Author Topic: gateway timeout  (Read 789 times)

Offline creampuff

  • Newbie
  • *
  • Posts: 6
gateway timeout
« on: April 20, 2021, 03:18:07 AM »
firefox -- https://roundcube/?_task=login
Gateway Timeout

The gateway did not receive a timely response from the upstream server or application.



mailserver: 192.168.0.11
roundcube-server: 192.168.0.15
browser is on: 192.168.20.118


Code: [Select]
mailserver# tshark -ni enp1s0 -Y 'ip.addr == 10.0.0.15 or ipv6.addr == fd00::15'
Running as user "root" and group "root". This could be dangerous.
Capturing on 'enp1s0'
   63 20.802890237    10.0.0.15 → 10.0.0.11    TCP 74 38364 → 993 [SYN] Seq=0 Win=64240 Len=0 MSS=1460 SACK_PERM=1 TSval=1822290789 TSecr=0 WS=128
   64 20.802932385    10.0.0.11 → 10.0.0.15    TCP 74 993 → 38364 [SYN, ACK] Seq=0 Ack=1 Win=65160 Len=0 MSS=1460 SACK_PERM=1 TSval=1418522623 TSecr=1822290789 WS=128
   65 20.803000704    10.0.0.15 → 10.0.0.11    TCP 66 38364 → 993 [ACK] Seq=1 Ack=1 Win=64256 Len=0 TSval=1822290789 TSecr=1418522623
   93 80.848574636    10.0.0.15 → 10.0.0.11    TCP 66 38364 → 993 [FIN, ACK] Seq=1 Ack=1 Win=64256 Len=0 TSval=1822350834 TSecr=1418522623
   94 80.848816786    10.0.0.11 → 10.0.0.15    TCP 66 993 → 38364 [ACK] Seq=1 Ack=2 Win=65280 Len=0 TSval=1418582669 TSecr=1822350834
   95 80.849252587    10.0.0.11 → 10.0.0.15    TCP 66 993 → 38364 [FIN, ACK] Seq=1 Ack=2 Win=65280 Len=0 TSval=1418582669 TSecr=1822350834
   96 80.849556904    10.0.0.15 → 10.0.0.11    TCP 66 38364 → 993 [ACK] Seq=2 Ack=2 Win=64256 Len=0 TSval=1822350835 TSecr=1418582669


roundcube-server# grep -v '^//' config.inc.php
<?php

/* Local configuration for Roundcube Webmail */

$config['db_dsnw'] = 'mysql://roundcube:topsecret@localhost/roundcube';

$config['default_host'] = 'tls://mailserver.example.net';

$config['default_port'] = 993;

$config['smtp_server'] = 'tls://mailserver.example.net';

$config['support_url'] = '';

$config['des_key'] = '**deleted**';

$config['plugins'] = array('enigma''example_addressbook''filesystem_attachments''http_authentication''managesieve''password''show_additional_headers''zipdownload');

$config['language'] = 'de_DE';

$config['spellcheck_engine'] = 'pspell';

$config['imap_conn_options'] = array(
        
'tls' => array(
            
'verify_peer'       => true,
            
'allow_self_signed' => true,
            
'peer_name'         => 'mailserver.example.net',
            
'ciphers'           => 'TLSv1+HIGH:!aNull:@STRENGTH',
            
'cafile'            => '/etc/pki/opnsense/example+CA.pem',
        ),
    );

$config['smtp_conn_options'] = array(
        
'tls' => array(
            
'verify_peer'       => true,
            
'allow_self_signed' => true,
            
'peer_name'         => 'mailserver.example.net',
            
'ciphers'           => 'TLSv1+HIGH:!aNull:@STRENGTH',
            
'cafile'            => '/etc/pki/opnsense/example+CA.pem',
        ),
    );

Offline alec

  • Hero Member
  • *****
  • Posts: 1,299
Re: gateway timeout
« Reply #1 on: April 20, 2021, 04:03:37 AM »
Usually tls:// is on port 143, and ssl:// on port 993.

Offline creampuff

  • Newbie
  • *
  • Posts: 6
Re: gateway timeout
« Reply #2 on: April 21, 2021, 05:05:55 AM »
so
Code: [Select]
$config['default_port'] = 993;is not sufficient?

roundcube is connecting to the mail server on port 993 as the sniffer logs show.

Offline alec

  • Hero Member
  • *****
  • Posts: 1,299
Re: gateway timeout
« Reply #3 on: April 21, 2021, 05:12:40 AM »
It is not sufficient, you have to use proper prefix.

Offline creampuff

  • Newbie
  • *
  • Posts: 6
Re: gateway timeout
« Reply #4 on: April 21, 2021, 06:52:02 PM »
would you please increase your verbosity?

