Unexpected connection reset when bridging mosquitto broker with Azure IoT Hub - azure-iot-hub

I am trying to create a bridge with Azure IoT Hub.
The configuration of mosquitto bridge is following:
connection Azure
address <my_hub_name>.azure-devices.net:8883
# error | information | notice | warning | all | debug
log_dest stdout
log_type all
## Auth Info
remote_username <my_hub_name>.azure-devices.net/<my_dev_name>/?api-version=2018-06-30
remote_password <SAS>
remote_clientid <my_dev_name>
bridge_cafile cert.pem
## some config
try_private false
cleansession true
start_type automatic
bridge_insecure false
bridge_protocol_version mqttv311
bridge_tls_version tlsv1.2
notifications false
## Topics
topic devices/<my_dev_name>/messages/events/# out
And I get the following output:
Opening ipv6 listen socket on port 1883.
Bridge local.<my_dev_name> doing local SUBSCRIBE on topic devices/<my_dev_name>/messages/events/#
Connecting bridge Azure (<my_hub_name>.azure-devices.net:8883)
Bridge <my_dev_name> sending CONNECT
Received CONNACK on connection local.<my_dev_name>.
Bridge local.<my_dev_name> sending UNSUBSCRIBE (Mid: 1, Topic: devices/<my_dev_name>/messages/events/#)
Received UNSUBACK from local.<my_dev_name>
Socket error on client local.<my_dev_name>, disconnecting.
Bridge local.<my_dev_name> doing local SUBSCRIBE on topic devices/<my_dev_name>/messages/events/#
Connecting bridge Azure (<my_hub_name>.azure-devices.net:8883)
Bridge <my_dev_name> sending CONNECT
Received CONNACK on connection local.<my_dev_name>.
Bridge local.<my_dev_name> sending UNSUBSCRIBE (Mid: 1, Topic: devices/<my_dev_name>/messages/events/#)
Received UNSUBACK from local.<my_dev_name>
Socket error on client local.<my_dev_name>, disconnecting.
...
Wireshark shows that for unknown reason Azure sends me a packet with FIN bit set, which results into connection reset.
At the same time mosquitto_pub is able to send a packet with same parameters (host, username, password). The utility mosquitto_sub also works without errors, but does not receive any of messages published by mosquitto_pub.
Spent several days trying to figure out the correct configuration without any success (including, of course, search on stackoverflow). I will be very appreciated for any hints.
As far as I know, nobody could connect to our IoT Hub before, so probably there maybe an issue with created hub. Unfortunately, learn.microsoft.com looks more like a quest rather than a help.
EDITED: corrected the topic parameter in configuration from "in" to "out".

As inferred from the comments.
The problem will be that the 2 bridges will have generated the same client id.
Client IDs need to be unique across all clients connected to the broker. If a second client connects with the same client id the spec says the broker must disconnect the fist one.
The disconnected client then tries to reconnect and this results in the other broker being kicked off, which then starts a feedback loop with each client kicking the other off as it reconnects.

Almost all connection errors were resolved by accurate setup of certificate and broker configuration. Except one and its description follows.
We create a bridge with above credentials (certificate, SAS login/password/clientid) - everything works fine.
The bridge is configured with following topic rule:
topic # both 0 /devices/ devices/<my_dev_name>/messages/events/
If I publish the following to my local broker:
mosquitto_pub \
-h 10.0.2.15 -p 1883 \
-t "/devices/foobar" \
-m "{\"foo\" : \"bar\"}" \
-d
everything is fine. But if I publish a bit more long topic
mosquitto_pub \
-h 10.0.2.15 -p 1883 \
-t "/devices/foo/foobar" \
-m "{\"foo\" : \"bar\"}" \
-d
I get connection reset error:
1607623721: Received PUBLISH from mosq-52yqOrz6C6riwvUUF3 (d0, q0, r0, m0, '/devices/foo/foobar1', ... (16 bytes))
1607623721: Sending PUBLISH to local.<my_dev_name> (d0, q0, r0, m0, 'devices/<my_dev_name>/messages/events/foo/foobar1', ... (16 bytes))
1607623721: Received DISCONNECT from mosq-52yqOrz6C6riwvUUF3
1607623721: Client mosq-52yqOrz6C6riwvUUF3 disconnected.
1607623721: Socket error on client local.<my_dev_name>, disconnecting.
I do not understand why Azure disconnects my bridge. I can make about a hundred messages to the topic /devices/foobar in 2-3 seconds without any complaints, but only one message to /devices/foo/foobar results into immediate socket error.
Probably, there is some restriction, but I can not find any of them, except the total maximum number of messages during one day.

