Having trouble with the gateway



  • Hi folks
    I have been trying around three hours to get my two cams work with the show 5.
    With the spot everything works fine, but with the show5 no chance.
    I tried out all settings possible, but no success!
    I am using the gateway on a docker-container on a X…ology. Everything runs quite ok, and the reaction of the show is much faster as without using the monocle gateway.
    I am not sure if the port 443 is free, but I do not see any message in the docker log!
    My cams are both BurgCams Dome 303 and work fine with the Spot!
    What I do not understand, where is the link between the gateway and the different (in my case, 2) cams!?
    How are they addressed?
    Thank you in advance for your friendly help
    Regards Christoph



  • @pc1246

    Hi Christoph,

    The Echo Show 5 (and all current generation FireTVs) will only connect to a SSL encrypted camera endpoint/RTSP stream using a publicly resolvable DNS hostname. The gateway sites on your network and works in between your Echo Show 5 and IP camera to provide these requirements to satisfy Amazon’s requirements.

    Getting it to work in a docker container inside a Synology NAS can be quite complicated. Are you able to run it on a different computer (or embedded device like a RaspberryPi) at first so we can verify a functional environment before trying to tackle any Docker/Synology specific issues? The root problem is most likely a networking related issue. Most likely the Alexa device is not able to resolve the DNS hostname assigned to your gateway instance or it can’t communicate inbound on port 443 to the gateway instance.

    Thanks, Robert



  • Hi Robert
    Thank you for your quick answer!
    Yes I can run the gateway on another device. I will do it just right now.
    I will post success/failure as soon as completed.
    Regards Christoph



  • Hi Robert
    The gateway is now running on my Windows PC. The docker container is stopped.
    I tried nearly all variants: @noaudio; @proxy; @tunnel; @proxy-tcp
    But no success!
    Do I have to research devices with Alexa?
    What else can I do to support you to help me?
    Thanks in advance
    Regards Christoph



  • @pc1246

    The next step will be to get the log data from the monocle gateway and post it here so we can review it. (Just remember to remove any passwords or personal info from the data)

    https://monoclecam.com/monocle-gateway/install/windows#logging

    It’s best to just restart the gateway and then ask Alexa for a single camera request. We just need the log data to include the startup of the gateway and then one camera request.

    Thanks, Robert

    .



  • Hi Robert
    Sorry I had no time yesterday.
    Here is the log.
    I tried now also with these settings to use the spot to show the cam. This does also not work.
    I think this is a networking problem.
    Regards Christoph

    
     ******************************************************************
     *             __  __  ___  _  _  ___   ___ _    ___              *
     *            |  \/  |/ _ \| \| |/ _ \ / __| |  | __|             *
     *            | |\/| | (_) | .` | (_) | (__| |__| _|              *
     *            |_|  |_|\___/|_|\_|\___/ \___|____|___|             *
     *                                                                *
     ******************************************************************
    
    
    -------------------------------------------------
    MONOCLE RUNTIME ENVIRONMENT
    -------------------------------------------------
    VERSION   = 0.0.4
    OS/ARCH   = win32\x64
    PROCESS   = monocle-gateway (PID=22600)
    TIMESTAMP = 2019-08-22T06:35:08.627Z
    
    -------------------------------------------------
    MONOCLE GATEWAY SERVICE         (Version: 0.0.4)
    -------------------------------------------------
    [Monocle Starting]
    [Monocle Connecting]
    [Monocle Started]
    [RTSP Server Starting]
    [RTSP Server Listening] 0.0.0.0:8555 (RTSP)
    [RTSP Server Listening] 0.0.0.0:443 (RTSP-TLS)
    [RTSP Proxy Started] (PID=24724)
    [RTSP Server Listening] 0.0.0.0:8554 (PROXY)
    [RTSP Server Started]
    [Monocle Connected]
    [RTSP Server Registered]
    
