Signal-desktop: Ports & Firewalls.

Created on 5 Jul 2016  路  11Comments  路  Source: signalapp/Signal-Desktop
  • [ x] I have searched open and closed issues for duplicates

Bug description

I can connect and use Signal fine from my android phone. When I try to connect via the desktop client (using the same network), connection fails. When I use sshuttle (a command line vpn of sorts that works by means of ssh via port 22), then I am able to connect. I believe this must be an issue of which ports are open on this network. The (university) firewall that I'm behind only allows connections to 22, 80 and 443. And it appears that you use port 4433 for the server connection.
I see that in issue #454, you will be introducing a fallback port 8443, but this won't help with my issue.

On the other hand, I'm confused why the phone-based client works without vpn. (Do you use a different port?)

Platform info

Ubuntu Gnome 16.04, Signal 0.13.0
Chromium: Version 50.0.2661.102 Ubuntu 16.04 (64-bit)

Link to debug log

I get a (!) Disconnected message on the top of the client. Here is the bottom part of the log:

2016-07-05T20:47:29.228Z pre-main prep time: 5 ms
2016-07-05T20:47:29.403Z background page reloaded
2016-07-05T20:47:29.474Z extension launched
2016-07-05T20:47:29.537Z opening websocket
2016-07-05T20:47:29.545Z open inbox
2016-07-05T20:47:30.966Z clear attention
2016-07-05T20:47:40.359Z fetchMessages
2016-07-05T20:47:43.502Z fetchMessages
2016-07-05T20:47:48.264Z fetchMessages
2016-07-05T20:49:38.588Z websocket error
2016-07-05T20:49:38.597Z websocket closed 1006
2016-07-05T20:49:38.602Z GET https://textsecure-service-ca.whispersystems.org:4433/v1/devices
2016-07-05T20:49:38.801Z clear attention
2016-07-05T20:51:33.164Z clear attention
2016-07-05T20:51:45.821Z GET https://textsecure-service-ca.whispersystems.org:4433/v1/devices 0 Error
2016-07-05T20:51:46.826Z GET https://textsecure-service-ca.whispersystems.org:4433/v1/devices
2016-07-05T20:52:52.331Z clear attention

picture DiagonalArg

Most helpful comment

@AsamK - Any way I can get around this by adding the cert to my collection, or something?

And, why doesn't the Signal group get a free cert from LetsEncrypt.org? (See also wiki.)

picture DiagonalArg on 7 Jul 2016
👍5

All 11 comments

Signal-Android uses port 443. However on this port the server uses a self-signed certificate, which is pinned in the Android app, but doesn't work in chrome. That's why they introduced port 4433 which uses a certificate signed by a CA, trusted by chrome.

AsamK picture AsamK on 7 Jul 2016
👍1

@AsamK - Any way I can get around this by adding the cert to my collection, or something?

And, why doesn't the Signal group get a free cert from LetsEncrypt.org? (See also wiki.)

DiagonalArg picture DiagonalArg on 7 Jul 2016
👍5

@DiagonalArg from the old README:

Note that for development, the TextSecure staging environment uses a self-signed certificate, which Chrome will complain is insecure. So first visit https://textsecure-service-staging.whispersystems.org/ in your browser and allow the certificate.

AsamK picture AsamK on 8 Jul 2016

@AsamK - I'm on a public network. How can I check this cert? I see the fingerprint and I see the signature, but I need to get your key to check it, correct? Could you put details in the readme?

DiagonalArg picture DiagonalArg on 9 Jul 2016

+1 for changing the port of the desktop client to 443

grasshide picture grasshide on 27 Jul 2016

Port 80 would even be better.... On mobile we typically use our data plan, but on desktop, we are on Wifi, and unless we are home it is extremely likely that these ports will be blocked.

nkosi23 picture nkosi23 on 30 Jul 2016

Sorry guys but this isn't going to happen due to the reasons described by AsamK.

liliakai picture liliakai on 25 Aug 2016

What about my question? How do I check the self-signed cert?

DiagonalArg picture DiagonalArg on 25 Aug 2016

Sounds like a terrible reason for closing the issue. It's better for Chrome to complain and have it work than to have it silently not work.

Barabbas0 picture Barabbas0 on 1 Sep 2016
👍1

Can signal at least remember which port it was last able to connect on for this session and reuse the last connected port? On any network which disallows HTTPS on 80 or connections on port 4433 (which my corporate network is one), the app takes minutes to determine, each time, that it can indeed connect on 8443. This is on literally any operation, up to and including sending and receiving messages, resulting in very long conversation delays and severely mismatched message ordering.

pigsflew picture pigsflew on 8 May 2017

https://gist.github.com/anonymous/1e5600c0a6e2f45ffa0bb2cb0a3dd926

pigsflew picture pigsflew on 8 May 2017
Was this page helpful?
0 / 5 - 0 ratings

Related issues

gesus14 picture gesus14  路  3Comments
vincenzopalazzo picture vincenzopalazzo  路  3Comments
hanzei picture hanzei  路  3Comments
mawed picture mawed  路  3Comments
TarkanY picture TarkanY  路  3Comments