MQTT Connection issues on WP7702 [AWS]

johannes.lehtonen · February 17, 2021, 6:41pm

I’m trying to connect a WP7702 to AWS IoT Core over MQTT. I’ve added the embedded C sdk with mbedtls on the device and made a test app. All is good until we get to the part where a connection is attempted.

sdkComponent.c (7.2 KB) My component source.

Feb 17 18:19:56 swi-mdm9x28-wp user.info Legato:  INFO | awsComponentExe[5877]/sdkComponent T=main | sdkComponent.c _sdkComponent_COMPONENT_INIT() 256 | Starting AWS SDK
Feb 17 18:19:56 swi-mdm9x28-wp user.info Legato:  INFO | awsComponentExe[5877]/sdkComponent T=main | sdkComponent.c _sdkComponent_COMPONENT_INIT() 265 | Currently: 2
Feb 17 18:19:57 swi-mdm9x28-wp user.info Legato:  INFO | awsComponentExe[5877]/sdkComponent T=main | sdkComponent.c _sdkComponent_COMPONENT_INIT() 270 | Requesting connection...
Feb 17 18:20:06 swi-mdm9x28-wp user.info Legato:  INFO | awsComponentExe[5877]/sdkComponent T=main | sdkComponent.c ConnectionStateHandler() 244 | Interface rmnet_data0 connected.
Feb 17 18:20:06 swi-mdm9x28-wp user.info Legato:  INFO | awsComponentExe[5877]/sdkComponent T=main | sdkComponent.c run_main() 104 |  AWS IoT SDK Version 3.0.1-
Feb 17 18:20:06 swi-mdm9x28-wp user.info Legato:  INFO | awsComponentExe[5877]/sdkComponent T=main | sdkComponent.c run_main() 110 | rootCA /certs/rootCA.crt
Feb 17 18:20:06 swi-mdm9x28-wp user.info Legato:  INFO | awsComponentExe[5877]/sdkComponent T=main | sdkComponent.c run_main() 111 | clientCRT /certs/certificate.pem
Feb 17 18:20:06 swi-mdm9x28-wp user.info Legato:  INFO | awsComponentExe[5877]/sdkComponent T=main | sdkComponent.c run_main() 112 | clientKey /certs/private.pem
Feb 17 18:20:06 swi-mdm9x28-wp user.info Legato:  INFO | awsComponentExe[5877]/sdkComponent T=main | sdkComponent.c run_main() 139 | Connecting...
Feb 17 18:20:06 swi-mdm9x28-wp user.info Legato:  INFO | awsComponentExe[5877]/sdkComponent T=main | network_mbedtls_wrapper.c iot_tls_connect() 148 |    . Seeding the random number generator...
Feb 17 18:20:06 swi-mdm9x28-wp user.info Legato:  INFO | awsComponentExe[5877]/sdkComponent T=main | network_mbedtls_wrapper.c iot_tls_connect() 156 |   . Loading the CA root certificate ...
Feb 17 18:20:06 swi-mdm9x28-wp user.info Legato:  INFO | awsComponentExe[5877]/sdkComponent T=main | network_mbedtls_wrapper.c iot_tls_connect() 162 |  ok (0 skipped)
Feb 17 18:20:06 swi-mdm9x28-wp user.info Legato:  INFO | awsComponentExe[5877]/sdkComponent T=main | network_mbedtls_wrapper.c iot_tls_connect() 164 |   . Loading the client cert. and key...
Feb 17 18:20:06 swi-mdm9x28-wp user.info Legato:  INFO | awsComponentExe[5877]/sdkComponent T=main | network_mbedtls_wrapper.c iot_tls_connect() 177 |  ok
Feb 17 18:20:06 swi-mdm9x28-wp user.info Legato:  INFO | awsComponentExe[5877]/sdkComponent T=main | network_mbedtls_wrapper.c iot_tls_connect() 179 |   . Connecting to a1o5neajgmytt9-ats.iot.eu-central-1.amazonaws.com/8883...
Feb 17 18:20:06 swi-mdm9x28-wp user.err Legato: =ERR= | awsComponentExe[5877]/sdkComponent T=main | network_mbedtls_wrapper.c iot_tls_connect() 182 |  failed   ! mbedtls_net_connect returned -0x52
Feb 17 18:20:06 swi-mdm9x28-wp user.err Legato: =ERR= | awsComponentExe[5877]/sdkComponent T=main | sdkComponent.c run_main() 143 | Error(-23) connecting to a1o5neajgmytt9-ats.iot.eu-central-1.amazonaws.com:8883
Feb 17 18:20:06 swi-mdm9x28-wp user.info Legato:  INFO | awsComponentExe[5877]/sdkComponent T=main | sdkComponent.c ConnectionStateHandler() 250 | Interface  disconnected.

