|
Fking (OP)
|
 |
November 22, 2012, 02:19:36 PM |
|
I have a bitcoind daemon running on one server and trying to connect it from another one for the last couple of days but always i get connection time out error. Here is the stuff i've excluded so far, please help me to see what angle i'm missing  - the client server IP is added both in host server firewall whitelist and bitcoin.conf file (rpcallowip=) - both ports 8332 and 8333 are allowed in the host server firewall and i can see the bitcoind listening to them (netstat -lnp) - it's not localost connection so https is a must as i understood from the docs. I'm using self generated certificates, here are the settings used rpcssl=1 rpcsslcertificatechainfile=cs.crt rpcsslprivatekeyfile=cs.key cs.csr and cs.pem files were generated as well but i suppose the above 2 are the ones i need set? anway all 4 are in both .bitcoin and bitcoin dirs (i suppose it looks in ".bitcoin" only dir? but wanted to make sure) - the only onther settings i have in the conf file are: server=1 rpcuser=someuserhere rpcpassword=somepasshere everything else is default so where else i should look? |
|
|
|
|
ingrownpocket
Legendary
 Offline
Activity: 952
Merit: 1000
|
|
November 22, 2012, 03:25:35 PM |
|
Are you using PHP to connect?
|
|
|
|
|
BCB
CTG
VIP
Legendary
Offline
Activity: 1078
Merit: 1002
BCJ
|
|
November 22, 2012, 03:27:56 PM |
|
|
|
|
|
|
|
Fking (OP)
|
|
November 22, 2012, 10:03:42 PM |
|
ah i might have generated the certs wrong since i used something different than the one described in the wiki I'm using php and also the cert on the other side, lets see if it works now. Thank you guys! |
|
|
|
|
|
Fking (OP)
|
|
November 27, 2012, 08:19:51 PM |
|
nope, doesn't work with the new certs The bitcoind doesn't respond to client server requests. And I get this: "Fatal error: Uncaught BitcoinClientException: - : CURL error: couldn't connect to host thrown in on line 0"
hm no ideas what else to look...  |
|
|
|
|
|
Fking (OP)
|
|
November 28, 2012, 02:49:40 PM |
|
what else tends to give problems when connecting between servers?
|
|
|
|
|
BCB
CTG
VIP
Legendary
Offline
Activity: 1078
Merit: 1002
BCJ
|
|
November 28, 2012, 02:55:02 PM |
|
were you able to connect without ssl?
Stop bitcoind
change rpcssl=1 to rpcssl=0
restart bitcoind and try to start.
If you can connect it is probably and issue with verify_peer in rpc.
I know user kjj is a pretty sharp programer. maybe you could ping him.
please keep us posted.
|
|
|
|
|
kjj
Legendary
Offline
Activity: 1302
Merit: 1025
|
|
November 28, 2012, 07:46:17 PM |
|
were you able to connect without ssl?
Stop bitcoind
change rpcssl=1 to rpcssl=0
restart bitcoind and try to start.
If you can connect it is probably and issue with verify_peer in rpc.
I know user kjj is a pretty sharp programer. maybe you could ping him.
please keep us posted.
I do all of my stuff on the same server as bitcoind, so I've never needed SSL. I saw this thread and decided to try it out, but so far I have been too busy. I know that SSL problems can be painful to diagnose. Clients in particular are notoriously bad about reporting errors. Usually you don't get much more than "it didn't work". The good news is that you might not have a SSL problem at all. Timeout suggests a different problem. Double check that your -rpcallowip is right, then double check your firewall, and finally, use nmap and/or telnet to verify that the computers are able to connect. Also, as BCB suggested, try it without SSL. If I'm right about the connection problem, it won't work with -rpcssl=0 either. |
17Np17BSrpnHCZ2pgtiMNnhjnsWJ2TMqq8
I routinely ignore posters with paid advertising in their sigs. You should too.
|
|
|
|
Fking (OP)
|
|
November 28, 2012, 09:15:01 PM |
|
I haven't tried without SSL because the wiki says that for non-localhost connections ssl is the only option? the openssl s_client -connect localhost:8332 command outputs fine btw, again according to the wiki so it works locally, just for some reason can't get to it the allowed ip i checked like 10 times, and it's also for sure allowed in the firewall, together with both ports 8332 and 8333 just in case basically i'm out of ideas guys what else might be wrong? p.s. has anyone made between server connections work without ssl? (not that i would like to run it like that) |
|
|
|
|
kjj
Legendary
Offline
Activity: 1302
Merit: 1025
|
|
November 28, 2012, 09:25:48 PM |
|
I haven't tried without SSL because the wiki says that for non-localhost connections ssl is the only option? the openssl s_client -connect localhost:8332 command outputs fine btw, again according to the wiki so it works locally, just for some reason can't get to it the allowed ip i checked like 10 times, and it's also for sure allowed in the firewall, together with both ports 8332 and 8333 just in case basically i'm out of ideas guys what else might be wrong? p.s. has anyone made between server connections work without ssl? (not that i would like to run it like that) You need to do the check from the remote end, not localhost. Most likely your firewall isn't really open on that port, but possibly other things. Try using -bind=your_IP_address too. |
17Np17BSrpnHCZ2pgtiMNnhjnsWJ2TMqq8
I routinely ignore posters with paid advertising in their sigs. You should too.
