Remote tunnel access denied

Gateway working great and accessible locally. But remote access appears broken. Any suggestions on debug and/or fix welcome.

This error means that your gateway is not connected to the tunnel, so either:

  1. Your gateway is not running, OR
  2. Your gateway doesn’t have internet connectivity

Are you able to connect to https://gateway.local:4443?

Unfortunately, the gateway is running, and has internet connectivity. Both via the web app and ssh.

I can not access port 4443 locally, even after a restart.

The open ports are:

sudo netstat -nltp
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name
tcp        0      0    *               LISTEN      483/sshd
tcp        0      0*               LISTEN      474/python3
tcp6       0      0 :::22                   :::*                    LISTEN      483/sshd
tcp6       0      0 :::8080                 :::*                    LISTEN      821/node

I don’t see any obvious service to start for the tunnel.

For more context, this happened after I reflashed, set up the tunnel (I hadn’t done that before), and copied over some of the old configs (per this comment). I realize now (d’Oh) that may have overwritten the tunnel configs. :frowning:

Time to restart from reflash again?

It looks like only port 8080 is open, which means that yes, you probably wiped out your tunnel config. You can do the following to prevent wiping everything:

  • SSH to the Pi and do the following:
    pi@gateway:~ $ sudo systemctl stop mozilla-iot-gateway.service
    pi@gateway:~ $ sqlite3 ~/.mozilla-iot/config/db.sqlite3
    SQLite version 3.27.2 2019-02-25 16:06:06
    Enter ".help" for usage hints.
    sqlite> DELETE FROM settings WHERE key = 'tunneltoken';
    sqlite> .quit
    pi@gateway:~ $ rm -rf ~/.mozilla-iot/ssl
    pi@gateway:~ $ sudo systemctl start mozilla-iot-gateway.service
  • Now, in your browser, navigate to http://gateway.local and you should be able to set your tunnel back up.

fwiw, I did not have a ‘tunneltoken’ key, but I did have a ‘notunnel’ key with a value of true. I deleted that key instead, and restarted the service.

That does take me back to the “setup tunnel screen”, however, I must have fat-fingered the original email. mozilla-iot believes the subdomain is in use with a different email, and thus does not offer the “reclaim” button workflow. Sigh

Everything is working now on the xxx2 subdomain. Thanks for all the help!

If you would like to have your original domain back, email me at with the domain name and what the email should have been.