Android app can not connect with the nextcloud server in the wlan

This is the result

Well I imagine the reason it’s not working via the app and connecting to the ip address is that the certificate is not issued to your ip, but your domain instead.

It’s good that you can reach your server via the ip though, it suggests the issue with the domain is dns related. It’s very difficult to say what the problem is without seeing your web server configuration, ssl configuration and how you’ve got dns set up.

Here is my config.php

<?php
$CONFIG = array (
  'instanceid' => 'och4tc5gma78',
  'passwordsalt' => 'XXXXXXXXwcccccccccccccXXXXXXXXX',
  'secret' => 'xxxxx+8hX0GRLSHGrl34/xxxxxxxxxm9t7R6/xxxxxx',
  'trusted_domains' => 
  array (
    0 => '192.168.178.25',
    1 => 'xxxxxxxxxx.dynv6.net',
  ),
  'datadirectory' => '/srv/nextcloud',
  'overwrite.cli.url' => 'https://192.168.178.25/nextcloud',
  'dbtype' => 'mysql',
  'version' => '9.1.0.16',
  'dbname' => 'nextcloud',
  'dbhost' => 'localhost',
  'dbtableprefix' => 'oc_',
  'dbuser' => 'nextcloud',
  'dbpassword' => '9OsH.4nP-.,',
  'logtimezone' => 'UTC',
  'installed' => true,
  'maintenance' => false,
  'theme' => '',
  'loglevel' => 0,
  'memcache.local' => '\\OC\\Memcache\\APCu',
);

And error is the while saerch server

a) I’m not sure overwrite.cli.url is what you think it is.
b) Why are you try to access the root domain in the above screenshot? You’re serving nextcloud from subdomain.domain.net/nextcloud.
c) I’m assuming you forgot to remove your domain from the above config - needless to say I have tried accessing that address and I can access it.

If your dns entry also resolves an ipv6 address, you should tell your server to answer ipv6 requests as well. On your home network, you have dual stack meaning that ipv6 is preferred. On the mobile network you only have ipv4. 2 possible solutions:

  • tell your server to handle ipv6: check with netstat -tlpuen if apache already listens to ipv6 (https://httpd.apache.org/docs/2.4/en/bind.html) and the address from the ssllabs-test really is the ipv6-address of your server (see ifconfig).
  • only use a dns name that resolves ipv4 only (you need to use a dynamic dns provider, such as no-ip.com (there are others as well)).

here is the result from

xxx@xxxxx:~$ sudo netstat -tlpuen
[sudo] Passwort für xxx: 
Aktive Internetverbindungen (Nur Server)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       User       Inode       PID/Program name
tcp        0      0 127.0.0.1:3306          0.0.0.0:*               LISTEN      122        20596       2558/mysqld     
tcp        0      0 0.0.0.0:139             0.0.0.0:*               LISTEN      0          25270       3545/smbd       
tcp        0      0 0.0.0.0:5900            0.0.0.0:*               LISTEN      0          25523       3559/x11vnc     
tcp        0      0 127.0.1.1:53            0.0.0.0:*               LISTEN      0          20787       2872/dnsmasq    
tcp        0      0 0.0.0.0:22012           0.0.0.0:*               LISTEN      0          21747       2550/sshd       
tcp        0      0 0.0.0.0:445             0.0.0.0:*               LISTEN      0          25269       3545/smbd       
tcp6       0      0 :::139                  :::*                    LISTEN      0          25268       3545/smbd       
tcp6       0      0 :::5900                 :::*                    LISTEN      0          25524       3559/x11vnc     
tcp6       0      0 :::80                   :::*                    LISTEN      0          59232       5061/apache2    
tcp6       0      0 :::443                  :::*                    LISTEN      0          59236       5061/apache2    
tcp6       0      0 :::22012                :::*                    LISTEN      0          21749       2550/sshd       
tcp6       0      0 :::445                  :::*                    LISTEN      0          25267       3545/smbd       
udp        0      0 0.0.0.0:5353            0.0.0.0:*                           111        18463       2099/avahi-daemon: 
udp        0      0 0.0.0.0:56819           0.0.0.0:*                           111        18465       2099/avahi-daemon: 
udp        0      0 127.0.1.1:53            0.0.0.0:*                           0          20786       2872/dnsmasq    
udp        0      0 0.0.0.0:68              0.0.0.0:*                           0          20290       2863/dhclient   
udp        0      0 192.168.178.255:137     0.0.0.0:*                           0          25228       3527/nmbd       
udp        0      0 192.168.178.25:137      0.0.0.0:*                           0          25227       3527/nmbd       
udp        0      0 0.0.0.0:137             0.0.0.0:*                           0          25224       3527/nmbd       
udp        0      0 192.168.178.255:138     0.0.0.0:*                           0          25230       3527/nmbd       
udp        0      0 192.168.178.25:138      0.0.0.0:*                           0          25229       3527/nmbd       
udp        0      0 0.0.0.0:138             0.0.0.0:*                           0          25225       3527/nmbd       
udp        0      0 0.0.0.0:631             0.0.0.0:*                           0          18118       2411/cups-browsed
udp6       0      0 :::5353                 :::*                                111        18464       2099/avahi-daemon: 
udp6       0      0 :::46724                :::*                                111        18466       2099/avahi-daemon: 

no ipv6.

