Can't connect to my home's local network

Eestevaoem · 23 Feb

I'm facing an issue when trying to access a nextcloud server that is configured at http://192.168.2.xxx:8085. I have access to this endpoint from my laptop, but not from my phone. Why is that?

For example, on phone's firefox I get the following message: "Unable to connect

The site could be temporarily unavailable or too busy. Try again in a few moments.
If you are unable to load any pages, check your device’s data or Wi-Fi connection."

As I check the nextcloud server logs, the request never made it through, indicating there is some setting isolating the phone from the local network.

00xsigsev · 23 Feb

VPN? You're not connected to your wireless? Are you running some kind of DNS on your phone? Try other browser?

Eestevaoem · 24 Feb

0xsigsev No VPNs connected nor listed. DNS is the OS default. JIK tested with another browser but no success.

I have tried to connect to 192.168.2.xxx from both the browser and the nextcloud app.

Worth mentioning I also have another server running on this very address, but different port, which I'm also not able to reach from my phone. I am able though to reach it from any other device I have.

r134a · 24 Feb

What is your network setup? Do u have vlans configured? How do u acces it from your other devices? On the same wifi accespoint? Cable?
Are u perhaps connected to your guest wifi network with your phone, if u have any?

This is most likely not an issue related to GrapheneOS.

Dde0u · 24 Feb

estevaoem What error does Vanadium give? Quickly or slowly?

00xsigsev · 24 Feb

By any chance you have some kind of a whitelist? What's your IP on the phone and the other device?

Ccdflasdkesalkjfkdfkjsdajfd · 24 Feb

estevaoem 192.168.x.y is a private IP that can only be reached from a device that is at the same network, due to that you can reach from you laptop (connected by cable or WiFi). In your phone, are you connected to your home WiFi when trying to access your Nextcloud?

Note: Due to 192.168.x.y IPs are private, you can publish it without security concerns, due to aren't available outside your network.

Eestevaoem · 24 Feb

de0u That's interesting. I accessed the address from vanadium, it gave me the warning that the connection was not encrypted (http) and once I allowed it, I could access it from any other app.

Is there any sort of allowed addresses list vanadium keeps?

Thanks all repliers for your time by the way.

Eestevaoem · 24 Feb

So, since my last reply, the phone stopped reaching the local network again, I'll consider the problem as not fixed and resume answering the replies:

r134a It's the default modem configuration, no VLANs in place. Other devices access the server from browsers using the same wifi access point. Not connected as a guest. Why do you think that is not related to GrapheneOS? Asking since it is the only device that isn't reaching the servers in local network

0xsigsev No I don't have whitelists configured. My phone ip is 192.168.2.157 and the server ip is 192.168.2.117

cdflasdkesalkjfkdfkjsdajfd thanks for noticing, I was already aware that i could share private ips, but somehow I tend to censor that kind of info for some reason :shrug:
Anyhow, all the devices (including the server) are connected through the wifi

Eestevaoem · 24 Feb

de0u I tried accessing from vanadium once and it connected. However, the second time (right at this moment) I tried and it gave me a quick answer of ERR_ADDRESS_UNREACHABLE (indicating in my interpretention no presence of firewalls whatsoever).

As I was typing this answer, I refreshed the servers page on vanadium and it happened to have again access to the server.

As far as I can see, there is some rule in place, somewhere I can't tell, that is not letting me reliably access the local network from my phone.

Worth mentioning that this is only happening on my phone: when the phone looses connectivity to my local network, all other devices don't.

00xsigsev · 24 Feb

It may be due to strict mode (or whatever the name is) is enabled and you can't connect to your instance via http. Try https:// your instance.

Rryrona · 24 Feb

Just a guess, what happens if you disable cellular connectivity, that is, you put your phone in airplane mode with Wifi still enabled?

I am wondering if it maybe isn't trying to connect through the Wifi. Maybe the cellular network provider is assigning an IP address in the same 192.168.2.0/24 range, confusing the system as where to send out the packets?

Dde0u · 24 Feb

estevaoem So, since my last reply, the phone stopped reaching the local network again, I'll consider the problem as not fixed [...]

So, when the problem is in its non-fixed state, what error message does Vanadium report? Does Vanadium report that error quickly or slowly?

Eestevaoem · 24 Feb

0xsigsev Doesn't help. Since I have not configured TLS nor there are fallback implementations for when the server is called on port 43, the server is yet unreachable.

ryrona Same behavior. I disabled the mobile network as it maybe could be interfering, but that's not the case.

de0u mind checking if my previous answer answers your question?

Eestevaoem · 24 Feb

de0u By the way, the error I got was ERR_CONNECTION_FAILED, not ERR_ADDRESS_UNREACHABLE, sorry for the confusion

r134a · 24 Feb

estevaoem It's the default modem configuration, no VLANs in place. Other devices access the server from browsers using the same wifi access point. Not connected as a guest. Why do you think that is not related to GrapheneOS? Asking since it is the only device that isn't reaching the servers in local network

I've mentioned that it most likely is not related to GrapheneOS, it could be though. But i for example also have a bunch of selfhosted services and have no issues, combined with the fact this is the only report regarding an issue like this, made me conclude it most likely isn't related to GOS.

Did u try the suggestion of @0xsigsev by using https://, as far as i remember nextcloud automatically implements https with a self signed certificate. Did u try just for testing with a gecko based browser, for examole firefox? In my recent experience it seems firefox is less strict sometimes. (I've had a service (materialious) over https remote proxying another service accidentaly over http (invidious), and chrome refused to serve http content from a remote source requested by a https domain. Firefox on the other hand did't comolain and allowed mixed content.

Dde0u · 24 Feb

estevaoem Worth mentioning that this is only happening on my phone: when the phone looses connectivity to my local network, all other devices don't.