Related

GCP Memorystore Redis: Protocol error, got "\x15" as reply type byte

I have been researching this Redis error for days now...
I created a GCP Memorystore Redis instance and received the following internal IP endpoint:
10.xxx.xxx.xxx:6378
I created a small GCE instance and made sure that zone matched the Redis instance:
us-central1-f
However, I when I ssh into the VM, connect to Redis, and issue a PING, I get the following error response
Protocol error, got "\x15" as reply type byte
Any idea why I am getting this error?
If the Redis instance was configured with an AUTH string and/or TLS encryption, you would need to pass these credentials when connecting to it.
I received the same error when using your command to connect to my encrypted instance. This can be done in two ways as far as I tested (from a GCE instance in the same VPC as Redis):
1. Using the redis-cli, you could use the following command to authenticate (see here for information on the flags used in the command):
redis-cli -h <ip_addres> -p <port> -a <auth_string> --tls --cacert <path/to/certificate_file.pem>
Note: the certificate file would need to be installed to your VM.
2. The GCP Memorystore documentation recommends using telnet and Stunnel to connect to a secured and encrypted instance.
Something not included in the documentation is that after running telnet localhost 6378 in step 4, you would need to pass the AUTH string in the telnet console:
AUTH <auth_string>
+OK
PING
+PONG
After that, you can PING the instance in step 5, skipping sending the AUTH string will return this error: -NOAUTH Authentication required. Besides that, you should follow as documented the rest of the steps.

RabbitMQ channel has no consumer

I am trying to send a message to RabbitMQ via MQTT, however when the connection is established, the channel shows that is has ... no consumers .... To my understanding, upon connecting via MQTT to RabbitMQ, the topic will default to the amq.topic, and a new queue will be created for these connections.
Oddly enough, this does happen when I connect using Mosquitto, however, other MQTT clients do not get their own queue.
So, as an example, connecting like so: mosquitto_sub -h rabbit-01.<hostname.com> -p 1883 -u <v_host>:<username> -P <pass> -t "#"
produces:
HOWEVER!
my connection from the other server pub/sub mqtt integration thing results in no new queue displaying. Here are the settings for that:
Any help would be greatly apprecieated!
Thanks!

Why redis respond nil to ping?

I have access to two instances of Redis.
Connected locally with redis-cli, when I ping I get the response PONG
127.0.0.1:6379> ping
PONG
Managed by Digital Ocean connected by redli with --tls option, when I ping I get nil:
Connected to 5.0.9
> ping
nil
What does it mean? It is a problem with redli, Digital Ocean, TLS, Redis version? Why do I get different responses? How can I debug this problem?
Logs from Digital Ocean:
other queries like echo "Hello" also have nil response.

Unable to connect on GitLab.com since 2 days (HTTP, SSH...)

Let me explain my very strange problem. I have one server (Linux Debian Jessie) which had access to my git repository on gitlab.com
Two days ago, I tried to pull some modifications on this server with a simple git pull. I received an error message :
ssh: connect to host gitlab.com port 22: Connection timed out
Si I have done some tests
1. TELNET
To understand why, I have tried a telnet on 22 port = TIMEOUT
2. IPTABLES
I checked my iptables to be sure that SSH port was allowed. It is. If I try a telnet on another service for example like github.com, it works. So I'm allowed in OUTPUT on this port.
3. PING
I thought a ip translation problem. I have done a ping, I obtain this message :
PING 104.210.2.228 (104.210.2.228) 56(84) bytes of data.
--- 104.210.2.228 ping statistics ---
87 packets transmitted, 0 received, 100% packet loss, time 86534ms
4. FAIL2BAN
I use fail2ban, so I have checked if gitlab was in jail address, but it seems not.
So my problem is that I can't reach gitlab.com
If I try from my local machine or from another server, I don't have this problem. It works.
I can't reach gitlab.com only from this server but I don't know why. Maybe someone has an idea which cans be very precious to help me ?
Probably some modification of firewall caused this. For a quick solution use http protocol instead of ssh. Change your url in the git config file to http.
git config --local -e
change entry of
url = git#gitlab.com:username/repo.git , to
url = https://gitlab.com/username/repo.git
You need to give your username and password to authenticate yourself while making a push or pull though as it's http based.