The error is MBEDTLS_ERR_NET_UNKNOWN_HOST which is commented with "Failed to get an IP address for the given host.

I made a test app on PC and ran the sample apps just fine so all the connection information is correct. I can also ping and telnet the endpoint on PC:

johannes@legato-dev:~$ ping a1o5neajgmytt9-ats.iot.eu-central-1.amazonaws.com
PING a1o5neajgmytt9-ats.iot.eu-central-1.amazonaws.com (18.195.54.196) 56(84) bytes of data.
64 bytes from ec2-18-195-54-196.eu-central-1.compute.amazonaws.com (18.195.54.196): icmp_seq=1 ttl=234 time=34.5 ms
64 bytes from ec2-18-195-54-196.eu-central-1.compute.amazonaws.com (18.195.54.196): icmp_seq=2 ttl=234 time=34.2 ms

johannes@legato-dev:~$ telnet a1o5neajgmytt9-ats.iot.eu-central-1.amazonaws.com 8883
Trying 18.194.135.217...
Connected to a1o5neajgmytt9-ats.iot.eu-central-1.amazonaws.com.    
johannes@legato-dev:~$ telnet a1o5neajgmytt9-ats.iot.eu-central-1.amazonaws.com 443
Trying 35.157.179.254...
Connected to a1o5neajgmytt9-ats.iot.eu-central-1.amazonaws.com.

But on the device it fails with telnet:

root@swi-mdm9x28-wp:~# ping a1o5neajgmytt9-ats.iot.eu-central-1.amazonaws.com
PING a1o5neajgmytt9-ats.iot.eu-central-1.amazonaws.com (18.192.252.248): 56 data bytes
64 bytes from 18.192.252.248: seq=0 ttl=239 time=69.754 ms
64 bytes from 18.192.252.248: seq=1 ttl=239 time=93.814 ms

root@swi-mdm9x28-wp:~# telnet a1o5neajgmytt9-ats.iot.eu-central-1.amazonaws.com 8883
Connection closed by foreign host
root@swi-mdm9x28-wp:~# telnet a1o5neajgmytt9-ats.iot.eu-central-1.amazonaws.com 443
Connection closed by foreign host

My device information:

root@swi-mdm9x28-wp:~# cm info
Device:                        WP7702
IMEI:                          352653090160540
IMEISV:                        5
FSN:                           VU926300110710
Firmware Version:              SWI9X06Y_02.35.02.00 5208b3 jenkins 2020/06/10 00:30:12
Bootloader Version:            SWI9X06Y_02.35.02.00 5208b3 jenkins 2020/06/10 00:30:12
MCU Version:                   002.014
PRI Part Number (PN):          9908741
PRI Revision:                  002.001 
Carrier PRI Name:              GENERIC
Carrier PRI Revision:          001.064_001
SKU:                           1104214
Last Reset Cause:              Power Down
Resets Count:                  Expected: 176	Unexpected: 0
root@swi-mdm9x28-wp:~# legato version
19.11.2_f16c0ec00a58a647d801735f92005e87

I can also fetch websites with curl without any problems. Is this a firewall thing or what’s going on?

jyijyi · February 18, 2021, 7:35am

Telnet somehow is just a TCP connection, I have tried on module that to telnet to a public TCP server, it still connects.

root@fx30:~# telnet a1o5neajgmytt9-ats.iot.eu-central-1.amazonaws.com 8883
Console escape. Commands are:

 l      go to line mode
 c      go to character mode
 z      suspend telnet
 e      exit telnet

You can shut down firewall by:

iptables -I INPUT -j ACCEPT

Btw, is real IP address inside program working?
You can see below case:

johannes.lehtonen · February 18, 2021, 8:43am

Hi,

as a matter of fact the IP address did successfully connect. The ssl handshake is still failing though. I’ll confirm the root certificate I used is correct. What exactly is the reason the url didnt work but IP address did?

