup
Necessary to mention:
The behavior described above takes place only when the GSM module is attached to Raspberry PI via UART! When the GSM modem is attached to Raspberry PI via USB everything works fine with the same configuration (in this case /dev/ttyUSB2 is used instead of /dev/ttyAMA0 ) and the described problem is not observed.
Raspberry PI uses primary UART /dev/ttyAMA0. It is configured to not use autobaudrate feature.
Raspbian 10 is used and it has PPP support in the kernel.

Related

Windows Server 2008 openssh connection reset

On Windows Server 2008, I installed openssh but I can't connect it. On Windows Server 2012 it worked.
The server log:
2708 2020-09-28 14:24:36.368 debug3: checking match for 'Group administrators' user administrator host 42.120.75.144 addr 42.120.75.144 laddr 172.16.12.219 lport 22
2708 2020-09-28 14:24:36.368 debug1: generate_s4u_user_token: LsaLogonUser() failed. User 'administrator' Status: 0xC000000D SubStatus 0.
2708 2020-09-28 14:24:36.368 debug3: get_user_token - unable to generate token for user administrator
2708 2020-09-28 14:24:36.368 debug1: generate_s4u_user_token: LsaLogonUser() failed. User 'administrator' Status: 0xC000000D SubStatus 0.
2708 2020-09-28 14:24:36.368 error: get_user_token - unable to generate token on 2nd attempt for user administrator
2708 2020-09-28 14:24:36.368 fatal: ga_init, unable to resolve user administrator
2708 2020-09-28 14:24:36.368 debug1: do_cleanup
2708 2020-09-28 14:24:36.368 debug1: Killing privsep child 2848
the client log:
Connection reset by 47.116.68.56 port 22
According to this thread: https://community.spiceworks.com/topic/2257505-ssh-error-connection-reset-by-peer
They point out that Windows Server 2008 uses older encryption protocols, which after looking at you error log seems as the reason for the connection failure.

Website ERR_CONNECTION_RESET - Client not sending SSL hello packet to server

I have a website on Centos 7.4 running Apache 2.4.6
A user reported that they could not access the site on their mobile device (as of the last few days). I was able to recreate this issue on an Android Pixel. When I use a mobile 4G network, I immediately get an ERR_CONNECTION_RESET page if I try to go to any page of the website. When I use my home WIFI network on the phone, with the same browser, I can view all pages as expected.
I tested this, with the same results, on both Chrome and the native browser on this device.
I have enabled SSL logging in apache (ssl_engine, ssl_access and ssl_error) and none of these logs (nor the general httpd error log) show anything relating to this issue. I guess the connection doesn't reach apache?
There is nothing relating to this in the firewalld log either (though I'm not sure it would be logging such things?).
I have greped the fail2ban log too for the mobile network IP and found nothing.
I have also used Wireshark/Tshark to analyse the packets. Comparing the output when I access the site using WIFI (where it connects as expected) and when I use the mobile 4G network (where it fails to connect).
2 0.000065217 [Server IP] -> [Client IP] TCP 74 https > 63878 [SYN, ACK] Seq=0 Ack=1 Win=28960 Len=0 MSS=1460 SACK_PERM=1 TSval=244522926 TSecr=140533229 WS=128
3 0.003907594 [Client IP] -> [Server IP] TCP 74 63879 > https [SYN] Seq=0 Win=65535 Len=0 MSS=1326 SACK_PERM=1 TSval=140533229 TSecr=0 WS=256
4 0.003951717 [Server IP] -> [Client IP] TCP 74 https > 63879 [SYN, ACK] Seq=0 Ack=1 Win=28960 Len=0 MSS=1460 SACK_PERM=1 TSval=244522930 TSecr=140533229 WS=128
5 0.154191732 [Client IP] -> [Server IP] TCP 66 63879 > https [ACK] Seq=1 Ack=1 Win=87808 Len=0 TSval=140533290 TSecr=244522930
6 0.165703034 [Client IP] -> [Server IP] TCP 66 63878 > https [ACK] Seq=1 Ack=1 Win=87808 Len=0 TSval=140533290 TSecr=244522926
7 0.187358660 [Client IP] -> [Server IP] TCP 56 63879 > https [RST, ACK] Seq=1 Ack=1 Win=8222720 Len=0
8 0.204245316 [Client IP] -> [Server IP] TCP 56 63878 > https [RST, ACK] Seq=1 Ack=1 Win=8222720 Len=0
This is as far as the connecting goes on the mobile network. We never get to the next stage which is "SSL 571 Client Hello" on WIFI (the client sending the server a hello).
Any ideas on what could be causing this, or ways I can debug this issue further?
So I've finally got to the bottom of this error, after a few days of scratching my head and spending a lot of time researching and fiddling with the server config.
It turns out the website has been blocked by a couple of ISPs who have decided to now deem the website as containing adult content (it's doesn't and has never had this issue before in its 10 year history).
Rather than providing any kind of useful redirect to let a user know why they can't access the site, they simply don't send a hello packet and up comes the ERR_CONNECTION_RESET.
I must say, this is something that had crossed my mind early on in my investigations. However, rather unhelpfully, when logging into my mobile phone account it said the adult content filter was off. I discovered this wasn't in fact the case when I called them to double check!
If you think this could be happening to you, here's some quick checks:
If all other websites seem to be working fine, try to visit an adult website and see if you also get an ERR_CONNECTION_RESET
Then check with your ISP to see if it's blocking adult content.

