Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.




57 posts

Master Geek
+1 received by user: 2


Topic # 80010 25-Mar-2011 16:11
Send private message

Hello,

I was wondering if someone can help me with a Sierra Wireless modem Q26 Extreme which has in-built ARM9 processor and incorporates the openssl library as part of it is API.

I have been talking to someone at Telecom but they have directed me to helpdesk to sort out the issue but with no avail as the person does not have any clue using TCP or UDP.

Sierra Wireless provides examples source code written in C for the TCP client and SSL client. To test the code for TCP, I written a C# TCP server and ran in my desktop PC. The modem I change the Telecom APN and connect to my server address and port. This works fine without any issues. Data is transmitted to the server correctly.

For the SSL setup, I use the openssl server in my desktop and the SSL client in the modem. This connects to the APN but fails when it tries to connect to the openssl server. The openssl output is "gethostbyname failure". I have retested the code and use Vodafone simcard and APN, this works fine without any issues. It connects and transmit data to the openssl server. I have tested the openssl server with a openssl client in a different machine and that connects without any issues.

Both openssl server and modem uses the same CA cert. The server and client certs are generated using the CA cert provided by the customer. The certs are tested in openssl to ensure the certificates are working correctly. Also tested in the Vodafone network works fine.

Regards
Paul

Create new topic
4931 posts

Uber Geek
+1 received by user: 1965

Trusted
Subscriber

  Reply # 451840 25-Mar-2011 17:26
Send private message

XT is 3G only, it does not support 2G GPRS technology




Chorus has spent $1.4 billion on making their xDSL broadband network faster. If your still stuck on ADSL or VDSL, why not spend from $150 on a master filter install to make sure you are getting the most out of your connection?
I install - Naked DSL, DSL Master Splitters, VoIP, data cabling and general computer support for home and small business.
Rural Broadband RBI installer for Ultimate Broadband and Full Flavour

 

Need help in Auckland, Waikato or BoP? Click my email button, or email me direct: [my user name] at geekzonemail dot com


19290 posts

Uber Geek
+1 received by user: 2600
Inactive user


  Reply # 451848 25-Mar-2011 17:58
Send private message

coffeebaron: XT is 3G only, it does not support 2G GPRS technology


I was waiting for that reply but the OP means packet switch network either over 2G or 3G I guess

 
 
 
 


2208 posts

Uber Geek
+1 received by user: 617

Trusted

  Reply # 451904 25-Mar-2011 21:52
Send private message

Which Vodafone APN are you testing with, and are you testing with direct.telecom.co.nz or internet.telecom.co.nz.  Also what sort of traffic does it create.  Have you tried using wireshark or some other lan tracing tool to see working traffic.







57 posts

Master Geek
+1 received by user: 2


  Reply # 452010 26-Mar-2011 12:00
Send private message

coffeebaron: XT is 3G only, it does not support 2G GPRS technology


I know XT is 3G. As indicated this modem can be used with 2G and 3G and I have tested with XT APN using TCP packets but it doesn't work with SSL.

Here is the modem.

http://www.sierrawireless.com/en/productsandservices/AirPrime/Wireless_Modules/Smart/Connectorized/Q26_Extreme.aspx 

My supplier has tested in Australia using the 3G network and connects to my SSL server without any issues. They also suggest it could be the XT network. I have also shared my desktop with the supplier (in case of any mistakes at my end) to verify that I am compiling the example code and loading into the device correctly, and he can't see any problems with my setup. I have also showed it to the supplier colleague based in NZ and he verify my setup. The only issue I can think of is the XT network is blocking my device from using SSL. TCP works fine without any issues.



57 posts

Master Geek
+1 received by user: 2


  Reply # 452014 26-Mar-2011 12:03
Send private message

BarTender: Which Vodafone APN are you testing with, and are you testing with direct.telecom.co.nz or internet.telecom.co.nz.  Also what sort of traffic does it create.  Have you tried using wireshark or some other lan tracing tool to see working traffic.


I have tried both APNs and both gives the same error in openssl (gethostbyname). I have also tried to capture in wireshark but it doesn't seem show any SSL packets being captured. I can capture the hello messages between the client and server, authentication etc.. using the Vodafone APN.

2208 posts

Uber Geek
+1 received by user: 617

Trusted

  Reply # 452045 26-Mar-2011 13:20
Send private message

pseudogeek2009:
BarTender: Which Vodafone APN are you testing with, and are you testing with direct.telecom.co.nz or internet.telecom.co.nz.  Also what sort of traffic does it create.  Have you tried using wireshark or some other lan tracing tool to see working traffic.


