Comments (4)
vanceb
commented on June 6, 2024
Troubleshooting mqtt bridge connection to Kappelt gBridge
Mosquitto bridge
Config
# =================================================================
# Bridges to Kappelt gBridge for Google Home Automation linkup
# =================================================================
connection gbridge
address mqtt.gbridge.kappelt.net:8883
remote_username gbridge-u37
remote_password <redacted>
# Specifying which topics are bridged
topic gBridge/u37/d73/onoff in 0
topic gBridge/u37/d73/onoff/set out 0
topic gBridge/u37/d74/onoff in 0
topic gBridge/u37/d74/onoff/set out 0
topic gBridge/u37/d75/onoff in 0
topic gBridge/u37/d75/onoff/set out 0
# Setting protocol version explicitly
bridge_attempt_unsubscribe true
bridge_protocol_version mqttv311
bridge_insecure false
bridge_capath /etc/ssl/certs
bridge_tls_version tlsv1.2
# Bridge connection name and MQTT client Id,
# enabling the connection automatically when the broker starts.
try_private true # Added to try and resolve connection issues
cleansession true
clientid u37
start_type automatic
notifications false
log_type all
Log extract
1539898641: Bridge local.u37 doing local SUBSCRIBE on topic gBridge/u37/d73/onoff/set
1539898641: Bridge local.u37 doing local SUBSCRIBE on topic gBridge/u37/d74/onoff/set
1539898641: Bridge local.u37 doing local SUBSCRIBE on topic gBridge/u37/d75/onoff/set
1539898641: Connecting bridge gbridge (mqtt.gbridge.kappelt.net:8883)
1539898672: Connecting bridge gbridge (mqtt.gbridge.kappelt.net:8883)
1539898672: Bridge u37 sending CONNECT
1539898672: Received CONNACK on connection local.u37.
1539898672: Bridge local.u37 sending SUBSCRIBE (Mid: 85, Topic: gBridge/u37/d73/onoff, QoS: 0)
1539898672: Bridge local.u37 sending UNSUBSCRIBE (Mid: 86, Topic: gBridge/u37/d73/onoff/set)
1539898672: Bridge local.u37 sending SUBSCRIBE (Mid: 87, Topic: gBridge/u37/d74/onoff, QoS: 0)
1539898672: Bridge local.u37 sending UNSUBSCRIBE (Mid: 88, Topic: gBridge/u37/d74/onoff/set)
1539898672: Bridge local.u37 sending SUBSCRIBE (Mid: 89, Topic: gBridge/u37/d75/onoff, QoS: 0)
1539898672: Bridge local.u37 sending UNSUBSCRIBE (Mid: 90, Topic: gBridge/u37/d75/onoff/set)
1539898672: Received SUBACK from local.u37
1539898672: Socket error on client local.u37, disconnecting.
Testing ssl connectivity with openssl
openssl s_client -connect mqtt.gbridge.kappelt.net:8883
CONNECTED(00000005)
depth=2 O = Digital Signature Trust Co., CN = DST Root CA X3
verify return:1
depth=1 C = US, O = Let's Encrypt, CN = Let's Encrypt Authority X3
verify return:1
depth=0 CN = gbridge.kappelt.net
verify return:1
---
Certificate chain
0 s:/CN=gbridge.kappelt.net
i:/C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3
1 s:/C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3
i:/O=Digital Signature Trust Co./CN=DST Root CA X3
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIGJzCCBQ+gAwIBAgISA9MbAM82kr6kHDRcE+NMoq0gMA0GCSqGSIb3DQEBCwUA
MEoxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MSMwIQYDVQQD
ExpMZXQncyBFbmNyeXB0IEF1dGhvcml0eSBYMzAeFw0xODA5MTEyMTAzMjRaFw0x
ODEyMTAyMTAzMjRaMB4xHDAaBgNVBAMTE2dicmlkZ2Uua2FwcGVsdC5uZXQwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDSi+htM1Cnmlfri0+BYq71ks8+
qpJ4f4/7nJBTHtK7Y5v/4SUCno1wX98yar8qWmRFrH5kDN1dFeEBy9TwSevKe1HE
gcPNTGfsIQwZItZHfaa0pXpNiNYQOVy8l2qzMZ4G4de8DQRgtADF3/TSKETcr0px
aL+K8+JCalWXX5PIZAI84lc3OEpWW1S4WtGZrnHntUr69yBXDjo1ux9qM69CUaZj
144kWHV7v3souChYOP4xsxRwG/PD2uyGhtzesQdOOqqY3TKfw8ChymelExKnS1IR
6j/tYwcF35XP6ilVbqve/82ifWBuiVBipHdjgTSwrJDv4/vJDBWbC32p2AbxAgMB
AAGjggMxMIIDLTAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEG
CCsGAQUFBwMCMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFIyFsURVfEkCw2oyLu0w
cOGxgYL8MB8GA1UdIwQYMBaAFKhKamMEfd265tE5t6ZFZe/zqOyhMG8GCCsGAQUF
BwEBBGMwYTAuBggrBgEFBQcwAYYiaHR0cDovL29jc3AuaW50LXgzLmxldHNlbmNy
eXB0Lm9yZzAvBggrBgEFBQcwAoYjaHR0cDovL2NlcnQuaW50LXgzLmxldHNlbmNy
eXB0Lm9yZy8wNQYDVR0RBC4wLIIVKi5nYnJpZGdlLmthcHBlbHQubmV0ghNnYnJp
ZGdlLmthcHBlbHQubmV0MIH+BgNVHSAEgfYwgfMwCAYGZ4EMAQIBMIHmBgsrBgEE
AYLfEwEBATCB1jAmBggrBgEFBQcCARYaaHR0cDovL2Nwcy5sZXRzZW5jcnlwdC5v
cmcwgasGCCsGAQUFBwICMIGeDIGbVGhpcyBDZXJ0aWZpY2F0ZSBtYXkgb25seSBi
ZSByZWxpZWQgdXBvbiBieSBSZWx5aW5nIFBhcnRpZXMgYW5kIG9ubHkgaW4gYWNj
b3JkYW5jZSB3aXRoIHRoZSBDZXJ0aWZpY2F0ZSBQb2xpY3kgZm91bmQgYXQgaHR0
cHM6Ly9sZXRzZW5jcnlwdC5vcmcvcmVwb3NpdG9yeS8wggEDBgorBgEEAdZ5AgQC
BIH0BIHxAO8AdQCkUBJpBVoVVF5iEas3vBA/Yq5VdqReSxcURT4bIhBqJQAAAWXK
qRmeAAAEAwBGMEQCIAcjHYnxZDpl12+a5UVNku9I3kH8Kv4NRI0xSYWT28nvAiAt
RjgE8F+1ZJgfMVQEA8jYMgi4dNgRv87bmX0z3rci9wB2AFWB1MIWkDYBSuoLm1c8
U/DA5Dh4cCUIFy+jqh0HE9MMAAABZcqpG2MAAAQDAEcwRQIgNK/aDkCUM04inRHl
62ryHsCRi7AA2dE/ne+LGBS+yukCIQDH1Y7f4LIF09rSNs4ii/GOUlJfpMSrrJi9
VPZkIfgvIDANBgkqhkiG9w0BAQsFAAOCAQEADbxlkfYmcinjAOpdFWIGi1INeUXK
0NhZpZK+yBH+mWHUnneKfImbZA1cyNYmroutFw/MrZmR73WQujuckdkAF62MAU3N
BGARTx2JSMznB3X4YFXojIMM0nYHHWCQ5mStwylKVOlKfqc3MIms0G3N4xENSsLe
RFCmhBYzcLTKd5yDrD1/dELNEP7zWAs+pqnsOklrfpFIohkN4xmlUVw/UhBJCkNL
fHVUc3Z9BBBjZu0MLjZLwy01iY4bF49xgkr7Y1t6WXGZFlySNjTL13mOJf1gptZ9
La0wPo1WICadNs0l9PkGaJ2QS5+0JN7SzbY0k384t7IJsKMyoySJKExFRg==
-----END CERTIFICATE-----
subject=/CN=gbridge.kappelt.net
issuer=/C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3
---
No client certificate CA names sent
Server Temp Key: ECDH, X25519, 253 bits
---
SSL handshake has read 3393 bytes and written 293 bytes
---
New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES256-GCM-SHA384
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
Protocol : TLSv1.2
Cipher : ECDHE-RSA-AES256-GCM-SHA384
Session-ID: 6595C4EE7B1474541D50B79AEBA23E8024B82643A03D52FABE24BCD6EE70FB4E
Session-ID-ctx:
Master-Key: 148ED9730B4DC1275991CAC2FED14BF51C030AA6B1A769E1940DD3E06BC131EFEBD82C69116D7AB1DC582917ED060688
TLS session ticket lifetime hint: 7200 (seconds)
TLS session ticket:
0000 - 01 51 e6 14 7c 02 2a 18-31 8e a4 66 ff f4 af c3 .Q..|.*.1..f....