|
|
|
|
Fking (OP)
|
|
November 28, 2012, 09:45:42 PM |
|
I haven't tried without SSL because the wiki says that for non-localhost connections ssl is the only option? the openssl s_client -connect localhost:8332 command outputs fine btw, again according to the wiki so it works locally, just for some reason can't get to it the allowed ip i checked like 10 times, and it's also for sure allowed in the firewall, together with both ports 8332 and 8333 just in case basically i'm out of ideas guys what else might be wrong? p.s. has anyone made between server connections work without ssl? (not that i would like to run it like that) You need to do the check from the remote end, not localhost. Most likely your firewall isn't really open on that port, but possibly other things. Try using -bind=your_IP_address too. yes i know, but the checks from the other side don't work, i just know that it's setup fine on the host server because of this. do u mean to use the bind in the shell on the host server? what's your idea? |
|
|
|
|
kjj
Legendary
Offline
Activity: 1302
Merit: 1025
|
|
November 29, 2012, 01:51:37 AM |
|
I haven't tried without SSL because the wiki says that for non-localhost connections ssl is the only option? the openssl s_client -connect localhost:8332 command outputs fine btw, again according to the wiki so it works locally, just for some reason can't get to it the allowed ip i checked like 10 times, and it's also for sure allowed in the firewall, together with both ports 8332 and 8333 just in case basically i'm out of ideas guys what else might be wrong? p.s. has anyone made between server connections work without ssl? (not that i would like to run it like that) You need to do the check from the remote end, not localhost. Most likely your firewall isn't really open on that port, but possibly other things. Try using -bind=your_IP_address too. yes i know, but the checks from the other side don't work, i just know that it's setup fine on the host server because of this. do u mean to use the bind in the shell on the host server? what's your idea? I'm saying that you need to do some checks at a lower level. Use nmap from the client side to see if you can get any reply from the server. If it reports the port closed, you need to figure out why. Likely reasons are that your firewall isn't really allowing the traffic in, or possibly that bitcoind is binding to the RPC port on 127.0.0.1 instead of 0.0.0.0. |
17Np17BSrpnHCZ2pgtiMNnhjnsWJ2TMqq8
I routinely ignore posters with paid advertising in their sigs. You should too.
|
|
|
|
Fking (OP)
|
|
November 29, 2012, 08:59:07 PM |
|
unfortunately i dont have shell access from the client server. the php script is giving this error now though: Fatal error: Uncaught BitcoinClientException: - : CURL error: couldn't connect to host thrown in on line 0
btw are you guys using line like this in the bitcoin.conf: rpcsslciphers=TLSv1+HIGH:!SSLv2:!aNULL:!eNULL:!AH:!3DES:@STRENGTH or just left it out and it uses the same by default? |
|
|
|
|
kjj
Legendary
Offline
Activity: 1302
Merit: 1025
|
|
November 29, 2012, 09:14:27 PM |
|
Hmm. Well, if you have a different box that you can test from, open that one in your firewall, and set that in your rpcallowip line. Also, on the server, check "netstat -nap | grep bitcoin | grep LISTEN". Look for a line similar to one of these: tcp 0 0 0.0.0.0:8332 0.0.0.0:* LISTEN 22327/bitcoind
tcp6 0 0 :::8332 :::* LISTEN 22327/bitcoind
tcp 0 0 127.0.0.1:8332 0.0.0.0:* LISTEN 22327/bitcoind
tcp6 0 0 ::1:8332 :::* LISTEN 22327/bitcoind
The pairs are IPv4 and IPv6 versions of the same thing. The first pair shows bitcoind has bound to every interface. The second pair shows bitcoind bound only to localhost. For remote connections, you need it to bind to every interface. |
17Np17BSrpnHCZ2pgtiMNnhjnsWJ2TMqq8
I routinely ignore posters with paid advertising in their sigs. You should too.
|
|
|
|
Fking (OP)
|
|
November 29, 2012, 09:25:41 PM |
|
i had the host server support double check for me, the ip is whitelisted and they can connect on those ports the netstat gives tcp 0 0 0.0.0.0:8332 0.0.0.0:* LIST EN 17325/./bitcoind
tcp 0 0 0.0.0.0:8333 0.0.0.0:* LIST EN 17325/./bitcoind
so i suppose we are good here the only think that i can figure out now is if the client host for some reason is forbidding the outgoing ssl connections, for which i'm waiting them to answer now and also the host server to tell me if there are attempts to connect from the client host ip i don't see why the client host might be doing that, but what else we have left? |
|
|
|
|
|