Feb 18 10:36:25 swi-mdm9x28-wp user.info Legato:  INFO | dcsDaemon[6185]/dcs T=main | dcsTech.c le_dcsTech_Start() 338 | Request to start channel 1 of technology cellular
Feb 18 10:36:25 swi-mdm9x28-wp daemon.info dnsmasq[827]: reading /etc/resolv.conf
Feb 18 10:36:25 swi-mdm9x28-wp daemon.info dnsmasq[827]: using nameserver 195.197.54.100#53
Feb 18 10:36:25 swi-mdm9x28-wp daemon.info dnsmasq[827]: using nameserver 195.74.0.47#53
Feb 18 10:36:25 swi-mdm9x28-wp daemon.info dnsmasq[827]: using nameserver 2001:998:20::20#53
Feb 18 10:36:25 swi-mdm9x28-wp daemon.info dnsmasq[827]: using nameserver 2001:998:20::40#53
Feb 18 10:36:26 swi-mdm9x28-wp user.info Legato:  INFO | modemDaemon[6216]/swiQmi T=main | swiQmi.c swiQmi_InitQmiService() 600 | qmi_client_get_service_list num_entries 1 num_services=1
Feb 18 10:36:27 swi-mdm9x28-wp user.info Legato:  INFO | dcsDaemon[6185]/dcsCellular T=main | dcsCellular.c le_dcsCellular_Start() 1079 | Succeeded starting cellular connection 1
Feb 18 10:36:27 swi-mdm9x28-wp user.info Legato:  INFO | dcsDaemon[6185]/dcsCellular T=main | dcsCellular.c DcsCellularConnEventStateHandler() 254 | State of connection 1 transitioned from down to up
Feb 18 10:36:27 swi-mdm9x28-wp user.info Legato:  INFO | dcsDaemon[6185]/dcsDaemon T=main | dcsServer.c ChannelEventHandler() 780 | Received for channel reference 0xfd event Up
Feb 18 10:36:27 swi-mdm9x28-wp user.info Legato:  INFO | dcsDaemon[6185]/dcsDaemon T=main | dcsServer.c SetDefaultGWConfiguration() 426 | Setting default GW address on device
Feb 18 10:36:28 swi-mdm9x28-wp user.info Legato:  INFO | dcsDaemon[6185]/dcsNet T=main | dcsNet.c le_net_SetDefaultGW() 827 | Succeeded to set default GW addr on interface rmnet_data0 for channel 1 of technology cellular
Feb 18 10:36:28 swi-mdm9x28-wp user.info Legato:  INFO | dcsDaemon[6185]/dcsDaemon T=main | dcsServer.c SetDnsConfiguration() 584 | Setting DNS server addresses on device
Feb 18 10:36:28 swi-mdm9x28-wp user.info Legato:  INFO | dcsDaemon[6185]/le_pa_dcs T=main | pa_dcs_linux.c pa_dcs_SetDnsNameServers() 324 | Set DNS '2001:998:20::20' '2001:998:20::40'
Feb 18 10:36:28 swi-mdm9x28-wp user.info Legato:  INFO | dcsDaemon[6185]/le_pa_dcs T=main | pa_dcs_linux.c pa_dcs_SetDnsNameServers() 349 | DNS 1 '2001:998:20::20' found in file
Feb 18 10:36:28 swi-mdm9x28-wp user.info Legato:  INFO | dcsDaemon[6185]/le_pa_dcs T=main | pa_dcs_linux.c pa_dcs_SetDnsNameServers() 354 | DNS 2 '2001:998:20::40' found in file
Feb 18 10:36:28 swi-mdm9x28-wp user.info Legato:  INFO | dcsDaemon[6185]/le_pa_dcs T=main | pa_dcs_linux.c pa_dcs_SetDnsNameServers() 324 | Set DNS '195.197.54.100' '195.74.0.47'
Feb 18 10:36:28 swi-mdm9x28-wp user.info Legato:  INFO | dcsDaemon[6185]/le_pa_dcs T=main | pa_dcs_linux.c pa_dcs_SetDnsNameServers() 349 | DNS 1 '195.197.54.100' found in file
Feb 18 10:36:28 swi-mdm9x28-wp user.info Legato:  INFO | dcsDaemon[6185]/le_pa_dcs T=main | pa_dcs_linux.c pa_dcs_SetDnsNameServers() 354 | DNS 2 '195.74.0.47' found in file
Feb 18 10:36:28 swi-mdm9x28-wp user.info Legato:  INFO | dcsDaemon[6185]/dcsNet T=main | dcsNet.c le_net_SetDNS() 1251 | DNS address(es) of channel 1 of technology cellular already set onto device
Feb 18 10:36:28 swi-mdm9x28-wp user.info Legato:  INFO | dcsDaemon[6185]/dcsDaemon T=main | dcsServer.c SetDefaultRouteAndDns() 658 | Succeeded setting DNS configuration
