5 posts / 0 new
Last post
cods4
Server V3 Documentation

Where is this so called documentation for MQTT / server v3? I must be blind, but I can't find any documentation on V3 protocol except a short paragraph to say it is recomended for developer use only.

 

I have it working locally on my network, and I now want to use it remotely over 3g/4g.

I have forwarded port 8883 in my router, but I suspect because I am using an unsigned certificate in mosquitto, OVMS is failing to connect.
I'm getting

mongoose: mg_ssl_if_mbed_err ..... SSL error: -9984

Do I need to setup mosquitto with a signed cert via LE, or can I disable certificate checking in OVMS?

markwj
markwj's picture
There isn't really any

There isn't really any documentation for v3, as it is still experimental and under development. All the Apps and servers we have are v2 protocol at the moment.

If you really want to use it (for home automation, etc) the best is to search the developer's mailing list archives.

google
site:lists.openvehicles.com/pipermail/ovmsdev/ mqtt v3

The issue you are having is most likely trusting your self-signed cert. You can find information on how to handle that here:

https://docs.openvehicles.com/en/latest/userguide/ssltls.html

 

cods4
Thanks very much for your help!

Thanks very much for your help!

Unfortunately though, I am still having major trouble with getting the ssl handshake to succeed.

Here are my log entries. I think I am still having the same error I have been having from the start, but I have sunk a fair few hours into getting my ssl certs working correctly.

 

2022-08-19 23:59:09.774 NZST I (270304) ovms-server-v3: Status: Server has been started
2022-08-19 23:59:09.774 NZST I (270304) ovms-server-v3: OVMS Server v3 running
2022-08-19 23:59:09.784 NZST I (270314) ovms-server-v3: Connection is ############:8883 ZE1-######/cods4 topic ovms/cods4/ZE1-######/
2022-08-19 23:59:09.794 NZST I (270324) ovms-server-v3: Status: Connecting...
2022-08-19 23:59:09.864 NZST I (270394) webserver: HTTP POST /api/execute
2022-08-19 23:59:09.864 NZST I (270394) webcommand: HttpCommandStream[0x3f841c6c]: 3968152 bytes free, executing: server v3 status
2022-08-19 23:59:09.864 NZST I (270394) webserver: HTTP POST /api/execute
2022-08-19 23:59:09.874 NZST I (270404) webcommand: HttpCommandStream[0x3f83a1dc]: 3957036 bytes free, executing: server v3 status
2022-08-19 23:59:09.884 NZST I (270414) webserver: HTTP POST /api/execute
2022-08-19 23:59:09.884 NZST I (270414) webcommand: HttpCommandStream[0x3f838958]: 3945224 bytes free, executing: server v3 status
2022-08-19 23:59:09.904 NZST I (270434) webserver: HTTP POST /api/execute
2022-08-19 23:59:09.904 NZST I (270434) webcommand: HttpCommandStream[0x3f840988]: 3934612 bytes free, executing: server v3 status
2022-08-19 23:59:18.804 NZST I (279334) cellular: Signal Quality is: 16 (-81 dBm)
2022-08-19 23:59:21.804 NZST I (282334) cellular: Signal Quality is: 21 (-71 dBm)
2022-08-19 23:59:27.804 NZST I (288334) cellular: Signal Quality is: 17 (-79 dBm)
2022-08-19 23:59:28.124 NZST W (288654) ovms-server-v3: Connection failed
2022-08-19 23:59:28.124 NZST E (288654) ovms-server-v3: Status: Error: Connection failed
2022-08-19 23:59:28.134 NZST E (288664) mongoose: mg_ssl_if_mbed_err   0x3f838a68 SSL error: -1
2022-08-19 23:59:28.134 NZST W (288664) ovms-server-v3: Connection failed
2022-08-19 23:59:28.134 NZST E (288664) ovms-server-v3: Status: Error: Connection failed
2022-08-19 23:59:28.144 NZST I (288674) ovms-server-v3: Status: Disconnected from OVMS Server V3

 

 

 

When I run this command on another device

openssl s_client -connect XXXXXXXXXX:8883 -servername XXXXXXXXXXXX -showcerts </dev/null

I get this, which I think means my cert is working correctly

Server certificate
subject=CN = XXXXXXXXXXX

issuer=C = US, O = Let's Encrypt, CN = R3

---
No client certificate CA names sent
Peer signing digest: SHA256
Peer signature type: RSA-PSS
Server Temp Key: X25519, 253 bits
---
SSL handshake has read 4936 bytes and written 389 bytes
Verification: OK
---
New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384
Server public key is 2048 bit
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
Early data was not sent
Verify return code: 0 (ok)
---
DONE

 

So does it look like I'm just not loading my ca.pem file into ovms correctly? Or have I possibly missed something else?

dexter
dexter's picture
SSL error

See manual, it seems you're now using a cert issued by Let's encrypt, so you don't need to add a PEM for that.

Back to your OP: you wrote the OVMS can connect locally, i.e. via Wifi. If only connecting via cellular fails, you should check if your cellular provider blocks port 8883. And you should check if your router config actually works for external connections.

Another option is to check if there's an issue with your host name vs. the DNS used by the module.

 

cods4
Finally figured it out

After another late saturday night chipping away at this, I finally figured it out.

I think my SSL configuration was ok the whole time, but my firewall (pfsense) was blocking some traffic between my IOT network, and my LAN. Even if I created a rule to explicitly allow all traffic from OVMS to mosquitto, the traffic was still blocked. By the sound of it, there could be some weird stuff going on in the packets which pfsense is picking up and decides to block.

Anyway, with OVMS on the gsm network, with Server V3 running, it now connects and starts working.

Thanks for your help!

Log in or register to post comments