I have tried both APNs and both gives the same error in openssl (gethostbyname). I have also tried to capture in wireshark but it doesn't seem show any SSL packets being captured. I can capture the hello messages between the client and server, authentication etc.. using the Vodafone APN.


Is it connecting to the remote end on a strange port?  Tried using 443? I assume it's connecting over tcp?

I would assume you should have more success using the direct APN rather than internet.

a gethostbyname normally indicates that it can't do a local dns name lookup.  Have you specified the correct dns server (or are you getting it via dhcp).  What happens if you specify a manual DNS server?

Is there any way you can run tcpdump or similar on the embedded device side?








57 posts

Master Geek
+1 received by user: 2


  Reply # 452077 26-Mar-2011 15:08
Send private message

BarTender:
pseudogeek2009:
BarTender: Which Vodafone APN are you testing with, and are you testing with direct.telecom.co.nz or internet.telecom.co.nz.  Also what sort of traffic does it create.  Have you tried using wireshark or some other lan tracing tool to see working traffic.


I have tried both APNs and both gives the same error in openssl (gethostbyname). I have also tried to capture in wireshark but it doesn't seem show any SSL packets being captured. I can capture the hello messages between the client and server, authentication etc.. using the Vodafone APN.


Is it connecting to the remote end on a strange port?  Tried using 443? I assume it's connecting over tcp?

I would assume you should have more success using the direct APN rather than internet.

a gethostbyname normally indicates that it can't do a local dns name lookup.  Have you specified the correct dns server (or are you getting it via dhcp).  What happens if you specify a manual DNS server?

Is there any way you can run tcpdump or similar on the embedded device side?



In openssl you can set which port to use my typing the following command:

openssl s_server -accept 6502 -cert server-cert.pem -key server-key.pem -CAfile ca-cert.pem -www

openssl s_client -connect 192.168.1.92:6502 -cert client-cert.pem -key client-key.pem -CAfile ca-cert.pem

Both server and client are running at separate PC.

I imagine XT should handle the hostname side. The modem only requires the APN and the server it connects to, which is my company IP address and port number. There is no way of setting the DNS server in the modem. Would you have to setup the DNS when connecting to the internet via GPRS in a Iphone or android. In my mobile phone, you just need an APN and as described in the vodafone forum (http://forum.vodafone.co.nz/topic/6060-android-apn-mobile-network-settings/). This is essentially how the modem works, you just need an APN to connect to the internet via GPRS. From one of the XT forum topics for setting up Android device to work on the XT network, it only requires an APN. No setup for DNS.

The problem is why does it work with Vodafone APN not the XT APN when using SSL. The other thing is why does it work with TCP using the XT APN not SSL. 

In the TCP setup, I ran a TCP server in my desktop using port 6502. In the modem, the software is configured to connect the XT APN and connect to the company IP address at port 6502. The company router is setup to port forward to my PC. When I ran my application, it connects to the server and send the data correctly. This has work without any issues. There are no setup require for DNS.
The modem SSL library is based on openssl. I have change the sim card to use the Vodafone sim card. Software was changed to use the Vodafone APN and when I ran the application, it works without any issues when connecting to the openssl server so it isn't the modem SSL library or the DNS or port 443.



 

2208 posts

Uber Geek
+1 received by user: 617

Trusted

  Reply # 452214 26-Mar-2011 22:06
Send private message

pseudogeek2009: I imagine XT should handle the hostname side. The modem only requires the APN and the server it connects to, which is my company IP address and port number. There is no way of setting the DNS server in the modem. Would you have to setup the DNS when connecting to the internet via GPRS in a Iphone or android. In my mobile phone, you just need an APN and as described in the vodafone forum (http://forum.vodafone.co.nz/topic/6060-android-apn-mobile-network-settings/). This is essentially how the modem works, you just need an APN to connect to the internet via GPRS. From one of the XT forum topics for setting up Android device to work on the XT network, it only requires an APN. No setup for DNS.


I assume you are running this all on an embedded Linux system?  So in theory you could run tcpdump across the IP stack to see what is happening ok with Vodafone but isn't with XT.

To me a gethostbyname is a local lookup of the connecting and probably trying to do a reverse dns lookup.

I would if you could try hard-coding the dns server to the xtra one 202.27.158.40.

Plus I would really like to see the results of a tcpdump when running the two different sim's.

If you're based in Wellington there may be more that I can do too.  PM me if you are and we could talk further.