    -------------------------------------------------
    MONOCLE RTSP SERVICE - INITIALIZED
    -------------------------------------------------
    FQDN = a40c1fdd-8c29-4cbf-8f62-0fd5757e4132.mproxy.io
    HOST = 192.168.248.1
    PORT = 443
    -------------------------------------------------
    
    -------------------------------------------------
    INITIALIZE RTSP STREAM:  Eingang
    -------------------------------------------------
     - NAME  : Eingang
     - LABEL : PRIMARY
     - URL   : rtsp://192.168.178.251:554/
     - UUID  : STREAM:13fec628-e8b8-4096-a413-eff6d0a6be55
     - SESS  : d825bd7e-30de-4dde-8a35-0b93e3b6aa87
     - MODIF : Wed Aug 21 2019 08:34:41 GMT+0200 (Mitteleuropäische Sommerzeit)
     - TAGS  : @tunnel
    -------------------------------------------------
    
    
    -------------------------------------------------
    INITIALIZE RTSP STREAM:  Eingang
    -------------------------------------------------
     - NAME  : Eingang
     - LABEL : PRIMARY
     - URL   : rtsp://192.168.178.251:554/
     - UUID  : STREAM:13fec628-e8b8-4096-a413-eff6d0a6be55
     - SESS  : 1b2df377-fd95-4311-bd4b-691a20d72236
     - MODIF : Wed Aug 21 2019 08:34:41 GMT+0200 (Mitteleuropäische Sommerzeit)
     - TAGS  : @tunnel
    -------------------------------------------------
    
    
    -------------------------------------------------
    INITIALIZE RTSP STREAM:  Eingang
    -------------------------------------------------
     - NAME  : Eingang
     - LABEL : PRIMARY
     - URL   : rtsp://192.168.178.251:554/
     - UUID  : STREAM:13fec628-e8b8-4096-a413-eff6d0a6be55
     - SESS  : a131e9fa-adc8-4d86-862a-f31fa143feb4
     - MODIF : Wed Aug 21 2019 08:34:41 GMT+0200 (Mitteleuropäische Sommerzeit)
     - TAGS  : @tunnel
    -------------------------------------------------
    
    
    

    Edit: I think the port 443 is not reachable from the internet. But if I have to forward it, which address is the goal?
    192.168.248.1?? But this is not in my address range!



  • @pc1246 said in Having trouble with the gateway:

    192.168.248.1

    OK, yet very much looks like a networking issue.

    You should not have to forward any ports or expose port 443 to the Internet. All of this should work internally.

    So the first issues would be the IP address. If “192.168.248.1” is not correct and not reachable from the Alexa device on your local network … that is definitely a problem. This is the IP address automatically detected by the gateway when it starts up.

    Is the gateway running on a VM or in a Docker container?

    If this is not the correct local network address for the gateway server, then you can override the auto-detected address with custom settings: See: https://monoclecam.com/monocle-gateway/custom-configuration#override-auto-detected-ip-address

    Thanks, Robert



  • @Monocle
    Hi Robert
    As we discussed yesterday, I started the gateway on my Windows PC.
    But now is clear it took one of the available NICs. And yes there is a VM existing on it.
    Ok I now tried the correct address of the PC, but it still does not work!

    
     ******************************************************************
     *             __  __  ___  _  _  ___   ___ _    ___              *
     *            |  \/  |/ _ \| \| |/ _ \ / __| |  | __|             *
     *            | |\/| | (_) | .` | (_) | (__| |__| _|              *
     *            |_|  |_|\___/|_|\_|\___/ \___|____|___|             *
     *                                                                *
     ******************************************************************
    
    
    -------------------------------------------------
    MONOCLE RUNTIME ENVIRONMENT
    -------------------------------------------------
    VERSION   = 0.0.4
    OS/ARCH   = win32\x64
    PROCESS   = monocle-gateway (PID=25724)
    TIMESTAMP = 2019-08-22T16:22:37.722Z
    
