SNG7 UCP Access Without Registered Phone

I have two identical (Cloned VM) machines running SNG7. My goal is to make UCP available on HTTPS without registered phone. To accomplish this, I have done the following:

  1. Reqistered an S500 to Machine A, ensure it was working. No UCP URL worked, even though the location IP (hereinafter “Source IP”) shows in Firewall > Status > Registered Endpoints. Install, enable and confirm Letsencrypt certs on both servers.

  2. in Connectivity > Firewall > Services, enable “Internet” for UCP and WebRTC

  3. in System Admin > Port Management, set Secure Port for UCP to 4443

Result:
On machine A (with registered, working S500):
If an IP is whitelisted in Firewall > Networks, https://my.server.com/ucp works fine. If the machine is not whitelisted, the page times out. Nothing in console, no entry in error_log or access_log, and I see nothing in tcpdump -i eth1 port 4443.

However I see this with tcpdump 443:

[SourceIP].16893 > my.server.com.https: Flags [S], cksum 0x466d (correct), seq 1781567072, win 64240, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
[SourceIP].30181 > my.server.com.https: Flags [S], cksum 0x9f7d (correct), seq 1640892874, win 64240, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
[SourceIP].16893 > my.server.com.https: Flags [S], cksum 0x466d (correct), seq 1781567072, win 64240, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
[SourceIP].30181 > my.server.com.https: Flags [S], cksum 0x9f7d (correct), seq 1640892874, win 64240, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0

The url https://my.server.com:4443 works correctly and I see what I expect in logs and console.

On Machine B no registered endpoints, I get different results with the same configuration (TBMK).
I see the following with http://my.server.com:4443:

# tcpdump -i eth1 -vvv  host [Source IP]
tcpdump: listening on eth1, link-type EN10MB (Ethernet), capture size 262144 bytes
13:49:32.404778 IP (tos 0x40, ttl 115, id 18819, offset 0, flags [DF], proto TCP (6), length 52)
    [Source IP].22283 > my.server.pharos: Flags [S], cksum 0x005b (correct), seq 37885869, win 64240, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
13:49:32.404873 IP (tos 0xc0, ttl 64, id 20780, offset 0, flags [none], proto ICMP (1), length 80)
    my.server > [Source IP]: ICMP my.server tcp port pharos unreachable, length 60
        IP (tos 0x40, ttl 115, id 18819, offset 0, flags [DF], proto TCP (6), length 52)
    [Source IP].22283 > my.server.pharos: Flags [S], cksum 0x005b (correct), seq 37885869, win 64240, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
13:49:32.653286 IP (tos 0x40, ttl 115, id 18820, offset 0, flags [DF], proto TCP (6), length 52)
    [Source IP].44582 > my.server.pharos: Flags [S], cksum 0x4312 (correct), seq 3863058906, win 64240, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
13:49:32.653370 IP (tos 0xc0, ttl 64, id 20935, offset 0, flags [none], proto ICMP (1), length 80)
    my.server > [Source IP]: ICMP my.server tcp port pharos unreachable, length 60
        IP (tos 0x40, ttl 115, id 18820, offset 0, flags [DF], proto TCP (6), length 52)
    [Source IP].44582 > my.server.pharos: Flags [S], cksum 0x4312 (correct), seq 3863058906, win 64240, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0

Strangely, it has replaced “my.server.com” with “my.server.pharos” but then says “my.server tcp port pharos unreachable” and no packets returned to the client.

Calling Machine B with http://my.server.com/ucp, I see this:

tcpdump -i eth1 -vvv  host [Source IP]
tcpdump: listening on eth1, link-type EN10MB (Ethernet), capture size 262144 bytes
13:55:21.548704 IP (tos 0x40, ttl 115, id 18842, offset 0, flags [DF], proto TCP (6), length 52)
    [Source IP].linogridengine > my.server.http: Flags [S], cksum 0xac05 (correct), seq 3295207909, win 64240, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
13:55:21.548788 IP (tos 0xc0, ttl 64, id 56371, offset 0, flags [none], proto ICMP (1), length 80)
    my.server > [Source IP]: ICMP my.server tcp port http unreachable, length 60
        IP (tos 0x40, ttl 115, id 18842, offset 0, flags [DF], proto TCP (6), length 52)
    [Source IP].linogridengine > my.server.http: Flags [S], cksum 0xac05 (correct), seq 3295207909, win 64240, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
13:55:21.801996 IP (tos 0x40, ttl 115, id 18843, offset 0, flags [DF], proto TCP (6), length 52)
    [Source IP].35629 > my.server.http: Flags [S], cksum 0x9dda (correct), seq 2939857437, win 64240, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0

Here, it has replaced “my.server.com” with “my.server.http” and can’t send packets their, either. I get the same output with HTTPS, except it says “my.server.https”

So, my questions are

  1. how to make UCP globally available.
  2. why is it NOT available with a registered endpoint?

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.