djones1415 Posted January 19, 2013 Posted January 19, 2013 I am getting an error message when trying to connect to the admin console over the internet. "Socket Open Failed javax.net.ssi.SSLHandleShakeException: Remote host closed connection during handshake" I am able to log in to the ISY - enter name, password, handle devices, scenes, etc. And I am able to get to the admin console just fine using same browser (IE) when I come in from my local network (port forwarding all set properly). But can't get to the admin console when coming in from the outside. Any ideas? Thanks
Michel Kohanim Posted January 20, 2013 Posted January 20, 2013 Hello djones1415, Yes, indeed. Please upgrade your Java to 1.7.11 (http://www.java.com/getjava) and retry. With kind regards, Michel
djones1415 Posted January 20, 2013 Author Posted January 20, 2013 Thanks, Michel. That did it. Two questions: 1)Mozilla tells me that "this plugin has security vulnerabilities." Should I just ignore this and use anyway? Internet Explorer doesn't warn me. Both load the admin console. Does it matter which browser I use to access the ISY? 2) The ISY tells me using the default certificate is a security risk. I clicked to request one, but after reading the pdf pretty quickly realized I was way out of my depth on understanding what I was doing from a network perspective. If it really matters, I'll wade through the instructions, but if it doesn't, I'll just ignore. What do you think?
Michel Kohanim Posted January 21, 2013 Posted January 21, 2013 Hello djones1415, 1)Mozilla tells me that "this plugin has security vulnerabilities." Should I just ignore this and use anyway? If you are on 1.7.11 (you can verify by going to Java Properties in Control Panel), then you are OK Internet Explorer doesn't warn me. Sometimes, you might have to reboot computer for some of these settings to take effect Both load the admin console. Does it matter which browser I use to access the ISY? No. This said, I recommend not using a browser at all: viewtopic.php?f=44&t=10409&p=79281#p79281 2) The ISY tells me using the default certificate is a security risk. I clicked to request one, but after reading the pdf pretty quickly realized I was way out of my depth on understanding what I was doing from a network perspective. If it really matters, I'll wade through the instructions, but if it doesn't, I'll just ignore. What do you think? Although the risk is very low, here's the high level view: all ISYs come out of factory with the same security certificate. So: 1. IF you are accessing your ISY remotely AND 2. IF you have the default certificate AND 3. IF someone manages to crack ISY's default certificate AND 4. IF they know your IP address/port --> Then they can sniff/decrypt the traffic between you and your ISY and figure out your password. The best thing to do would be to install a Self-Signed Certificate. The instructions are pretty simple and, in case you have any problems, please contact us and we'll help you. With kind regards, Michel
djones1415 Posted January 28, 2013 Author Posted January 28, 2013 Thanks. This all worked fine. Was able to come in over the internet. And used the shortcut created by the procedure above (instead of using a browser). Everything worked fine for a few days. Now I again can't come in over the internet. Slightly different message: "XML Parse Error https://..... as well as another error message: "Socket Open Failed java.net.ConnectException: Connection refused: no further information" I can come in fine inside the network, just not over the internet. I made no changes to the router or modem. It just stopped allowing me in for some reason. Any ideas? Thanks
Michel Kohanim Posted January 29, 2013 Posted January 29, 2013 Hi djones1415, I think your port forwarding rules are no longer there. If you used File | Enable Internet Access, please retry it. This said, it's always best to create port forwarding rules manually: http://wiki.universal-devices.com/index ... PnP_Router With kind regards, Michel
djones1415 Posted January 30, 2013 Author Posted January 30, 2013 Michel I checked, and the port forwarding rules are still there. As far as I know, nothing changed in the router. I've looked through all of the pages and see nothing unusual. I also verified that the external IP address hasn't changed. This was working fine: I was able to get in to the ISY from external address for many days. Then I couldn't. I am now getting a different error message: "XML Parse Error https://.... and "Socket Open Failed java.net.Socket TimeoutException" Wondering if maybe something had happened to the Java cache, I cleared the cache, and reinstalled the admin console shortcut (using the admin.jnlp file). It installed fine. When I fire up the admin console, I get the ISY Finder screen that lists both the local IP address and the external IP address, both addresses appended by "/desc" ... all as it should be. I can click on the local address and get into the ISY. Clicking on the external address gives me the above error messages after a pause. Thanks for any suggestions.
djones1415 Posted March 13, 2013 Author Posted March 13, 2013 Thanks. This all worked fine. Was able to come in over the internet. And used the shortcut created by the procedure above (instead of using a browser). Everything worked fine for a few days. Now I again can't come in over the internet. Slightly different message: "XML Parse Error https://..... as well as another error message: "Socket Open Failed java.net.ConnectException: Connection refused: no further information" I can come in fine inside the network, just not over the internet. I made no changes to the router or modem. It just stopped allowing me in for some reason. Any ideas? Thanks Once again...same problem. The above problem resolved itself after I rebooted the ISY. Have been able to access over the internet for weeks. Then it stopped again. Came home, able to come in over the local network - just not from external. Rebooted ISY. Worked fine again for weeks. Now it has happened again. I'll reboot tonight. It's just very frustrating that something in the ISY stops allowing access from the internet. Rebooting fixes. By the way, when this happens (can't access from a browser) I also can't get the ISY's attention with MobiLinc. Just times out. Any ideas, Michel? Tks
Xathros Posted March 13, 2013 Posted March 13, 2013 djones1415- The fact that it continues to work over the LAN leads me to suspect your router. Does Mobilinc also work when on the LAN during one of these episodes? How is the ISY's IP configured? Static? Based on MAC reservation in the router or configured in the ISY Admin console? What is the router? Does it do UPnP and if so, is that enabled in the router? -Xathros
djones1415 Posted March 13, 2013 Author Posted March 13, 2013 djones1415- The fact that it continues to work over the LAN leads me to suspect your router. Does Mobilinc also work when on the LAN during one of these episodes? How is the ISY's IP configured? Static? Based on MAC reservation in the router or configured in the ISY Admin console? What is the router? Does it do UPnP and if so, is that enabled in the router? -Xathros It works over the internet as well. It just stops until a reboot of the ISY - with no change to the router. That doesn't sound like a router issue. 1) Static IP. 2) Not MAC reserved 3) Linksys 4) Yes But, like I said, it works fine until it doesn't...then an ISY reboot fixes for a while, then another ISY reboot required.