0010 - d8 77 42 a1 e1 51 a4 a6-09 e8 6c 26 56 4d 9e fb .wB..Q....l&VM..
0020 - 6e ff 0b 3e a5 41 f8 b5-1b b8 67 c0 d0 da 38 4e n..>.A....g...8N
0030 - 77 18 f3 91 9f 90 22 ad-2d 28 a7 41 00 96 07 d8 w.....".-(.A....
0040 - cf 9c f2 a5 0f de 56 b7-8e bb 47 6d bf bb 97 da ......V...Gm....
0050 - 60 ed 06 6f 83 b6 5d 16-ca ef 47 61 d5 71 15 91 `..o..]...Ga.q..
0060 - d6 05 80 fd 3b 48 9a 57-82 ea 38 b2 50 2f 97 a3 ....;H.W..8.P/..
0070 - 83 cf 94 13 f6 f4 6c 6d-1c 1d 04 25 50 eb 1d 30 ......lm...%P..0
0080 - 2c a2 fd a4 ff 1e 4d c4-b4 eb 39 22 c8 99 b3 5b ,.....M...9"...[
0090 - 11 55 df 51 fc 6d da 05-56 e3 d3 53 9f 79 58 71 .U.Q.m..V..S.yXq
00a0 - 26 e3 ae ee c9 79 d7 aa-88 e9 e4 ff fb 58 03 db &....y.......X..
Start Time: 1539955239
Timeout : 7200 (sec)
Verify return code: 0 (ok)
---This shows a successful ssl connection from my machine to the server using
TLSV1.2
Testing connectivity with mosquitto_sub
mosquitto_sub -u gbridge-u37 -P xxxxxxxxxxx --capath /etc/ssl/certs -h mqtt.gbridge.kappelt.net -p 8883 -t "gbridge/u37/d74/onoff"
Connection Refused: not authorised.Reset mosquitto password through the gBridge UI, no change, still Connection Refused: not authorised
This sounds like either I am using the incorrect username/password combination
(I think I have eliminated that), or the gBridge mqtt server is not happy with
my subscription (i.e. the ACL associated with my account on the gBridge
server)
Drawing a bit of a blank here - Any suggestions??
from gbridge.
peterkappelt
commented on June 6, 2024
First of all: TLS V1.3 is a documentation error. TLS 1.2 is the current "state of the art"; V 1.3 isn't really established yet. Could you send the relevant documentation link to me, that I'm able to fix this mistake?
I've just tried registering a new account, setting the MQTT password to "abcd1234%" and connecting to it with the same "mosquitto_sub" command you've used. It worked for me without any problems.
Do you use any special chars in your MQTT password that could be interpreted in a wrong way by the command line? What version of mosquitto_sub are you using?
I've just started a log trace with the mosquitto server, filtering for your account. It reported the following:
Oct 20 12:00:16 helium mosquitto[2529]: 1540029616: |-- mosquitto_auth_unpwd_check(gbridge-u37)
Oct 20 12:00:16 helium mosquitto[2529]: 1540029616: |-- getuser(gbridge-u37) AUTHENTICATED=1 by mysql
Oct 20 12:00:16 helium mosquitto[2529]: 1540029616: New client connected from 81.110.90.244 as u37 (c1, k60, u'gbridge-u37').
Oct 20 12:00:16 helium mosquitto[2529]: 1540029616: |-- mosquitto_auth_acl_check(..., client id not available, gbridge-u37, gBridge/u37/d73/onoff, MOSQ_ACL_WRITE)
Oct 20 12:00:16 helium mosquitto[2529]: 1540029616: |-- aclcheck(gbridge-u37, gBridge/u37/d73/onoff, 4) CACHEDAUTH: 17
Oct 20 12:00:16 helium mosquitto[2529]: 1540029616: Socket error on client u37, disconnecting.
It is sadly only a generic error, not too useful.
Another point: Could you try writing to status topics (with mosquitto_pub) and cross-check with Google Assistant commands whether this works?
from gbridge.
vanceb
commented on June 6, 2024
TL;DR - Password had a $ symbol in it which was causing issues with the mosquitto_sub command, BUT even with new password substituted into the mosquitto bridge config it is STILL NOT connecting - seeing the same errors as my first post.
More detail to specific questions below...
First of all: TLS V1.3 is a documentation error. TLS 1.2 is the current "state of the art"; V 1.3 isn't really established yet. Could you send the relevant documentation link to me, that I'm able to fix this mistake?