Feb 18 08:36:28 swi-mdm9x28-wp user.info Legato:  INFO | awsComponentExe[6165]/sdkComponent T=main | sdkComponent.c ConnectionStateHandler() 244 | Interface rmnet_data0 connected.
Feb 18 08:36:28 swi-mdm9x28-wp user.info Legato:  INFO | awsComponentExe[6165]/sdkComponent T=main | sdkComponent.c run_main() 104 |  AWS IoT SDK Version 3.0.1-
Feb 18 08:36:28 swi-mdm9x28-wp user.info Legato:  INFO | awsComponentExe[6165]/sdkComponent T=main | sdkComponent.c run_main() 110 | rootCA /certs/rootCA.crt
Feb 18 08:36:28 swi-mdm9x28-wp user.info Legato:  INFO | awsComponentExe[6165]/sdkComponent T=main | sdkComponent.c run_main() 111 | clientCRT /certs/certificate.pem
Feb 18 08:36:28 swi-mdm9x28-wp user.info Legato:  INFO | awsComponentExe[6165]/sdkComponent T=main | sdkComponent.c run_main() 112 | clientKey /certs/private.pem
Feb 18 08:36:28 swi-mdm9x28-wp user.info Legato:  INFO | awsComponentExe[6165]/sdkComponent T=main | sdkComponent.c run_main() 139 | Connecting...
Feb 18 08:36:28 swi-mdm9x28-wp user.info Legato:  INFO | awsComponentExe[6165]/sdkComponent T=main | network_mbedtls_wrapper.c iot_tls_connect() 148 |    . Seeding the random number generator...
Feb 18 08:36:28 swi-mdm9x28-wp user.info Legato:  INFO | awsComponentExe[6165]/sdkComponent T=main | network_mbedtls_wrapper.c iot_tls_connect() 156 |   . Loading the CA root certificate ...
Feb 18 08:36:28 swi-mdm9x28-wp user.info Legato:  INFO | awsComponentExe[6165]/sdkComponent T=main | network_mbedtls_wrapper.c iot_tls_connect() 162 |  ok (0 skipped)
Feb 18 08:36:28 swi-mdm9x28-wp user.info Legato:  INFO | awsComponentExe[6165]/sdkComponent T=main | network_mbedtls_wrapper.c iot_tls_connect() 164 |   . Loading the client cert. and key...
Feb 18 08:36:28 swi-mdm9x28-wp user.info Legato:  INFO | awsComponentExe[6165]/sdkComponent T=main | network_mbedtls_wrapper.c iot_tls_connect() 177 |  ok
Feb 18 08:36:28 swi-mdm9x28-wp user.info Legato:  INFO | awsComponentExe[6165]/sdkComponent T=main | network_mbedtls_wrapper.c iot_tls_connect() 179 |   . Connecting to 18.192.64.54/8883...
Feb 18 08:36:28 swi-mdm9x28-wp user.info Legato:  INFO | awsComponentExe[6165]/sdkComponent T=main | network_mbedtls_wrapper.c iot_tls_connect() 198 |  ok
Feb 18 08:36:28 swi-mdm9x28-wp user.info Legato:  INFO | awsComponentExe[6165]/sdkComponent T=main | network_mbedtls_wrapper.c iot_tls_connect() 200 |   . Setting up the SSL/TLS structure...
Feb 18 08:36:28 swi-mdm9x28-wp user.info Legato:  INFO | awsComponentExe[6165]/sdkComponent T=main | network_mbedtls_wrapper.c iot_tls_connect() 241 |   SSL state connect : 0 
Feb 18 08:36:28 swi-mdm9x28-wp user.info Legato:  INFO | awsComponentExe[6165]/sdkComponent T=main | network_mbedtls_wrapper.c iot_tls_connect() 244 |  ok
Feb 18 08:36:28 swi-mdm9x28-wp user.info Legato:  INFO | awsComponentExe[6165]/sdkComponent T=main | network_mbedtls_wrapper.c iot_tls_connect() 246 |   SSL state connect : 0 
Feb 18 08:36:28 swi-mdm9x28-wp user.info Legato:  INFO | awsComponentExe[6165]/sdkComponent T=main | network_mbedtls_wrapper.c iot_tls_connect() 247 |   . Performing the SSL/TLS handshake...
Feb 18 08:36:28 swi-mdm9x28-wp user.info Legato:  INFO | awsComponentExe[6165]/sdkComponent T=main | network_mbedtls_wrapper.c _iot_tls_verify_cert() 67 |  Verify requested for (Depth 2):