    -------------------------------------------------
    MONOCLE GATEWAY SERVICE         (Version: 0.0.4)
    -------------------------------------------------
    [Monocle Starting]
    [Monocle Connecting]
    [Monocle Started]
    [RTSP Server Starting]
    [RTSP Server Listening] 0.0.0.0:8555 (RTSP)
    [RTSP Server Listening] 0.0.0.0:443 (RTSP-TLS)
    [RTSP Proxy Started] (PID=18580)
    [RTSP Server Listening] 0.0.0.0:8554 (PROXY)
    [RTSP Server Started]
    [Monocle Connected]
    [RTSP Server Registered]
    
    -------------------------------------------------
    MONOCLE RTSP SERVICE - INITIALIZED
    -------------------------------------------------
    FQDN = a40c1fdd-8c29-4cbf-8f62-0fd5757e4132.mproxy.io
    HOST = 192.168.178.117
    PORT = 443
    -------------------------------------------------
    
    -------------------------------------------------
    INITIALIZE RTSP STREAM:  Eingang
    -------------------------------------------------
     - NAME  : Eingang
     - LABEL : PRIMARY
     - URL   : rtsp://192.168.178.251:554/
     - UUID  : STREAM:13fec628-e8b8-4096-a413-eff6d0a6be55
     - SESS  : 5782f6a6-26a2-46cb-9cca-78f480f2ced4
     - MODIF : Wed Aug 21 2019 08:34:41 GMT+0200 (Mitteleuropäische Sommerzeit)
     - TAGS  : @tunnel
    -------------------------------------------------
    
    
    -------------------------------------------------
    INITIALIZE RTSP STREAM:  Eingang
    -------------------------------------------------
     - NAME  : Eingang
     - LABEL : PRIMARY
     - URL   : rtsp://192.168.178.251:554/
     - UUID  : STREAM:13fec628-e8b8-4096-a413-eff6d0a6be55
     - SESS  : 15245cc7-c657-4ac1-a14d-f7295f0c217e
     - MODIF : Wed Aug 21 2019 08:34:41 GMT+0200 (Mitteleuropäische Sommerzeit)
     - TAGS  : @tunnel
    -------------------------------------------------
    
    
    -------------------------------------------------
    INITIALIZE RTSP STREAM:  Eingang
    -------------------------------------------------
     - NAME  : Eingang
     - LABEL : PRIMARY
     - URL   : rtsp://192.168.178.251:554/
     - UUID  : STREAM:13fec628-e8b8-4096-a413-eff6d0a6be55
     - SESS  : 96f3db79-e49d-4aac-8a48-eb3ca45b71a5
     - MODIF : Wed Aug 21 2019 08:34:41 GMT+0200 (Mitteleuropäische Sommerzeit)
     - TAGS  : @tunnel
    -------------------------------------------------
    

    I will try later when I am back, with other settings than @tunnel!
    Regards Christoph

    Edit:
    I just tried all settings and some combinations, none of them works!



  • @pc1246

    OK, still a network issue – we should see incoming TCP requests in the log for the RTSP stream from the Alexa device. So …

    1.) . Go ahead and create yourself a new Monocle token file. When changing IP’s it takes some time to get the DNS updated and propagated – it will update, but often times the Alexa devices seems to hang on (cache) the old DNS record for some time. It may also help to reboot the Alexa device.

    2.) . You might try disabling the Windows firewall temporarily just to make sure its not a factor.

    3.) . If these simple things don’t work, then we may need to look deeper into the DNS resolution on your network … What type of router do you have? A few block something called DNS REBINDING by default which is a problem for the Monocle Gateway.

    Thanks, Robert



  • @Monocle
    I will do when I am back home



  • @pc1246

    I just checked your DNS record and its is updated so you may not need to generate a new token. I would still reboot Alexa for good measure.

    You can also try this “nslookup” command on your network. It should resolve to your new/correct IP address.