Rundeck gmail smtp setting

I've been trying for weeks to get to configure rundeck to send emails using my gmail smtp settings on a Centos7 vm. I do have an ssl cert (that I purchased) configured for the server. Not sure if that has something to do with it. So far I have:
Converted the "/etc/rundeck/rundeck-config.properties" file to
"/etc/rundeck/rundeck-config.groovy" file
Updates the "/etc/sysconfig/rundeckd" file with the following settings. "export RUNDECK_WITH_SSL=true
export RDECK_CONFIG_FILE="/etc/rundeck/rundeck-config.groovy"
Edited my "/etc/rundeck/rundeck-config.groovy" with the following text.
loglevel.default="INFO"
rdeck.base="/var/lib/rundeck"
rss.enabled=false
grails.mail.default.from="user#gmail.com"
dataSource.dbCreate = "update"
dataSource.url = "jdbc:h2:file:/var/lib/rundeck/data/rundeckdb;MVCC=true;TRACE_LEVEL_FILE=4"
grails {
mail {
host = "smtp.gmail.com"
username = "user#gmail.com"
port = 465
password = "password"
props = ["mail.smtp.auth":"true",
"mail.smtp.port":"465",
"mail.smtp.starttls.enable":"true",
"mail.smtp.socketFactory.port":"465",
"mail.smtp.socketFactory.fallback":"false"]
}
}
grails.serverURL="https://rundeck-server:4443"
rundeck.log4j.config.file = "/etc/rundeck/log4j.properties"
If I run it with port 465, I receive the following error.
2019-01-03 14:57:26.260 ERROR --- [eduler_Worker-1] rundeck.services.NotificationService : Error sending notification email to user#gmail.com for Execution 231: Mail server connection failed; nested exception is javax.mail.MessagingException: Could not connect to SMTP host: smtp.gmail.com, port: 465, response: -1. Failed messages: javax.mail.MessagingException: Could not connect to SMTP host: smtp.gmail.com, port: 465, response: -1
If I configure using port 587, I receive the following error in the "/var/log/rundeck/service.log"
2019-01-03 15:05:52.121 ERROR --- [eduler_Worker-1] rundeck.services.NotificationService : Error sending notification email to user#gmail.com for Execution 233: Mail server connection failed; nested exception is javax.mail.MessagingException: Could not convert socket to TLS;
nested exception is:
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target. Failed messages: javax.mail.MessagingException: Could not convert socket to TLS;
nested exception is:
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
Alternatively, I installed mailx and although theres an error in the logs, it successfully sends an email when I run the following "echo "Your message" | mail -v -s "Message Subject" user#gmail.com" command. The output is
Resolving host smtp.gmail.com . . . done.
Connecting to x.x.x.x:465 . . . connected.
Error in certificate: Peer's certificate issuer is not recognized.
Comparing DNS name: "smtp.gmail.com"
SSL parameters: cipher=AES-xxx-GCM, keysize=xxx, secretkeysize=xxx,
issuer=CN=Google Internet Authority G3,O=Google Trust Services,C=US
subject=CN=smtp.gmail.com,O=Google LLC,L=Mountain View,ST=California,C=US
220 smtp.gmail.com ESMTP b22sm9658588ios.45 - gsmtp
>>> EHLO rundeck-server
250-smtp.gmail.com at your service, [x.x.x.x]
250-SIZE 35882577
250-8BITMIME
250-AUTH LOGIN PLAIN XOAUTH2 PLAIN-CLIENTTOKEN OAUTHBEARER XOAUTH
250-ENHANCEDSTATUSCODES
250-PIPELINING
250-CHUNKING
250 SMTPUTF8
>>> AUTH LOGIN
334 xxxx
>>> xxxx==
334 xxxx
>>> xxxx==
235 2.7.0 Accepted
>>> MAIL FROM:<user#rundeck-server>
250 2.1.0 OK xx - gsmtp
>>> RCPT TO:<user#gmail.com>
250 2.1.5 OK xx - gsmtp
>>> DATA
354 Go ahead xx - gsmtp
>>> .
250 2.0.0 OK xx - gsmtp
>>> QUIT
221 2.0.0 closing connection xx - gsmtp
I added the following to the bottom of my "/etc/mail.rc" file
set smtp=smtps://smtp.gmail.com:465
set smtp-auth=login
set smtp-auth-user=USER.GMAIL.COM
set smtp-auth-password='password'
set ssl-verify=ignore
set nss-config-dir=/etc/pki/nssdb/
Looks like you're using a self-signed certificate or non trusted certificate by google, check that:
Related links:
Java: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
http://web.archive.org/web/20080820101722/http://blogs.sun.com/andreas/entry/no_more_unable_to_find
https://news.ycombinator.com/item?id=4920088
http://code.naishe.in/2011/07/looks-like-article-no-more-unable-to.html
I send emails from my gmail account with these settings in /etc/rundeck/rundeck-config.groovy
grails {
mail {
host = "smtp.gmail.com"
username = "USER"
port = 587
password = "PASSWORD"
props = ["mail.smtp.starttls.enable":"true","mail.smtp.auth":"true","mail.smtp.socketFactory.port":"587","mail.smtp.socketFactory.fallback":"false"]
}
}

