The problem is, the MIC does not contain any hints. It is a signature over the LoRaWAN frame, using the AppKey as a secret. So if one thing is mis-configured, the MIC is in valid and the above error is raised.
Problem was when I try to connect by 1700 UDP via internet, but if I replace LoRa Gateway Bridge to my hardware (Multitech conduit) and try to joining by 1883 TCP (MQTT) - all things are OK
intuitively, I understand that when passing through NAT, there may be problems…
Thank you guys to reply, i’ve found the root cause, it’s because the method of system to get the DevEUI is big-end-first(based on my node device), which means we enter the byte of DevEUI from left to right while the system read the byte from right to left, so that will cause the incorrect DevNonce, and the MIC verification failed