Page 1 of 1

I can not access my OPI from my own LAN with my 'opiname'

Posted: Fri Aug 15, 2014 2:22 pm
by pa
The setup test shows that the connection to OPI is ok, but I can not access it from my own LAN.

The reason for this is that many routers have problems to do port forwards when the access is made from the local network.

An example is that users with D-link routers need to setup a "virtual server" in order to make this work from the local network.
For instance a DLINK DIR-825 needs this:
http://forums.dlink.com/index.php?topic=19934.0

Posted: Mon Nov 10, 2014 7:05 am
by jkene
I have this issue and router does not allow any workarounds like virtual server. I can however access the OPI by the ip address (i.e. 192.168.1.18) from my home computer. It also works in the browser on any Android device when I'm connected at home via WiFi. This does however not work in the Android OPI client. I can't replace the OPI-name with IP address, get "Bad OPI certificate" if I do. With devices that has a SIM card I can switch to 4G and access through OPI name but I also have a tablet that only connects via WiFi. Is it not possible to configure the Android OPI client to access the OPI via WiFi using IP?

Posted: Fri Nov 14, 2014 1:26 pm
by tor
Hi jkene,

Sorry for the late reply. The problem with local, lan, access to OPI via the Android apps is a known issue. Unfortunately it's a tough one to solve.

The reason that it does not work is that the Android apps are configured to only trust the certificates issued by OpenProducts and to also verify the certificate against the address used to contact OPI.

The reasons for us doing this is to make absolutely sure that you are talking to the OPI directly and that there are no "man in the middle" attack in progress.

The other reason is that we don't want to unfairly compete with the paid for versions of the application. (With this restriction in place you can only use the app with OPI)

This still of course leave us with the problem that you experience :(

We are toying with the idea to test if we could solve this on our side by modifying the DynDNS service we have in place. (As discussed here) If that works out this would most likely solve the problem.

Apart from that other solutions could be to add a host-entry on the Android-device, this however requires a rooted device. Another one is to disable the dhcp-server in the router and add another one if you have any other device online capable of running such a server (I.e. a NAS or likewise) Finally replacing the router to another one capable of routing this traffic correctly.

I know that these suggestions are neither pretty nor simple. Other suggestions are of course welcome :)

/Tor