The TLS 1.3 note is on my Account home page (https://gbridge.kappelt.net/profile):
I've just tried registering a new account, setting the MQTT password to "abcd1234%" and connecting to it with the same "mosquitto_sub" command you've used. It worked for me without any problems.
Do you use any special chars in your MQTT password that could be interpreted in a wrong way by the command line? What version of mosquitto_sub are you using?
I had a $ symbol in my password which was causing problems with mosquitto_sub. Changed the mqtt password to remove this symbol and I am now able to see topics and data:
mosquitto_sub -u gbridge-u37 -P <redacted> --capath /etc/ssl/certs -h mqtt.gbridge.kappelt.net -p 8883 -t gBridge/u37/# -v -i gbridge-u37
gBridge/u37/d0/grequest EXECUTE
gBridge/u37/d74/onoff 0
gBridge/u37/d0/grequest EXECUTE
gBridge/u37/d74/onoff 1
But even with this password changed in the mosquitto bridge config I am still having the same problems as in my initial post - "Socket error on client, disconnecting"
mosquitto_sub version 1.4.15 running on libmosquitto 1.4.15.
mosquitto version 1.4.15 (build date Sat, 07 Apr 2018 11:16:43 +0100)
I've just started a log trace with the mosquitto server, filtering for your account. It reported the following:
Oct 20 12:00:16 helium mosquitto[2529]: 1540029616: |-- mosquitto_auth_unpwd_check(gbridge-u37) Oct 20 12:00:16 helium mosquitto[2529]: 1540029616: |-- getuser(gbridge-u37) AUTHENTICATED=1 by mysql Oct 20 12:00:16 helium mosquitto[2529]: 1540029616: New client connected from 81.110.90.244 as u37 (c1, k60, u'gbridge-u37'). Oct 20 12:00:16 helium mosquitto[2529]: 1540029616: |-- mosquitto_auth_acl_check(..., client id not available, gbridge-u37, gBridge/u37/d73/onoff, MOSQ_ACL_WRITE) Oct 20 12:00:16 helium mosquitto[2529]: 1540029616: |-- aclcheck(gbridge-u37, gBridge/u37/d73/onoff, 4) CACHEDAUTH: 17 Oct 20 12:00:16 helium mosquitto[2529]: 1540029616: Socket error on client u37, disconnecting.It is sadly only a generic error, not too useful.
Another point: Could you try writing to status topics (with mosquitto_pub) and cross-check with Google Assistant commands whether this works?
from gbridge.
vanceb
commented on June 6, 2024
Issue resolved
Having got mosquitto_sub to work I had elimiated any issues at the gBridge server end, so concentrated on my mosquitto bridge config. I removed all settings not listed in the documentation. The bridge worked. I then gradually re-enabled each of my extra settings to find out which was causing the issue. The config line causing the problem was bridge_protocol_version mqttv311.
My current working config is now as follows:
# =================================================================
# Bridges to Kappelt gBridge for Google Home Automation linkup
# =================================================================
connection gbridge
address mqtt.gbridge.kappelt.net:8883
remote_username gbridge-u37
remote_password <redacted>
# Specifying which topics are bridged
topic gBridge/u37/+/+ in 0
topic gBridge/u37/+/+/set out 0
# Bridge settings
bridge_attempt_unsubscribe true
#bridge_protocol_version mqttv311 # This caused connection errors when enabled
bridge_insecure false
bridge_capath /etc/ssl/certs
bridge_tls_version tlsv1.2
# enabling the connection automatically when the broker starts.
start_type automatic
try_private true
cleansession true
notifications false
log_type all
from gbridge.
Related Issues (20)
- this site is down ?
- Mqtt connection via PubSubClient on ESP12/32 fails HOT 1
- Repeating messages (Spam from gbridge) HOT 1
- Fan speed setting causes a page error
- Device mode does not match
- mosquito_sub Connection Refused: not authorised. HOT 23
- Code not up to date
- Self-hosted version tutorial (w/o Docker) HOT 19
- confirmation email yet
- gBridge : status topic is not working.
- Support contact emails? HOT 6
- Turn this service into an open-source community project HOT 3
- Server Down? HOT 10
- Mqtt connection fails after working for a couple of days. HOT 1
- ColorSetting RGB documentation missing
- Cannot seem to have @ symbol in password
- Self-Hosted Linking "Invalid Redirect Request" HOT 2
- Page expired error - Account linking HOT 1
- Google Actions changed from home control to Smart Home HOT 11
- Status Topic Same for all devices
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from gbridge.