Remote tunnel access denied

hwine · August 13, 2019, 1:48am

Gateway working great and accessible locally. But remote access appears broken. Any suggestions on debug and/or fix welcome.

mstegeman · August 13, 2019, 5:48pm

This error means that your gateway is not connected to the tunnel, so either:

Your gateway is not running, OR
Your gateway doesn’t have internet connectivity

Are you able to connect to https://gateway.local:4443?

hwine · August 15, 2019, 4:19am

Unfortunately, the gateway is running, and has internet connectivity. Both via the web app and ssh.

I can not access port 4443 locally, even after a restart.

The open ports are:

sudo netstat -nltp
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      483/sshd
tcp        0      0 127.0.0.1:5555          0.0.0.0:*               LISTEN      474/python3
tcp6       0      0 :::22                   :::*                    LISTEN      483/sshd
tcp6       0      0 :::8080                 :::*                    LISTEN      821/node

I don’t see any obvious service to start for the tunnel.

For more context, this happened after I reflashed, set up the tunnel (I hadn’t done that before), and copied over some of the old configs (per this comment). I realize now (d’Oh) that may have overwritten the tunnel configs.

Time to restart from reflash again?

mstegeman · August 15, 2019, 5:28pm

It looks like only port 8080 is open, which means that yes, you probably wiped out your tunnel config. You can do the following to prevent wiping everything:

SSH to the Pi and do the following:

pi@gateway:~ $ sudo systemctl stop mozilla-iot-gateway.service
pi@gateway:~ $ sqlite3 ~/.mozilla-iot/config/db.sqlite3
SQLite version 3.27.2 2019-02-25 16:06:06
Enter ".help" for usage hints.
sqlite> DELETE FROM settings WHERE key = 'tunneltoken';
sqlite> .quit
pi@gateway:~ $ rm -rf ~/.mozilla-iot/ssl
pi@gateway:~ $ sudo systemctl start mozilla-iot-gateway.service

Now, in your browser, navigate to http://gateway.local and you should be able to set your tunnel back up.

hwine · August 17, 2019, 5:02am

fwiw, I did not have a ‘tunneltoken’ key, but I did have a ‘notunnel’ key with a value of true. I deleted that key instead, and restarted the service.

That does take me back to the “setup tunnel screen”, however, I must have fat-fingered the original email. mozilla-iot believes the subdomain is in use with a different email, and thus does not offer the “reclaim” button workflow. Sigh

Everything is working now on the xxx2 subdomain. Thanks for all the help!

mstegeman · August 18, 2019, 6:13pm

If you would like to have your original domain back, email me at mstegeman@mozilla.com with the domain name and what the email should have been.