Sudden ERR_CONNECTION_REFUSED Problem [fixed in v1.494]

edited March 5 in Problems Now Fixed

My KiwiSDR refused from now on http-connections.

The KiwiD is running and consuming CPU.

There seems to be no more tcp http-port listener active.

Any ideas what happend?

//Dietmar DL2SBA

-----------------------------------------------------------------------------------------------

root@kiwisdr:~# netstat -a -t tcp,tcp6

Active Internet connections (servers and established)

Proto Recv-Q Send-Q Local Address          Foreign Address        State

tcp       0     0 *:ssh                  *:*                    LISTEN

tcp       0    36 KIWISDR.fritz.box:ssh  DL2SBA-DESKNEU.fr:55363 ESTABLISHED

tcp       0     0 KIWISDR.fritz.box:ssh  DL2SBA-DESKNEU.fr:55333 ESTABLISHED

tcp6      0     0 [::]:http              [::]:*                 LISTEN

tcp6      0     0 [::]:ssh               [::]:*                 LISTEN   

Comments

  • jksjks
    edited March 4

    You sent me a lot of stuff in email. And none of it was useful. What I need to see is the Kiwi log. You can display this by using these commands in a Debian shell:

    cdp

    msl

    This will tell me what version you are running, which port you have configured for the Kiwi (8073? 80?) and if there were any problems opening the port.

    In your email you showed examples of running wget, but on the default port 80. Do you really have your Kiwi configured to accept connections on port 80 instead of 8073?

  • Here the desired info:


    Mar 4 17:40:38 kiwisdr kiwid: 00:00:00.046  KiwiSDR v1.493 --------------------------------------------------------------------

    Mar 4 17:40:38 kiwisdr kiwid: 00:00:00.050  compiled: Mar 4 2022 12:33:05 on kiwisdr

    Mar 4 17:40:38 kiwisdr kiwid: 00:00:00.052  -debian 8

    Mar 4 17:40:38 kiwisdr kiwid: 00:00:00.055  /etc/debian_version 8.11

    Mar 4 17:40:38 kiwisdr kiwid: 00:00:00.059  background mode: delaying start 30 secs...

    Mar 4 17:41:09 kiwisdr kiwid: 00:00:30.115  reading configuration from file /root/kiwi.config/kiwi.json: 407 tokens

    Mar 4 17:41:09 kiwisdr kiwid: 00:00:30.119  reading configuration from file /root/kiwi.config/admin.json: 123 tokens

    Mar 4 17:41:09 kiwisdr kiwid: 00:00:30.506  serial number from EEPROM: 2128

    Mar 4 17:41:09 kiwisdr kiwid: 00:00:30.569  reading configuration from file /root/kiwi.config/dx.json: 8839 tokens

    Mar 4 17:41:09 kiwisdr kiwid: 00:00:30.572  886 dx entries

    Mar 4 17:41:09 kiwisdr kiwid: 00:00:30.589 ....   firmware: SDR_RX4_WF4

    Mar 4 17:41:09 kiwisdr kiwid: 00:00:30.591 ....   firmware: rx_chans=4 wf_chans=4

    Mar 4 17:41:09 kiwisdr kiwid: 00:00:30.594 ....   firmware: RX bufs=4 samps=170 loop=85 rem=0 intr_usec=14166

    Mar 4 17:41:09 kiwisdr kiwid: 00:00:30.594 ....   firmware: WF xfer=9 samps=911 rpt=50 loop=18 rem=11

    Mar 4 17:41:09 kiwisdr kiwid: 00:00:30.594 ....   webserver: listening on port 80/8073 for HTTP connections

    Mar 4 17:41:09 kiwisdr kiwid: 00:00:30.595 ....   webserver: OK, port [::]:80

    Mar 4 17:41:09 kiwisdr kiwid: 00:00:30.826 ....   ### using SPI_DEV /dev/spidev1.0

    Mar 4 17:41:10 kiwisdr kiwid: 00:00:31.618 ....   FPGA version 1

    Mar 4 17:41:10 kiwisdr kiwid: 00:00:32.060 ....   using DC_offsets: I -0.020000 Q -0.020000

    Mar 4 17:41:11 kiwisdr kiwid: 00:00:32.197 ....   ip_blacklist_init_list: 1 entries: ip_blacklist

    Mar 4 17:41:11 kiwisdr kiwid: 00:00:32.346 ....   starting noip.com DUC

    Mar 4 17:41:12 kiwisdr kiwid: 00:00:33.445 ....   PROXY: NO dom_sel_menu=0

    Mar 4 17:41:12 kiwisdr kiwid: 00:00:33.521 ....   ip_blacklist_add_iptables: "iptables -A KIWI -s 47.88.219.24/24 -j DROP" rv=0

    Mar 4 17:41:12 kiwisdr kiwid: 00:00:33.528 ....   ip_blacklist_init_list: 0 entries: ip_blacklist_local

    Mar 4 17:41:13 kiwisdr kiwid: 00:00:34.778 ....   UPDATE: check scheduled (startup)

    Mar 4 17:41:13 kiwisdr kiwid: 00:00:34.781 ....   UPDATE: checking for updates

    Mar 4 17:41:14 kiwisdr kiwid: 00:00:35.121 ....   NET(0): private IPv4 <192.168.2.77> 0xc0a8024d /24 0xffffff00 eth0