57 posts

Master Geek
+1 received by user: 2


  Reply # 452237 26-Mar-2011 23:16
Send private message

BarTender:
pseudogeek2009: I imagine XT should handle the hostname side. The modem only requires the APN and the server it connects to, which is my company IP address and port number. There is no way of setting the DNS server in the modem. Would you have to setup the DNS when connecting to the internet via GPRS in a Iphone or android. In my mobile phone, you just need an APN and as described in the vodafone forum (http://forum.vodafone.co.nz/topic/6060-android-apn-mobile-network-settings/). This is essentially how the modem works, you just need an APN to connect to the internet via GPRS. From one of the XT forum topics for setting up Android device to work on the XT network, it only requires an APN. No setup for DNS.


I assume you are running this all on an embedded Linux system?  So in theory you could run tcpdump across the IP stack to see what is happening ok with Vodafone but isn't with XT.

To me a gethostbyname is a local lookup of the connecting and probably trying to do a reverse dns lookup.

I would if you could try hard-coding the dns server to the xtra one 202.27.158.40.

Plus I would really like to see the results of a tcpdump when running the two different sim's.

If you're based in Wellington there may be more that I can do too.  PM me if you are and we could talk further.


The sierra wireless device uses their platform called OpenAT. It does not use an embedded linux platform like the Telit part. Also the reason for choosing this part as the device supposedly more reliable based on a another customer's experience with both the Telit and Sierra Wireless device.

Sorry, I am based in Auckland.

434 posts

Ultimate Geek
+1 received by user: 118

Subscriber

  Reply # 452302 27-Mar-2011 10:28
Send private message

So if I understand correctly you are connecting to the IP address (not a dns record) for your companies server?

In this case a gethostbyname error makes no sense, as there should be no calls to do name resolution.  This points to perhaps a parsing error, but then you should have got the same result when using a voda SIM.

Is there anyway to increase the debugging level on the device?  It would be nice to know what hostname openssl thinks it needs to resolve. 



57 posts

Master Geek
+1 received by user: 2


  Reply # 452376 27-Mar-2011 13:21
Send private message

hashbrown: So if I understand correctly you are connecting to the IP address (not a dns record) for your companies server?

In this case a gethostbyname error makes no sense, as there should be no calls to do name resolution.  This points to perhaps a parsing error, but then you should have got the same result when using a voda SIM.

Is there anyway to increase the debugging level on the device?  It would be nice to know what hostname openssl thinks it needs to resolve. 


That is correct I am connecting to an IP address and a port number. The port is port forward to my PC by changing the settings in the router. The problems is I don't get the same problem with Vodafone sim even when I use the Q2687 (2G version). The other confusing issues is the TCP works fine using the 3G modem.

When I get back to work tomorrow I can modify the code to allow more debugging features. 

2208 posts

Uber Geek
+1 received by user: 617

Trusted

  Reply # 452382 27-Mar-2011 13:31
Send private message

I agree with hashbrown i am wondering what could be different. If you could pm me some links where to find the code. I assume that the code works fine on a box over the xt connection so it shouldn't be a firewall issue on the telecom side.

I also wonder why the code does a gethostbyname since it should all just be ip to ip traffic.

The only thing i also could think of was a missing reverse dns entry for the ip. or the client does a ping of the dns service and its blocking icmp but not dns Is there a local hosts you could try adding the assigned ip into?







57 posts

Master Geek
+1 received by user: 2


  Reply # 584447 21-Feb-2012 12:11
Send private message

Just want to note, it was resolved at the Telecom side. The device or sample code was not at fault. 

Create new topic



Twitter »

Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:





News »

Nothing nebulous about Microsoft’s cloud-transition
Posted 21-Jul-2017 15:34


We’re spending more on tech, but not as much as Australians
Posted 21-Jul-2017 11:43


Endace announces EndaceFabric for network-wide packet recording
Posted 20-Jul-2017 20:49


Acorn 6: MacOS image editing for the rest of us
Posted 20-Jul-2017 17:04


HTC faces backlash over keyboard pop-up ads
Posted 19-Jul-2017 15:53


BNZ adds Visa credit cards to Android Pay wallet
Posted 18-Jul-2017 19:44


Still living in a Notification hell – Om Malik
Posted 18-Jul-2017 13:00


Duet Display uses iPad to extend Mac, PC
Posted 18-Jul-2017 10:58


PC sales could be worse
Posted 17-Jul-2017 07:34


Crypto-currencies, tulips, market bubbles
Posted 17-Jul-2017 06:38


NZ Tech Podcast: Big batteries, solar cars, cold war, IoT
Posted 16-Jul-2017 16:53


Vodafone Australia mulls Wisp alliance, NZ implications
Posted 13-Jul-2017 16:49


Rural health professionals see fibre pay-off
Posted 13-Jul-2017 11:52


Vodafone announces expansion of $5 Daily Roaming
Posted 13-Jul-2017 10:20


Intel unveils powerful Intel Xeon Scalable processors
Posted 12-Jul-2017 20:41



Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.