Xathros Posted March 13, 2013 Posted March 13, 2013 I understand but, the fact that the ISY continues to accept local connections, the static ip hasn't changed and ISY is otherwise functioning normally once you take the NAT router out of the way, tells me that the failure is upstream somewhere. Rebooting the ISY may just be correcting a failure in the router when the ISY reconnects at startup If you are not using the UPnP function in the router for anything else, try disabling that and see if the problem goes away. What model Linksys? Latest formware for that router? You could also try rebooting just the router instead next time and see if that fixes it as well. -Xathros
djones1415 Posted March 13, 2013 Author Posted March 13, 2013 I understand but, the fact that the ISY continues to accept local connections, the static ip hasn't changed and ISY is otherwise functioning normally once you take the NAT router out of the way, tells me that the failure is upstream somewhere. Rebooting the ISY may just be correcting a failure in the router when the ISY reconnects at startup If you are not using the UPnP function in the router for anything else, try disabling that and see if the problem goes away. What model Linksys? Latest formware for that router? You could also try rebooting just the router instead next time and see if that fixes it as well. -Xathros Thanks...I'll try it.
djones1415 Posted March 14, 2013 Author Posted March 14, 2013 I understand but, the fact that the ISY continues to accept local connections, the static ip hasn't changed and ISY is otherwise functioning normally once you take the NAT router out of the way, tells me that the failure is upstream somewhere. Rebooting the ISY may just be correcting a failure in the router when the ISY reconnects at startup If you are not using the UPnP function in the router for anything else, try disabling that and see if the problem goes away. What model Linksys? Latest formware for that router? You could also try rebooting just the router instead next time and see if that fixes it as well. -Xathros 1) Tried rebooting the router first. Couldn't get to the ISY through the Internet. 2) Rebooted the ISY. Can now get to the ISY through the Internet. ----- Router is Linksys WRT54G I don't see the UPnP function anywhere in the router or any settings for UPnP, and I don't know what that is. -------- Is working now...and I predict will work for a while, then will stop until I reboot the ISY again. Do you still think it's a router issue?
Michel Kohanim Posted March 14, 2013 Posted March 14, 2013 Hi djones1415, When you go to Help | About, what do you see for Internet Access? With kind regards, Michel
djones1415 Posted March 14, 2013 Author Posted March 14, 2013 Hi djones1415, When you go to Help | About, what do you see for Internet Access? With kind regards, Michel Michel: Internet Access: https://xx.xxx.xxx.xxx/ where the x's are the IP address of my router
Michel Kohanim Posted March 14, 2013 Posted March 14, 2013 Thank you. This means that ISY configures your router using UPnP. It also means that if the router is by any chance rebooted, then the port forwarding rules are wiped out. And, that's why rebooting ISY fixes the issue because upon reboot, ISY reconfigures your router. What you need to do instead is to: http://wiki.universal-devices.com/index ... PnP_Router With kind regards, Michel
Xathros Posted March 14, 2013 Posted March 14, 2013 1) Tried rebooting the router first. Couldn't get to the ISY through the Internet. 2) Rebooted the ISY. Can now get to the ISY through the Internet. ----- Router is Linksys WRT54G I don't see the UPnP function anywhere in the router or any settings for UPnP, and I don't know what that is. -------- Is working now...and I predict will work for a while, then will stop until I reboot the ISY again. Do you still think it's a router issue? Not as fully convinced now but we have not ruled it out yet either. Next time this occurs, Connect to the ISY via the LAN and check Help / About for the internet access line and see what that says when it's not working. -Xathros
djones1415 Posted March 23, 2013 Author Posted March 23, 2013 Thank you. This means that ISY configures your router using UPnP. It also means that if the router is by any chance rebooted, then the port forwarding rules are wiped out. And, that's why rebooting ISY fixes the issue because upon reboot, ISY reconfigures your router. What you need to do instead is to: http://wiki.universal-devices.com/index ... PnP_Router With kind regards, Michel I have read through the instructions. I'm not crazy about opening up the router to "anonymous Internet requests" as the instructions say. If I understand correctly, however, I should be able to access remotely as long as I make sure to reboot the ISY any time the router reboots. Right? (By the way, I've had no trouble accessing remotely for a few weeks now. The router hasn't rebooted.)
Michel Kohanim Posted March 24, 2013 Posted March 24, 2013 Hello djones1415, Using File | Enable Internet Access does precisely what you are not crazy about. The only difference between the two methods is whether or not you want ISY to automatically do it (which is not stable) or you want to do it yourself (which lasts router reboots). Alternatively, you can use MobiLinc Connect service which relieves you from having to open any ports as ISY will make an outbound connection. With kind regards, Michel
Recommended Posts