    Mar 4 17:41:14 kiwisdr kiwid: 00:00:35.126 ....   NET(0): private IPv6 LINK-LOCAL <fe80::9a5d:adff:fe7f:456a%eth0> /64 ff:ff:ff:ff:ff:ff:ff:ff:00:00:00:00:00:00:00:00: eth0

    Mar 4 17:41:14 kiwisdr kiwid: 00:00:35.129 ....   auto NAT is set false

    Mar 4 17:41:15 kiwisdr kiwid: 00:00:37.048 ....   UPDATE: version 1.493 is current

    Mar 4 17:41:17 kiwisdr kiwid: 00:00:38.496 ....   TIMEZONE: lat/lon from admin public config: (48.669998, 9.240000)

    Mar 4 17:41:18 kiwisdr kiwid: 00:00:39.596 ....   IPINFO: public ip XXX.10.169.XXX from get.geojs.io

    Mar 4 17:41:18 kiwisdr kiwid: 00:00:39.604 ....   IPINFO: lat/lon = (47.832401, 10.028800) from get.geojs.io

    Mar 4 17:41:18 kiwisdr kiwid: 00:00:39.698 ....   TIMEZONE: from timezonedb.com for (48.669998, 9.240000): utc_offset=3600/1.0 dst_offset=0/0.0

    Mar 4 17:41:18 kiwisdr kiwid: 00:00:39.704 ....   TIMEZONE: "CET", "Europe\/Berlin"

    Mar 4 17:41:23 kiwisdr kiwid: 00:00:44.190 ....   MY_KIWI: registered

  • Okay, you have found a very important bug. And I thank you very much for that.

    Until the next release (which I'm trying to get out as soon as possible) please use this workaround: Change your "internal port" number on the admin network tab from "80" to "8073" and then temporarily use port 8073 when connecting to your Kiwi from the internal network, e.g. my_kiwi:8073 instead of simply my_kiwi (port 80 implied).

    Why this has occurred: Recent releases contain SSL code in the Kiwi networking stack. But SSL is not actually available to try because certain services on kiwisdr.com still have to be made available as both https and http (backward compatible), notably the proxy and TDoA service.

    On Kiwis configured to use port 8073 there is never any need to open port 80. But when SSL is enabled port 80 must be opened so Let's Encrypt can perform certificate authentication challenges on port 80 (it cannot use any other port). The Kiwi code restricts the type of web traffic that can appear on port 80 to only these challenges since an open port 80 to the Internet (if so configured) will receive a lot of unwanted abuse. This is fine except when port 80 has also been configured as the internal port to use. Then these restrictions must not be applied.

    The bug is that I was checking for port 80 on the external port number, not the internal one. This is incorrect of course and explains why your wget's were seeing 403 ("unauthorized") errors. I don't understand how this escaped my testing as I remember checking it. But here we are.

    That's way more than you wanted to know. But also exactly why I wanted to release the SSL code now. So these types of problems could be worked out before a general SSL release. That's going to cause enough problems on its own..

  • edited March 4

    Thanks for your feedback!


    I've tried this also before

    http://192.168.2.77:8073/admin

    I still get ERR_CONNECTION_REFUSED.

    If I'm correct there are no listen ports on tcp:80 or tcp:8073 open?!


    root@kiwisdr:~/Beagle_SDR_GPS# netstat -t tcp -a

    Active Internet connections (servers and established)

    Proto Recv-Q Send-Q Local Address      Foreign Address     State

    tcp    0   0 *:ssh          *:*           LISTEN

    tcp    0   36 KIWISDR.fritz.box:ssh  DL2SBA-DESKNEU.fr:59838 ESTABLISHED

    tcp    0   0 KIWISDR.fritz.box:ssh  DL2SBA-DESKNEU.fr:59844 ESTABLISHED

    tcp6    0   0 [::]:http        [::]:*         LISTEN

    tcp6    0   0 [::]:ssh        [::]:*         LISTEN   

  • jksjks
    edited March 4

    You can't connect on port 8073 until you change the internal port to 8073. The log message webserver: listening on port 80/8073 for HTTP connections means the internal port is set to 80 and the external set to 8073. But only the internal port is used for connections from the local network. The "external" port is used for things like the NAT rule sent to your router via uPNP.

    When properly setup the log message will say webserver: listening on port 8073/8073 for HTTP connections

  • Sri but I don't get the point, how to display the admin panel:

    http://192.168.2.77:8073/admin <- did not work as you explained

    http://192.168.2.77/admin <-- is blocked by HTTP 403

  • Ah, okay. I was so busy explaining that problem that I forgot you are now locked-out of admin access due to the bug. You have to repair it manually. ssh into the Kiwi. Then do this:

    cdp

    mst (stops server)

    cdk

    Use a text editor of your choice, e.g. nano, vi, ed

    nano admin.json

    Change "port":80, to "port":8073,

    Save file.

    cdp

    msa (starts server)

    Wait 45 seconds. Now you should be able to connect on port 8073.

  • Tnx Kiwi is back - tomorrow I will bring it back into the shed.

    Hope you can fix it with the next release!

  • Fix is already tested. So just need to get one other issue sorted, then I can release.

    Apologies for the inconvenience, but thank you for contributing to the development.

  • :-) w/c


    //Dietmar

Sign In or Register to comment.