Offline alec

  • Hero Member
  • *****
  • Posts: 1,299
Re: gateway timeout
« Reply #5 on: April 22, 2021, 01:59:28 AM »
Code: [Select]
$config['default_host'] = 'ssl://mailserver.example.net';
$config['default_port'] = 993;

Offline creampuff

  • Newbie
  • *
  • Posts: 6
Re: gateway timeout
« Reply #6 on: April 22, 2021, 03:26:32 AM »
I already had that, but I changed it back now. So I'm getting "connection to storage server failed" instead

Code: [Select]
# tshark -ni enp1s0 -Y 'ip.addr == 192.168.0.15 or ipv6.addr == fd00::15'
Running as user "root" and group "root". This could be dangerous.
Capturing on 'enp1s0'
    7 18.527784502    192.168.0.15 → 192.168.0.11    TCP 74 38560 → 993 [SYN] Seq=0 Win=64240 Len=0 MSS=1460 SACK_PERM=1 TSval=1995173067 TSecr=0 WS=128
    8 18.527822019    192.168.0.11 → 192.168.0.15    TCP 74 993 → 38560 [SYN, ACK] Seq=0 Ack=1 Win=65160 Len=0 MSS=1460 SACK_PERM=1 TSval=1591404900 TSecr=1995173067 WS=128
    9 18.527947837    192.168.0.15 → 192.168.0.11    TCP 66 38560 → 993 [ACK] Seq=1 Ack=1 Win=64256 Len=0 TSval=1995173067 TSecr=1591404900
   10 18.528601748    192.168.0.15 → 192.168.0.11    TLSv1 583 Client Hello
   11 18.528615136    192.168.0.11 → 192.168.0.15    TCP 66 993 → 38560 [ACK] Seq=1 Ack=518 Win=64768 Len=0 TSval=1591404901 TSecr=1995173068
   12 18.541289100    192.168.0.11 → 192.168.0.15    TLSv1.3 1514 Server Hello, Change Cipher Spec, Application Data, Application Data
   13 18.541313146    192.168.0.11 → 192.168.0.15    TLSv1.3 417 Application Data, Application Data
   14 18.541471337    192.168.0.15 → 192.168.0.11    TCP 66 38560 → 993 [ACK] Seq=518 Ack=1800 Win=63232 Len=0 TSval=1995173080 TSecr=1591404914
   15 18.542053860    192.168.0.15 → 192.168.0.11    TLSv1.3 146 Change Cipher Spec, Application Data
   16 18.542064477    192.168.0.11 → 192.168.0.15    TCP 66 993 → 38560 [ACK] Seq=1800 Ack=598 Win=64768 Len=0 TSval=1591404914 TSecr=1995173081
   17 18.542230024    192.168.0.15 → 192.168.0.11    TLSv1.3 90 Application Data
   18 18.542236608    192.168.0.11 → 192.168.0.15    TCP 66 993 → 38560 [ACK] Seq=1800 Ack=622 Win=64768 Len=0 TSval=1591404914 TSecr=1995173081
   19 18.542330787    192.168.0.15 → 192.168.0.11    TCP 66 38560 → 993 [FIN, ACK] Seq=622 Ack=1800 Win=64128 Len=0 TSval=1995173081 TSecr=1591404914
   20 18.542361744    192.168.0.11 → 192.168.0.15    TLSv1.3 608 Application Data, Application Data
   21 18.542411227    192.168.0.11 → 192.168.0.15    TLSv1.3 191 Application Data
   22 18.542474883    192.168.0.15 → 192.168.0.11    TCP 54 38560 → 993 [RST] Seq=623 Win=0 Len=0
   23 18.542490884    192.168.0.15 → 192.168.0.11    TCP 54 38560 → 993 [RST] Seq=623 Win=0 Len=0

in error.log

Code: [Select]
[22-Apr-2021 09:21:06 +0200]: <ftfndk25> IMAP Error: Login failed for user1 against mailserver.example.net from 192.168.20.118. Could not connect to ssl://mailserver.example.net:993: Unknown reason in /var/www/roundcube/program/lib/Roundcube/rcube_imap.php on line 200 (POST /?_task=login&_action=login)

Offline alec

  • Hero Member
  • *****
  • Posts: 1,299
Re: gateway timeout
« Reply #7 on: April 22, 2021, 03:45:22 AM »
That usually is some ssl or certificate verification issue.
Code: [Select]
// IMAP socket context options
// See http://php.net/manual/en/context.ssl.php
// The example below enables server certificate validation
//$config['imap_conn_options'] = [
//  'ssl'         => [
//     'verify_peer'  => true,
//     'verify_depth' => 3,
//     'cafile'       => '/etc/openssl/certs/ca.crt',
//   ],
// ];
// Note: These can be also specified as an array of options indexed by hostname
$config['imap_conn_options'] = null;
So, set it up accordingly. Start with verify_peer=false.

Offline creampuff

  • Newbie
  • *
  • Posts: 6
Re: gateway timeout
« Reply #8 on: April 22, 2021, 05:54:20 AM »
this would lead to "unknown CA" so I need to set "cafile".
verify_peer does not seem to have an effect at all.

It's still not working: The error persists - Any additional ideas?

« Last Edit: April 23, 2021, 03:46:40 AM by creampuff »