If your phone's settings for your home network include "per-connection randomized MAC", can you try switching to "per-network randomized MAC", and then rebooting your router?

r134a · 24 Feb

Apologies, in my last response i've asked if u tried https:// i just see u did. I've started typing when that comment wasnt there yet, and received a phone call, then finished typing and submit :)

Do u have any other services selfhosted than nextcloud? Do u have issue with these? Perhaps try setting up a simple apache webserver and see if u can connect to it with phone.

Eestevaoem · 24 Feb

Thanks guys for the support so far, truly a helpful and strong community.

de0u already configured the phone settings to per-network randomized MAC on both wifi frequencies but didn't reboot the router yet. Will give it a try and see if the problem persists.

r134a Apologies, in my last response i've asked if u tried https:// i just see u did. I've started typing when that comment wasn't there yet, and received a phone call, then finished typing and submit :)

no worries (:
I do have another server running in the same machine and it does happen to share the same problem of the phone not being able to reach it sometimes.

At this point I'm suspecting this is not related to grapheneOS but rather something on my network as you mentioned. Got the same problem on wife's iPhone, but not on other laptops and tablets we have.

r134a · 24 Feb

estevaoem Hmm, do u mind sharing what service? I was suspecting it perhaps was something with your nextcloud config, although network is certainly plausible aswell.

Can u try maybe with a simple apache webserver with just http? It's likely its already included on your server and should be as simple as sudo systemctl start apache2, then check http://ip:80 (if 80 isn't used by any other servive).

Nn3t_admin · 24 Feb

Just chiming in. This might be related to a few things. Some more info would be great:

are VLANs set up in your network? (You didn't answer that yet)
is a reverse proxy set up?
is there any service on your network providing DNS or are you using a well-known service such as Cloudflare, Google or Quad9?

Most importantly: what does your network setup look like?
For example, are router, switch and AP separate devices or all in one?
Are there any firewall rules set anywhere?

This would help greatly in the troubleshooting process.

Dde0u · 24 Feb

estevaoem At this point I'm suspecting this is not related to grapheneOS but rather something on my network as you mentioned. Got the same problem on wife's iPhone, but not on other laptops and tablets we have.

For me this turns up the volume on the "reboot the router" suggestion.

Ssecrec · 25 Feb

Couple of ideas;

1) Nextcloud does not play well with non-encrypted connections.
2) Some router configurations don't allow internal network connections.

Eelih · 25 Feb

estevaoem Worth mentioning that this is only happening on my phone: when the phone looses connectivity to my local network, all other devices don't.

I'm having the same problem. I am able to connect to a VLAN access point, which has no WAN access. However, my GrapheneOS Pixel 7pro device will reliably disconnect after a short period of time, maybe 20-30 seconds on average. All other devices can connect to the same AP without any problems.

r134a · 25 Feb

elih Did u check these settings as mentioned in this post already?

https://discuss.grapheneos.org/d/20248-cant-connect-to-my-homes-local-network/17

Eelih · 25 Feb

r134a
Yes, I'm not using a randomized MAC.

r134a · 25 Feb

elih Hmm, perhaps it is because there's no internet connection? I remember vaguely having an issue with dns on a specific AP, consequently having no internet, and my device disconnected from that AP after a short while and connected to one of my other trusted AP's. Other than that i can't really think of something is u don't have a randomized mac.

Eelih · 25 Feb

After playing around with various router and GrapheneOS settings, I may have solved my disconnect problem. In the Network details settings for this specific AP on my Pixel, I changed the Network usage setting to "Detect automatically" from "Treat as unmetered". The connection has now held for over 5 minutes (knock on wood).

Eestevaoem · 26 Feb

Guys, sorry for missing for 2 days.

r134a The other service is a tabby server, primarily serving my laptop.

Interesting enough, the iPhone wasn't able to access 192.168.2.117:8085. However, as I started apache2 and connected both devices to 192.168.2.117:80, both phones could connect to 192.168.2.117:*.

Both servers (8080 and 8085) are running through docker, would that be the issue somehow?

n3t_admin Thanks for joining the discussion.

Accessed the router admin page this morning and could verify no VLAN rules are configured.
There are no reverse proxies configured afaik
I have not configured any service on my network that provides DNS (not that I'm aware of)

My network setup is the simplest you could imagine: a router serving wifi to all devices, no firewall rules on the server computer nor the router.

r134a · 26 Feb

estevaoem interesting, this would imply that it probably indeed isn't really related to GrapheneOS. Probably u have this right, it wouldn't make many sense u could connect from other devices, but on your docker config are u postitive 8080 and 8085 are the public facing ports? Also on your docker config are u using 0.0.0.0 instead of 127.0.0.1?

fid02 · 26 Feb

estevaoem Was the advice of rebooting the router somehow missed?

Eestevaoem · 26 Feb

r134a yes, positive for port and host serving address. So much it is reliably accessible for 2 of the 4 client devices.

Again though, at least on iPhone, this connection ability is latter lost after some moments.

fid02 yes, I missed it. Couldn't do that back then because that would disrupt other peoples work in the house. Anyways, I just rebooted the router and apparently all devices are able to access servers on port 8080 and 8085, I'm watching for if the connection gets lost throughout the day.

Eestevaoem · 27 Feb

fid02 interesting, rebooting the router actually seems to have fixed the problem. 2nd day streak in which both phones connect to the local network without issues. But why is that? Why rebooting the router granted both devices access to the local network?

r134a · 27 Feb

Probably the issue u was experiencing was caused because of using 'per connection randomized mac', some routers don't play well with that. After u got the advice here to change it to 'per network randomized mac', u mentioned u did that but did not reboot the router yet. The reboot was adviced to clear your routers DHCP table.