fetching mail via IMAP in rails application

i am trying to fetch my mail from gmail account and store it into my database now i am facing an error during run server using gem 'imap_processor', '~> 1.6'
C:/RailsInstaller/Ruby2.2.0/lib/ruby/2.2.0/net/imap.rb:1057:in `initialize': A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond. - connect(2) for "smtp.gmail.com" port 143 (Errno::ETIMEDOUT)
Unable to load application: Errno::ETIMEDOUT: A connection attempt
failed because the connected party did not properly respond after a
period of time, or established connection failed because connected
host has failed to respond. - connect(2) for "smtp.gmail.com" port
143
imap = Net::IMAP.new('smtp.gmail.com')
imap.authenticate('LOGIN', 'debasish.industrify2016#gmail.com', '*******')
imap.examine('INBOX')
imap.search(["RECENT"]).each do |message_id|
envelope = imap.fetch(message_id, "ENVELOPE")[0].attr["ENVELOPE"]
puts "#{envelope.from[0].name}: \t#{envelope.subject}"
end
can any one guide me ?

How to prevent loopback publish when mosquitto bridged with RabbitMQ MQTT?

I have two mosquitto brokers installed on PC1 (mosquitto v1.4.8) and PC2 (RabbitMQ v3.6.2 with MQTT Adapter).
Bridging initiated at PC1 like below
sensor/room1/ <-> office/room1/
But I noticed there is always a duplicate message being published back whenever the bridge is active, means all my application (on PC1) which subscribes to the same topic will receives the same message twice. What setting I did wrong here?
PC1 mosquitto.conf
connection bridge-pc1-to-pc2
address pc2-address.com
topic room1/# both 2 sensor/ office/
bridge_protocol_version mqttv311
notifications true
cleansession true
try_private false
To test loopback issue, I had PC1 subscribed to topic sensor/#
mosquitto_sub -t sensor/# -v -d
Then at PC1 I publish a test message
mosquitto_pub -t sensor/room1/temperature -m '{"value":27.3, "timestamp":"2016-06-03 14:02:38"}'
Broker at cloud (PC2) received the message correctly (message received only once)
Client mosqsub/3121-Dennis-iMa sending CONNECT
Client mosqsub/3121-Dennis-iMa received CONNACK
Client mosqsub/3121-Dennis-iMa sending SUBSCRIBE (Mid: 1, Topic: office/#, QoS: 0)
Client mosqsub/3121-Dennis-iMa received SUBACK
Subscribed (mid: 1): 0
Client mosqsub/3121-Dennis-iMa received PUBLISH (d0, q0, r0, m0, 'office/room1/temperature', ... (14 bytes))
office/room1/temperature {"value":27.3, "timestamp":"2016-06-03 14:02:38"}
But PC1 received the same message twice! Below is the Pi's output
Received CONNACK
Received SUBACK
Subscribed (mid: 1): 0
Received PUBLISH (d0, q0, r0, m0, 'sensor/room1/temperature', ... (14 bytes))
sensor/room1/temperature {"value":27.3, "timestamp":"2016-06-03 14:02:38"}
Received PUBLISH (d0, q0, r0, m0, 'sensor/room1/temperature', ... (14 bytes))
sensor/room1/temperature {"value":27.3, "timestamp":"2016-06-03 14:02:38"}
Why there is loopback published message and how to solve this?
Update 3 Jun 2016
This is not the same question with this question, as it does not involve horizontal scaling (1-to-many brokers)
Change try_private false to try_private true. This is exactly what it is intended for. If rabbit doesn't support that feature (it is currently not in the spec, but widely used) then you're out of luck.
RabbitMQ doesn't support try_private and doesn't know anything about the bridge. So messages published to office/* in RabbitMQ will be sent back to subscribed mosquitto without taking to account any private flags.
To remove cycles you can use different topic names for in and out connections or use two mosquitto servers.