roaming to ttn (packetbroker) dont work #563
Description
I have set up roaming to packetbroker for ttn.
My configuration is:
# Backend Interfaces configuration (optional).
[backend_interfaces]
# interface:port to bind the Backend Interfaces API to.
#
# Note: this interface is used both for passive-roaming and when
# integrating with Join Servers that implement the async interface.
# Leaving this option blank will disable the Backend Interfaces API,
# which is fine in most cases.
bind="0.0.0.0:5138"
ca_cert="/etc/chirpstack/certs/ca.crt"
# tls_cert="/etc/chirpstack/certs/server_full.crt"
# tls_key="/etc/chirpstack/certs/server.key"
tls_cert="/etc/chirpstack/certs/le_full.pem"
tls_key="/etc/chirpstack/certs/le_key.pem"
[roaming]
# Resolve NetID domain suffix.
#resolve_netid_domain_suffix=".netids.lora-alliance.org"
# Per server roaming configuration (this can be repeated).
[[roaming.servers]]
net_id="000013"
# Enable default roaming server.
enabled=true
#async=true
# Async timeout (set to 0 to disable async interface).
async_timeout="30s"
#passive_roaming=true
# Passive-roaming session lifetime (set to 0 for stateless).
passive_roaming_lifetime="0s"
# Server.
#
# If set, this will bypass the DNS resolving of the server.
server="https://eu.packetbroker.io:5138"
# Use target role suffix.
#
# Depending the context of the remote server, this will add
# the /sns or /fns path to the server endpoint.
use_target_role_suffix=false
# CA certificate (path).
#ca_cert=""
#ca_cert="/etc/chirpstack/certs/ca.crt"
# TLS certificate (path).
#tls_cert=""
# TLS key (PKCS#8) (path).
#tls_key=""
# Authorization header.
#
# Optional value of the Authorization header, e.g. token or password.
authorization_header="Key <mytoken>"Port 5138 is publicly accessible. I also got a tenant at packetbroker and signed their certificate with my ca.
But now packetbroker gets the following error message:
2024-07-02T08:20:07.147800055Z stderr F
{ "level": "warn", "ts": 1719908407.147675, "caller": "roaming/client.go:216", "msg": "Request failed", "message_id": "01J1S8F5PCQQQPP4ZX1BBBBYR8", "target_net_id": "000001", "target_tenant_id": "<mytenant>", "target_cluster_id": "", "message_type": "PRStartAns", "sender_id": "000013", "receiver_id": "000001", "url": "https://lorastack.<mydomain>.de:5138", "authorization": "tls_client_auth", "error": "Post \"https://lorastack.<mydomain>.de:5138\": remote error: tls: unknown certificate" }
And in my chirpstack I see the following messages:
2024-07-02T08:20:06.919962Z DEBUG
up{deduplication_id=97087ed3-b610-440a-bda3-dd880dbc2398}:data_up:
chirpstack::uplink::data: DevAddr does not match NetID, assuming roaming
device dev_addr=*****f2a
2024-07-02T08:20:06.920192Z INFO
up{deduplication_id=97087ed3-b610-440a-bda3-dd880dbc2398}:data_up:data_pr:
chirpstack::uplink::data_fns: Starting passive-roaming session
net_id=000013 dev_addr=*****f2a
2024-07-02T08:20:06.920284Z INFO
up{deduplication_id=97087ed3-b610-440a-bda3-dd880dbc2398}:data_up:data_pr:request{message_type=PRStartReq
sender_id=000001 receiver_id=000013 transaction_id=3537335250}: backend:
Making request server=https://eu.packetbroker.io:5138 async_interface=true
2024-07-02T08:20:36.998181Z INFO
up{deduplication_id=97087ed3-b610-440a-bda3-dd880dbc2398}:data_up:data_pr:request{message_type=PRStartReq
sender_id=000001 receiver_id=000013 transaction_id=3537335250}: backend:
Async response received
2024-07-02T08:20:36.998244Z ERROR
up{deduplication_id=97087ed3-b610-440a-bda3-dd880dbc2398}:data_up:data_pr:
chirpstack::uplink::data_fns: Start passive-roaming error net_id=000013
error=channel closed
Mr. Stokking and I think that my chirpstack does not check the client certificate of packetbroker.
I hope you can help me to debug this.