    $ nslookup a40c1fdd-8c29-4cbf-8f62-0fd5757e4132.mproxy.io
    Server:		10.1.1.1
    Address:	10.1.1.1#53
    
    Non-authoritative answer:
    Name:	a40c1fdd-8c29-4cbf-8f62-0fd5757e4132.mproxy.io
    Address: 192.168.178.117
    

    Thanks, Robert



  • @Monocle
    Sorry Robert, but I go to bed now. Thank you, and tomorrow more!
    Regards Christoph



  • @Monocle
    Hi Robert, I am a step nearer, but I think I do not like it!
    What did I do:

    • deactivate “no DNS rebind” in my router
    • afterwards dnslookup worked for the given address
    • trying to show camera with “show5” and it worked immediately
    • setting is only @tunnel
    • stopping gateway on windows PC and starting on Synology
    • same issue with wrong IP-address, corrected but no success

    So far a small success, but I am not sure if I want to leave it in the router like it is now!
    The problem with the gateway on the Synology is a networking issue, which I will probably solve!?
    Regards Christoph



  • @pc1246

    I understand not wanting to completely disable DNS REBINDING on the router. I would not do that either!

    Does your router allow you to create exceptions for DNS rebinds? For example, on my router I can create a rule to only allow the single hostname associated with my Monocle Gateway to pass and no other DNS hostnames. Exposing a single hostname like this is not really insecure as long as you know what its being used for and its not a nefarious spoofed DNS host name.

    Another option would be if your router allows you to override a DNS hostname. In this case you could just enter your Monocle Gateway FQDN (DNS hostname) and assign it internally to the instance of Monocle Gateway.

    Basically, in the end, Alexa will only talk to a DNS resolvable hostname who has a valid SSL certificated and is listening on port 443.

    Getting it to work on the Synology is possible, but will be some additional effort to get the right networking logic in place. Basically Monocle Gateway has to listed on port 443 and Synology uses port 443 internally so we can’t share it. This will require some additional Docker networking magic to get working but it is possible. I run my Monocle Gateway from a Synology NAS at my home.

    Thanks, Robert



  • @Monocle
    Hi Robert, thank you for your answer. I am running a DD-WRT so I should be able to do, but I do not know how.
    I tried to google how to whitelist in DD-WRT, but I do not have a domain in my private network, and so I am stuck!
    The other thing with the Synology seems to be more complicate than I thought. Would you please give me a hand to find the way?
    Thanks in advance
    Christoph



  • @pc1246 said in Having trouble with the gateway:

    DD-WRT

    Try doing a google search for “dd-wrt rebind-domain-ok
    https://www.google.com/search?q=dd-wrt+rebind-domain-ok&oq=dd-wrt+rebind-domain-ok

    I see a number of forum posts that discuss this option and configuring the router to allow single hostnames.
    Let see if we can get past this issue and have it working before moving on to the Synology.

    Thanks, Robert



  • @Monocle
    Hi Robert
    Sorry, for being so stupid. I thought I have to use the IP of the gateway in rebind settings.
    Suddenly I got a flash in my mind and I used the …mproxy.io and now it works.
    So we can now proceed to Synology with docker!
    Thank you for your patience
    Regards Christoph



  • @pc1246
    Hi Robert, I feel you are doing this completely alone!?
    Anyhow I would like to ask you if it would be possible to show me your way trough the Synology problem.
    Thanks in advance
    Christoph



  • @pc1246

    Sorry for the delay – I was out for a few weeks. Yes, currently alone on this project - but not always.

    Let me re-create my Synology docker install and document/record the steps. I know I had to use SSH and access the system shell to pull it off. The UI tools alone would not get the job done.

    Thanks, Robert



  • @pc1246,

    It’s not yet complete, but here is the article for installing Monocle Gateway as a Docker Container on a Synology NAS.

    https://monoclecam.com/monocle-gateway/install/synology

    I expect it to be completed tomorrow.

    Thanks, Robert


Log in to reply