Re: [Freedombox-discuss] Can't get android phone to connect to radicale.
On Sat, Feb 04, 2017 at 02:30:58PM -0500, James Valleroy wrote: > On 02/04/2017 01:52 PM, A. F. Cano wrote: > > === Android log > >... > > 2017-01-28 20:33:55 2 [ui.setup.DavResourceFinder] Checking user-given URL: > > https://192.168.1.27/radicale// > > 2017-01-28 20:33:55 2 [HttpClient$1] --> PROPFIND > > https://192.168.1.27/radicale// http/1.1 > > ... > > This is what Davdroid says: > > > > Configuration detection > > > > Couldn't find CalDAV or CardDAV service. > > There shouldn't be any changes needed for the firewall. Keep in mind that this is the firewall that's on the phone. > What are you using for the Base URL in Davdroid? I just tried The one above: https://192.168.1.27/radicale// > https:// and that worked. I just tried that (with and without trailing /). It didn't work. Also tried: https:///radicale (with and without trailing /) https:///radicale/ (with and without trailing /) https://.freedombox.rocks (with and without trailing /) https://.freedombox.rocks/radicale (with and without trailing /) The ones with freedombox.rocks took longer to return the error, so I'm wondering if those requests went out on the internet (or the tor network - orbot is running on the phone, but tor is not activated on the freedombox). In any case, they all failed. > James Thanks for replying. I'm not too familiar with Android and compared to the tools I have with linux, it's quite cumbersome to debug. Any other suggestions? Anyone? Augustine ___ Freedombox-discuss mailing list Freedombox-discuss@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/freedombox-discuss
Re: [Freedombox-discuss] Can't get android phone to connect to radicale.
On 02/04/2017 01:52 PM, A. F. Cano wrote: > === Android log > > 2017-01-28 20:33:55 2 [ui.setup.DavResourceFinder] Finding initial carddav > service configuration > 2017-01-28 20:33:55 2 [ui.setup.DavResourceFinder] Checking user-given URL: > https://192.168.1.27/radicale// > 2017-01-28 20:33:55 2 [HttpClient$1] --> PROPFIND > https://192.168.1.27/radicale// http/1.1 > 2017-01-28 20:33:55 2 [HttpClient$1] Content-Type: application/xml; > charset=utf-8 > 2017-01-28 20:33:55 2 [HttpClient$1] Content-Length: 290 > 2017-01-28 20:33:55 2 [HttpClient$1] Depth: 0 > 2017-01-28 20:33:55 2 [HttpClient$1] > 2017-01-28 20:33:55 2 [HttpClient$1] ?> xmlns:CARD="urn:ietf:params:xml:ns:carddav"> /> /> > 2017-01-28 20:33:55 2 [HttpClient$1] --> END PROPFIND (290-byte body) > 2017-01-28 20:33:55 2 [HttpClient$1] <-- HTTP FAILED: > javax.net.ssl.SSLException: Connection closed by peer > 2017-01-28 20:33:55 2 [ui.setup.DavResourceFinder] PROPFIND/OPTIONS on > user-given URL failed > EXCEPTION javax.net.ssl.SSLException: Connection closed by peer > > === > > Even though it says "Connection closed by peer" I see no log entry on the > FreedomBox about radicale being accessed. I have configured Korganizer and > Kaddressbook on a Debian machine and when those sync up with the FreedomBox > I do see an entry. This seems to imply that the problem happens before > radicale sees any packets. > > This is what Davdroid says: > > Configuration detection > > Couldn't find CalDAV or CardDAV service. There shouldn't be any changes needed for the firewall. What are you using for the Base URL in Davdroid? I just tried https:// and that worked. -- James signature.asc Description: OpenPGP digital signature ___ Freedombox-discuss mailing list Freedombox-discuss@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/freedombox-discuss
[Freedombox-discuss] Can't get android phone to connect to radicale.
