Jump to content

Ontinuing issues with syncing over https


mitch236

Recommended Posts

Posted

I have purchased and installed a proper SSL certificate and installed it properly into the 994IR Pro. Despite that, every once in a while, I get a communication error while using Mobilinc outside of my home network (over https). Is there a way to diagnose what's happening? My basic network setup includes a static IP address issued by DynDns to synchronize with my dynamic IP address issued by AT&T using a 2-wire router with the firewall opened for port 443.

Posted

Hi Mitch,

 

If HTTPS works at all for you then, under normal circumstances, the SSL path is good between MobiLinc and the ISY.

 

If this happens occasionally...I'm not sure. What's the exact error message you are receiving? If you force HTTPS while on your local Wi-Fi network, do you have any issues? Could it just be due to a cell connection and natural causes?

 

Wes

Posted

I've been hoping Wes would give us a logging option with a lot of verbosity for these very issues. Although, most of the time, it's my nexus's radios being turned off, but often enough I can get out on Google but Mobilinc will just not connect with the isy, when I can use another computer and be up in the admin console the whole time watching variables change etc, so I know it's some other angle besides radios sometimes.

 

Ideally I would like to see the raw soap going back and forth with time stamps.

Posted

Hi arw01,

 

Here's a brain dump of some thoughts on this topic:

 

Keep in mind when testing connections that not all connections are equal. Meaning, the ISY and MobiLinc have a limited time window to negotiate a direct SSL handshake. Should there be unusual delays or data integrity issue on the cell connection, then SSL will (correctly) fail since neither the ISY or MobiLinc can guarantee that it's actually entering into a secure connection with each other.

 

When going to http://google.com this is an unencrypted website moing very little data. Even in very bad network conditions this will typically work. A better test would be to go to the ISY IP address using HTTPS on your device's web browser. Even this test isn't 100% since it's not establishing the critical real-time channel that MobiLinc uses for real-time information exchanges with the ISY.

 

High bit counts (2048) in the SSL cert make potential issues worse since we see about a 7-15 second delay in establishing an SSL handshake with the ISY under high secure encryption bit settings. Make sure you are running the latest from the Google Play store as we increased the timeouts here for this very reason about a month ago.

 

You won't be able to see the raw messages going back and forth when using HTTPS/SSL since that data is encrypted. You'd need to use a packet sniffer on your local LAN and turn HTTPS off to see the raw messages.

 

Logging is an option we can consider. I'm not convinced it will actually show you what you'd need to know. All it would indicate is that a message failed to send...which you already know due to the error message. Could be a lot of reasons why that would happen. Most all are outside of MobiLinc's visibility.

 

Wes

Posted

Wes, thanks for the explanation. I guess I should accept that occasionally I will see errors since I am using 2048 bit SSL certs. I guess what would be cool is if there was a way to have my Mobilinc and ISY create an individual secure connection scheme (like a VPN) so that only my Mobilinc running on my iPhone would be able to connect to my ISY using that pre-arranged secure portal so that I wouldn't need to perform the security handshake each time I launch the Mobilinc.

Posted

Hi Mitch,

 

What you described is exactly our MobiLinc Connect service. We handle all the communication including the security at our server level for both the ISY and MobiLinc. It's fast and reliable and free to try for 30 days.

 

Wes

Posted

Had trouble with this yesterday on the local network. Flipping a irrigation valve on and off in less than the timeout of a subcription to the ISY, my mobilinc just would not re-connect and send the on command for over a minute. The wifi does not fall asleep instantly when the screen is blanked does it?

 

Maddening standing there waiting and not knowing what is failing where so i can address it.

 

Alan

Posted

Hi Alan,

 

I can't confirm if Wi-Fi falls asleep with the device's screen. This would be up to the handset manufacturers and the Android OS. What I can confirm is that MobiLinc shuts down the subscription channel when the app isn't in use for battery life reasons. IE closed or the device is asleep.

 

What you are describing makes sense to me. If you put the device to sleep, MobiLinc shuts down the subscription channel. When you wake your device back up, MobiLinc starts to connect to the ISY again. If you are using a 2048-bit cert, this will take some time for both the ISY and MobiLinc on the device to negotiate the SSL handshake. A 1024-bit cert would be quite a bit quicker in the SSL handshake. Something to try if you are looking to trade speed for a lower bit count in the cert.

 

If Wi-Fi is indeed powering off, then that will only serve to lengthen the startup process when you wake your device as it needs to negotiate and log back into your Wi-Fi network.

 

Or, you could always try MobiLinc Connect where we manage the connections for you in our cloud servers providing industry standard security channels to MobiLinc and your ISY all while minimizing the speed impacts to both end points.

 

Wes

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...