Feb 18 08:36:28 swi-mdm9x28-wp user.info Legato:  INFO | awsComponentExe[6165]/sdkComponent T=main | network_mbedtls_wrapper.c _iot_tls_verify_cert() 69 | cert. version     : 3 serial number     : 06:6C:9F:CF:99:BF:8C:0A:39:E2:F0:78:8A:43:E6:96:36:5B:CA issuer name       : C=
Feb 18 08:36:28 swi-mdm9x28-wp user.info Legato:  INFO | awsComponentExe[6165]/sdkComponent T=main | network_mbedtls_wrapper.c _iot_tls_verify_cert() 72 |   This certificate has no flags
Feb 18 08:36:28 swi-mdm9x28-wp user.info Legato:  INFO | awsComponentExe[6165]/sdkComponent T=main | network_mbedtls_wrapper.c _iot_tls_verify_cert() 67 |  Verify requested for (Depth 1):
Feb 18 08:36:28 swi-mdm9x28-wp user.info Legato:  INFO | awsComponentExe[6165]/sdkComponent T=main | network_mbedtls_wrapper.c _iot_tls_verify_cert() 69 | cert. version     : 3 serial number     : 06:7F:94:57:85:87:E8:AC:77:DE:B2:53:32:5B:BC:99:8B:56:0D issuer name       : C=
Feb 18 08:36:28 swi-mdm9x28-wp user.info Legato:  INFO | awsComponentExe[6165]/sdkComponent T=main | network_mbedtls_wrapper.c _iot_tls_verify_cert() 72 |   This certificate has no flags
Feb 18 08:36:28 swi-mdm9x28-wp user.info Legato:  INFO | awsComponentExe[6165]/sdkComponent T=main | network_mbedtls_wrapper.c _iot_tls_verify_cert() 67 |  Verify requested for (Depth 0):
Feb 18 08:36:28 swi-mdm9x28-wp user.info Legato:  INFO | awsComponentExe[6165]/sdkComponent T=main | network_mbedtls_wrapper.c _iot_tls_verify_cert() 69 | cert. version     : 3 serial number     : 0B:73:13:08:68:1F:51:ED:6A:C7:A1:F1:80:CD:E1:D3 issuer name       : C=US, O=Ama
Feb 18 08:36:28 swi-mdm9x28-wp user.info Legato:  INFO | awsComponentExe[6165]/sdkComponent T=main | network_mbedtls_wrapper.c _iot_tls_verify_cert() 74 | cert. version     : 3 serial number     : 0B:73:13:08:68:1F:51:ED:6A:C7:A1:F1:80:CD:E1:D3 issuer name       : C=US, O=Ama
Feb 18 08:36:28 swi-mdm9x28-wp user.info Legato:  INFO | awsComponentExe[6165]/sdkComponent T=main | network_mbedtls_wrapper.c _iot_tls_verify_cert() 75 | cert. version     : 3 serial number     : 0B:73:13:08:68:1F:51:ED:6A:C7:A1:F1:80:CD:E1:D3 issuer name       : C=US, O=Ama
Feb 18 08:36:28 swi-mdm9x28-wp user.err Legato: =ERR= | awsComponentExe[6165]/sdkComponent T=main | network_mbedtls_wrapper.c iot_tls_connect() 250 |  failed   ! mbedtls_ssl_handshake returned -0x2700
Feb 18 08:36:28 swi-mdm9x28-wp user.err Legato: =ERR= | awsComponentExe[6165]/sdkComponent T=main | network_mbedtls_wrapper.c iot_tls_connect() 257 |     Unable to verify the server's certificate. Either it is invalid,     or you didn't set ca_file or ca_path to an appropria
Feb 18 08:36:28 swi-mdm9x28-wp user.err Legato: =ERR= | awsComponentExe[6165]/sdkComponent T=main | sdkComponent.c run_main() 143 | Error(-4) connecting to 18.192.64.54:8883
Feb 18 10:36:28 swi-mdm9x28-wp user.info Legato:  INFO | dcsDaemon[6185]/dcsNet T=main | dcsNet.c le_net_RestoreDefaultGW() 658 | Default IPv4 GW address  on interface  restored
Feb 18 10:36:28 swi-mdm9x28-wp user.info Legato:  INFO | dcsDaemon[6185]/dcsNet T=main | dcsNet.c le_net_RestoreDefaultGW() 674 | Default IPv6 GW address  on interface  restored
Feb 18 10:36:28 swi-mdm9x28-wp user.info Legato:  INFO | dcsDaemon[6185]/dcs T=main | dcs.c le_dcs_Stop() 538 | Stopping channel 1 of technology cellular
Feb 18 10:36:28 swi-mdm9x28-wp user.info Legato:  INFO | dcsDaemon[6185]/dcs T=main | dcs.c le_dcs_Stop() 563 | Channel 1 requested to be stopped