Hello, Android phone (galaxy S) with cyanogenmod and the improvements described here: https://blog.torproject.org/blog/mission-impossible-hardening-android-security-and-privacy At first I thought it might have been a firewall problem, but I disabled the firewall and I still couldn't connect. With the firewall on, I added these rules: == firewall-allow-radicale.sh == IP6TABLES=/system/bin/ip6tables IPTABLES=/system/bin/iptables DAVDROID_UID=`dumpsys package at.bitfire.davdroid | grep userId | cut -d= -f2 - | cut -d' ' -f1 -` CALENDAR_UID=`dumpsys package com.android.calendar | grep userId | cut -d= -f2 - | cut -d' ' -f1 -` # This returns the UID twice. Needs fixing. # CONTACTS_UID=`dumpsys package com.android.contacts | grep userId | cut -d= -f2 - | cut -d' ' -f1 -` CONTACTS_UID=10001 TASKS_UID=`dumpsys package org.dmfs.tasks | grep userId | cut -d= -f2 - | cut -d' ' -f1 -` SAFE_NETWORK=192.168.1.0/24 # Allow DAVdroid/radicale and all apps that use it (port 5232) $IPTABLES -I INPUT-firewall -s $SAFE_NETWORK -p tcp --dport 5232 -j RETURN $IPTABLES -I droidwall -m owner --uid-owner $DAVDROID_UID -d $SAFE_NETWORK -m conntrack --ctstate ESTABLISHED -p tcp --sport 5232 -j RETURN $IPTABLES -I droidwall -m owner --uid-owner $CALENDAR_UID -d $SAFE_NETWORK -m conntrack --ctstate ESTABLISHED -p tcp --sport 5232 -j RETURN $IPTABLES -I droidwall -m owner --uid-owner $CONTACTS_UID -d $SAFE_NETWORK -m conntrack --ctstate ESTABLISHED -p tcp --sport 5232 -j RETURN $IPTABLES -I droidwall -m owner --uid-owner $TASKS_UID -d $SAFE_NETWORK -m conntrack --ctstate ESTABLISHED -p tcp --sport 5232 -j RETURN # Remove transproxy for radicale output $IPTABLES -t nat -I OUTPUT -d $SAFE_NETWORK -m conntrack --ctstate ESTABLISHED -p tcp --sport 5232 -j ACCEPT === which are variations of the ones used for adb/shell (and those work just fine.) I still can't connect. Did I screw up something in these firewall rules? This is what shows up on the log: === Android log 2017-01-28 20:33:55 2 [ui.setup.DavResourceFinder] Finding initial carddav service configuration 2017-01-28 20:33:55 2 [ui.setup.DavResourceFinder] Checking user-given URL: https://192.168.1.27/radicale// 2017-01-28 20:33:55 2 [HttpClient$1] --> PROPFIND https://192.168.1.27/radicale// http/1.1 2017-01-28 20:33:55 2 [HttpClient$1] Content-Type: application/xml; charset=utf-8 2017-01-28 20:33:55 2 [HttpClient$1] Content-Length: 290 2017-01-28 20:33:55 2 [HttpClient$1] Depth: 0 2017-01-28 20:33:55 2 [HttpClient$1] 2017-01-28 20:33:55 2 [HttpClient$1] 2017-01-28 20:33:55 2 [HttpClient$1] --> END PROPFIND (290-byte body) 2017-01-28 20:33:55 2 [HttpClient$1] <-- HTTP FAILED: javax.net.ssl.SSLException: Connection closed by peer 2017-01-28 20:33:55 2 [ui.setup.DavResourceFinder] PROPFIND/OPTIONS on user-given URL failed EXCEPTION javax.net.ssl.SSLException: Connection closed by peer === Even though it says "Connection closed by peer" I see no log entry on the FreedomBox about radicale being accessed. I have configured Korganizer and Kaddressbook on a Debian machine and when those sync up with the FreedomBox I do see an entry. This seems to imply that the problem happens before radicale sees any packets. This is what Davdroid says: Configuration detection Couldn't find CalDAV or CardDAV service. If I disable the android firewall I get this: === Android log 2017-01-29 16:59:14 2 [ui.setup.DavResourceFinder] Finding initial carddav service configuration 2017-01-29 16:59:14 2 [ui.setup.DavResourceFinder] Checking user-given URL: https://192.168.1.27/radicale// 2017-01-29 16:59:14 2 [HttpClient$1] --> PROPFIND https://192.168.1.27/radicale// http/1.1 2017-01-29 16:59:14 2 [HttpClient$1] Content-Type: application/xml; charset=utf-8 2017-01-29 16:59:14 2 [HttpClient$1] Content-Length: 290 2017-01-29 16:59:14 2 [HttpClient$1] Depth: 0 2017-01-29 16:59:14 2 [HttpClient$1] 2017-01-29 16:59:14 2 [HttpClient$1] 2017-01-29 16:59:14 2 [HttpClient$1] --> END PROPFIND (290-byte body) 2017-01-29 16:59:14 2 [HttpClient$1] <-- HTTP FAILED: java.net.ConnectException: Failed to connect to /192.168.1.27:443 2017-01-29 16:59:14 2 [ui.setup.DavResourceFinder] PROPFIND/OPTIONS on user-given URL failed EXCEPTION java.net.ConnectException: Failed to connect to /192.168.1.27:443 === After the above lines, there is a voluminous traceback that I can provide if needed. For now I'm trying to do this from the internal network, on the inside interface. The android phone, when connected through wifi to the internal network works fine and can access the internet. The file of iptable rules firewall-allow-nontor-browser.sh is installed, so trying to access port 443 on the local network should not be a problem. Can anyone shed some light on this? Any idea as to where to look/what to do? Thanks. Augustine
[Freedombox-discuss] Ideas for GSoC 2017
Hi guys, I have submit some ideas for Freedombox (except mail server). https://wiki.debian.org/FreedomBox/SummerOfCode, these ideas are I am expecting for Freedombox so long. Porting Freedombox to MIPS is staging in my mind several month, but I am not a MIPS engineer, and not familiar with it, so I label myself as a co-mentor. Others two may improve Plinth more adaptive. However i am not a core developer of the project, so still need co-mentor too. For refactorying freedombox foundation website, to finish this idea, It is better working with website administrator. Thank you everyone, and waiting for your suggestions ! -- /*** * @ 启智开源 编码自由 * @ Open Mind, Open Source, Coding for Freedom! * @ 佟辉 Tong Hui (Tony) * @ Email tongh...@gmail.com * @ Web https://tonghuix.io * @ XMPP/Jabber tongh...@xmpp.jp */ ___ Freedombox-discuss mailing list Freedombox-discuss@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/freedombox-discuss
