MQTT Owntracks HELP!

Add-ons Bindings
21

Simple garage door geofence rule:

rule "Garage Geofence"
    Item JCStatus changed from Traveling to Home
then
    logInfo("Geofence", "Opening Garage door for Jay!")
    relay1.sendCommand(ON)
    sendMail("jay@cidcomm.com", "Geofence: Garage Door Status", "Garage Door Opened for Jay")
end
22

OK so after kinda reverse engineering the IOS app to see how calls are made i realize exactly why the IOS app wasnt working and can now replicate it working and not working at will.

The problem:
Google map pins do NOT show in the IOS app. They only show in the web browsers etc


Reason:
When you have security enabled “EXTERNAL” and have defined a local subnet say 192.168.1.0, that subnet is allowed to access the resources with no login
 ok good

Problem:
The IOS App uses a reverse proxy and the OH system and sees those requests coming from 127.0.0.1 and as a result you do not see the pins because the app cannot authenticate as you are on a foreign subnet “127.0.0.1”


Solution:
Do not use security or subnet ACL’s. Currently OH open supports listing one subnet but we need to allow 192.168.1.0 AND 127.0.0.1


Untested Solution:
Binding openhab to a defined IP and hope that the proxy uses that allowed ip for the requests instead


Stay tuned.

23

Ok, servicediscovery:bind_address=10.1.100.23 did not help. Next thing to try is adding username:pass@ on each of the images so they can authenticate through the proxy but i don’t see that working


24

OK,

The fix was to add “security:netmask=127.0.0.0/0”. What does this due you may ask? Well Since the java proxy is the only thing incapable of authenticating and its requests come from 127.0.0.1 lets let it through security. All other subnets are accessed by apps or browsers that ARE capable of authenticating!!..

Problem solved


25

scratch that. That literally disables all security lol
 Testing continues


26

Ok,

So the issue is in the IOS Java implementation and no matter what it does not support authentication SO the fix was to disable security and authentication in OH and lock down external access from my cell carrier to my phones IP range. Now everything works perfectly


Is what it is
 :wink:

1 Like