SSL handshake with ActiveMQ server gives NullPointerException when connecting via SilverTunnel netlib

Summary
Connecting to ActiveMQ via TCP works fine with or without netlib.
Connecting via SSL works fine without netlib but fails with netlib.
Note: I'm using apache-activemq-5.6.0 and silvertunnel.org_netlib-0.14-beta.
This problem occurs whether using netlib's tcpipNetLayer or torNetLayer. However, only the tcpipNetLayer case is considered here to keep things simple.
BTW, SSL + netlib worked fine with the HornetQ messaging server (which implements SSL authentication differently) but HornetQ had problems that led me to try using ActiveMQ.
For convenience I have created a simple test case with a consumer and two different producers.
producer connects without netlib - works fine.
producer-tcpip connects with neltib using the tcpipNetLayer - the following errors occur:
With SSL debugging turned on for ActiveMQ the producer-tcpip program outputs to the console the following error message and then hangs:
ActiveMQ Transport: ssl://null:0, handling exception: java.lang.NullPointerException
This is midway through an SSL handshake because the producer-tcpip program generates the log4j message:
DEBUG org.apache.activemq.transport.failover.FailoverTransport - Attempting 0th connect to: ssl://localhost:61616
DEBUG org.apache.activemq.transport.WireFormatNegotiator - Sending: WireFormatInfo { version=9, properties={MaxFrameSize=104857600, CacheSize=1024, CacheEnabled=true, SizePrefixDisabled=false, MaxInactivityDurationInitalDelay=10000, TcpNoDelayEnabled=true, MaxInactivityDuration=30000, TightEncodingEnabled=true, StackTraceEnabled=true}, magic=[A,c,t,i,v,e,M,Q]}
Then when the producer-tcpip program is killed (e.g. with a ctrl+C) then the activemq.log reports that:
WARN | Transport Connection to: tcp://127.0.0.1:49463 failed: javax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake | org.apache.activemq.broker.TransportConnection.Transport | ActiveMQ Transport: ssl:///127.0.0.1:49463
ERROR | Could not accept connection from tcp://127.0.0.1:49463: javax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake | org.apache.activemq.broker.TransportConnector | ActiveMQ Task-3
I have no idea what could be causing this or how it can be resolved. Can anyone help?
Steps to reproduce the problem (takes under 15 minutes):
download the test case
wget http://anandavala.info/miscl/testing-AMQ-Netlib-SSL.zip
unzip testing-AMQ-Netlib-SSL.zip
rm testing-AMQ-Netlib-SSL.zip
cd testing-AMQ-Netlib-SSL
Download latest ActiveMQ into the testing directory
wget https://www.apache.org/dist/activemq/apache-activemq/5.6.0/apache-activemq-5.6.0-bin.tar.gz
tar -xzf apache-activemq-5.6.0-bin.tar.gz
rm apache-activemq-5.6.0-bin.tar.gz
Edit conf/activemq.xml to accept ssl
gedit apache-activemq-5.6.0/conf/activemq.xml
replace the transportConnectors entry with the following lines (to enable SSL)
<transportConnectors>
<transportConnector name="ssl" uri="ssl://0.0.0.0:61616?needClientAuth=true"/>
</transportConnectors>
<sslContext>
<sslContext
keyStore="broker.ks" keyStorePassword="password"
trustStore="client.ks" trustStorePassword="password"/>
</sslContext>
start server
cd apache-activemq-5.6.0
bin/activemq start
view logging output
tail -f data/activemq.log
open another console then cd into the testing-AMQ-Netlib-SSL directory
Download latest SilverTunnel netlib into the testing directory
wget http://sourceforge.net/projects/silvertunnel/files/silvertunnel_Netlib/silvertunnel.org_netlib-0.14-beta.zip
unzip silvertunnel.org_netlib-0.14-beta.zip
rm silvertunnel.org_netlib-0.14-beta.zip
compile the source code into three runnable jar files in separate directories
ant
run the consumer
cd consumer
./consumer
open another console then cd into the testing-AMQ-Netlib-SSL/producer directory
run the producer
./producer
let it run for a bit to satisfy yourself that it works then kill the producer by hitting ctrl+C
run the producer-tcpip
cd ../producer-tcpip
./producer-tcpip
let it run for a bit to satisfy yourself that it has stalled at a NullPointerException then kill the producer-tcpip by hitting ctrl+C
notice the debug message in producer-tcpip's output
tail -f logs/output.log
also notice the error message that appears at the bottom of activemq.log (see the tail output from the first console window) or type at the current prompt
tail -f ../apache-activemq-5.6.0/data/activemq.log
Thanks for your help!