jyijyi · February 18, 2021, 9:04am

seems related to this one:

I remember when I used the httpget sample with WP76 module, there is same problem of getting IP address inside application and this is fixed in later FW with legato 20.04.

Currently you might try method to get IP addres inside program:

johannes.lehtonen · February 18, 2021, 11:44am

I tried disabling firewall, upgrading to the latest legato wp77_4.2.0 from the dev branch. I then tried a wp7607 module with latest firmware and the outcome was always the same. How would the IP address be different when fetched at runtime?

jyijyi · February 18, 2021, 11:53am

Did you try getting the ip address inside program by the following?

johannes.lehtonen · February 18, 2021, 12:34pm

Yeah gethostname failed and then after trying a few urls gethostbyname also failed to succeed once.

On pc I get

Hostname: legato-dev
Host IP: 127.0.1.1

and

Hostname: a1o5neajgmytt9-ats.iot.eu-central-1.amazonaws.com
Host IP: 18.194.135.217

jyijyi · February 19, 2021, 3:07pm

I don’t see problem with my WP76 module on FW R13.
You can use my application.
http_get_WP76.rar (3.0 MB)

Feb 18 23:52:04 swi-mdm9x28-wp user.info Legato:  INFO | httpGet[2083] | Hostname: swi-mdm9x28-wp
Feb 18 23:52:04 swi-mdm9x28-wp user.info Legato:  INFO | httpGet[2083] | www.google.com IP: 172.217.24.196

johannes.lehtonen · February 19, 2021, 2:52pm

Well that was interesting. Your app managed to find the IP addresses so I tried to figure out what was different and after copying over the requires section in adef and bundles section in cdef a connection was established! So it was a matter of missing libraries I guess, sure would’ve been nice to see some errors about it. Is there a tutorial on networking anywhere? I thought I had covered the basics but never ran into this.

jyijyi · February 19, 2021, 3:04pm

Maybe you can port those parts to your mqtt app