Hi,
We’re working on encrypting MQTT, but we’re encountering some challenges. Before encrypting, we made sure that it worked. On our web-interface we could see that our gateway would receive and transmit frames. Now, when we have configured MQTT, to be encrypted, it wont receive or transmit.
We have been looking at the menu/section of Gateway troubleshooting:
https://www.loraserver.io/guides/troubleshooting/gateway/
- tcpdump can’t be installed on our kerlink gateway, so can’t check.
- tcpdump on our server shows nothing
- local_conf.json is 127.0.0.1 , 1700 , 1700
- journalctl -f -n 100 -u lora-gateway-bridge - only shows following
- ps aux | grep lora-gateway-bridge shows that it’s active
- mosquitto_sub -v -t “gateway/#” - shows message:
gateway/{ID of gateway}/stats {"mac":"{ID of gateway}","time":"2019-07-29T10:57:48Z","rxPacketsReceived":1,"rxPacketsReceivedOK":0,"txPacketsReceived":0,"txPacketsEmitted":0,"customData":{"ip":"IP of gateway"}}
Kerlink Gateway
# Generic MQTT authentication.
[backend.mqtt.auth.generic]
# MQTT server (e.g. scheme://host:port where scheme is tcp, ssl or ws)
server="ssl://HOSTNAME:8883"
# CA certificate file (optional)
#
# Use this when setting up a secure connection (when server uses ssl://...)
# but the certificate used by the server is not trusted by any CA certificate
# on the server (e.g. when self generated).
ca_cert="/user/cert/ca.crt"
# mqtt TLS certificate file (optional)
tls_cert="/user/cert/client.crt"
# mqtt TLS key file (optional)
tls_key="/user/cert/client.key"
LoRa Gateway Bridge
# Generic MQTT authentication.
[integration.mqtt.auth.generic]
# MQTT server (e.g. scheme://host:port where scheme is tcp, ssl or ws)
server="ssl://HOSTNAME:8883"
# CA certificate file (optional)
#
# Use this when setting up a secure connection (when server uses ssl://...)
# but the certificate used by the server is not trusted by any CA certificate
# on the server (e.g. when self generated).
ca_cert="/etc/mosquitto/ca_certificates/certs/ca.crt"
# mqtt TLS certificate file (optional)
tls_cert="/etc/mosquitto/ca_certificates/certs/client.crt"
# mqtt TLS key file (optional)
tls_key="/etc/mosquitto/ca_certificates/certs/client.key"
LoRa App Server
# MQTT server (e.g. scheme://host:port where scheme is tcp, ssl or ws)
server="ssl://HOSTNAME:8883"
# CA certificate file (optional)
#
# Use this when setting up a secure connection (when server uses ssl://...)
# but the certificate used by the server is not trusted by any CA certificate
# on the server (e.g. when self generated).
ca_cert="etc/mosquitto/ca_certificates/certs/ca.crt"
# TLS certificate file (optional)
tls_cert="etc/mosquitto/ca_certificates/certs/client.crt"
# TLS key file (optional)
tls_key="etc/mosquitto/ca_certificates/certs/client.key"
LoRa server
# MQTT server (e.g. scheme://host:port where scheme is tcp, ssl or ws)
server="ssl://HOSTNAME:8883"
# CA certificate file (optional)
#
# Use this when setting up a secure connection (when server uses ssl://...)
# but the certificate used by the server is not trusted by any CA certificate
# on the server (e.g. when self generated).
ca_cert="etc/mosquitto/ca_certificates/certs/ca.crt"
# TLS certificate file (optional)
tls_cert="etc/mosquitto/ca_certificates/certs/client.crt"
# TLS key file (optional)
tls_key="etc/mosquitto/ca_certificates/certs/client.key"
MOSQUITTO BROKER
cafile /etc/mosquitto/ca_certificates/certs/ca.crt
# Path to the PEM encoded server certificate.
certfile /etc/mosquitto/ca_certificates/certs/server.crt
# Path to the PEM encoded keyfile.
keyfile /etc/mosquitto/ca_certificates/certs/server.key
tls_version tlsv1.2