ifconfig
enp1s0    Link encap:Ethernet  Hardware Adresse 32:89:0e:92:r5:0e  
          inet Adresse:192.168.178.25  Bcast:192.168.178.255  Maske:255.255.255.0
          inet6-Adresse: fe80::db8f:567:60af:e999/64 Gültigkeitsbereich:Verbindung
          inet6-Adresse: 2a02:810d:567:a24:91a5:8c3b:485d:0ecb/64 Gültigkeitsbereich:Global
          inet6-Adresse: 2a02:5678:340:a24:acf5:7r45:4d84:7edd/64 Gültigkeitsbereich:Global
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metrik:1
          RX-Pakete:282960 Fehler:0 Verloren:0 Überläufe:0 Fenster:0
          TX-Pakete:257717 Fehler:0 Verloren:0 Überläufe:0 Träger:0
          Kollisionen:0 Sendewarteschlangenlänge:1000 
          RX-Bytes:111350813 (111.3 MB)  TX-Bytes:205139464 (205.1 MB)

lo        Link encap:Lokale Schleife  
          inet Adresse:127.0.0.1  Maske:255.0.0.0
          inet6-Adresse: ::1/128 Gültigkeitsbereich:Maschine
          UP LOOPBACK RUNNING  MTU:65536  Metrik:1
          RX-Pakete:240150 Fehler:0 Verloren:0 Überläufe:0 Fenster:0
          TX-Pakete:240150 Fehler:0 Verloren:0 Überläufe:0 Träger:0
          Kollisionen:0 Sendewarteschlangenlänge:1 
          RX-Bytes:141568783 (141.5 MB)  TX-Bytes:141568783 (141.5 MB)

In which file must i handle the listen-entries?
/etc/apache2/ports.conf?

Can you give me an example. conf please fur listen entries. Thanks

https://httpd.apache.org/docs/2.4/en/bind.html
In which file must i do the entry
"Listen [2001:db8::a00:20ff:fea7:ccea]:80" an in my case “Listen [2001:db8::a00:20ff:fea7:ccea]:443” . In ports.conf or in my host or in apache.conf or in all?

Is this entry in port.conf ok?

<IfModule ssl_module>
	Listen 443
</IfModule>

<IfModule mod_gnutls.c>
	Listen 443
</IfModule>

Listen [::]:80

<IfModule ssl_module>
         Listen [::]:443
</IfModule>

<IfModule mod_gnutls.c>
         Listen [::]:443
</IfModule>

And is this in the sites-available host ok?

<VirtualHost *:443, [::]:443>
SSLEngine on
SSLCertificateFile /etc/letsencrypt/live/xxxxxx.dynv6.net/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/xxxxxx.dynv6.net/privkey.pem
  SSLProtocol All -SSLv2 -SSLv3
  SSLHonorCipherOrder On
  SSLCompression off
  Header always set Strict-Transport-Security "max-age=15768000"
  SSLCipherSuite 'EDH+CAMELLIA:EDH+aRSA:EECDH+aRSA+AESGCM:EECDH+aRSA+SHA256:EECDH:+CAMELLIA128:+AES128:+SSLv3:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!DSS:!RC4:!SEED:!IDEA:!ECDSA:kEDH:CAMELLIA128-SHA:AES128-SHA'
  ServerName https://xxxxxx.dynv6.net/
  DocumentRoot "/var/www/nextcloud"
Alias /nextcloud "/var/www/nextcloud/"
<Directory /var/www/nextcloud/>
Options +FollowSymlinks
AllowOverride All
<IfModule mod_dav.c>
Dav off
</IfModule>
SetEnv HOME /var/www/nextcloud
SetEnv HTTP_HOME /var/www/nextcloud
</Directory>
</VirtualHost>

Your server already listens to ipv6. Now the question, does the ipv6 address, which is resolved by your hostname *.dynv6.net (Android app can not connect with the nextcloud server in the wlan), correspond to one of the addresses in the output of ifconfig?

No it does not correspondent.
The ipv6 address, which is resolved by your hostname *.dynv6.net, is ipv6 from the router (fritzbox).
The addresses in the output of ifconfig ist the ipv6 from the server.
And the server is behind the router.

That is your problem, you need to set the server’s ipv6-address to the hostname *.dynv6.net since Nextcloud is not running on your router.

Ok, i make an dynv6.net an A and AAAA entry with my ipv6 adress from nextcloud server
these are the entries, the other two are the entries from dyn-dynamic service.

And the result on ssl lab

no ip v6 connection, i dont know what ist the ip 5405:…
what is wrong?

Not sure what you are doing. 5405:: is no valid ip address, no idea where it is coming from. You should add the ip address you can see via ifconfig. You can try from an external host, if you can ping this ipv6.

It’s also a bit strange that you have two different ipv6 addresses (of two different networks). Does your ISP provide ipv6 and you set up a tunnel on top?

I had the same problem. Everything working fine using 3G but not over wifi. Not a specific one, just using wifi in general made the client impossible to communicate. Didn’t find any hint to the problem. No matter whether I’m accessing via IPv6 or not. In fact the webservers log do not even show any attempt to access the site at all after connection has been tested. The phone does not try to connect and then states it took too long. I don’t remember it happening before I changed my password but could be the case that the app did not work for a while using wifi.

However, I can use the Android-cilent over Wifi again after I activated 2-factor-authentification and generated an app-passwort for the Android-client. I think this is even better than storing the same password everywhere.

Thanks for the solution with the App-Pin :smile:
It also works with normal user authentication, I just created the App-Pin under the user settings.
I had the issues on iPhone and Android Apps and just changing from the normal user password to the App-Pin madi it working on WiFi. Still very strange that it works fine with the user password via mobile network :confused:

After a few days it now stopped working even with the App-Key :frowning:
No idea what’s wrong here…
The connection test in the app always works fine, but as soon as I try to connect I get an error that the server took too long to respond.

I have the same issues. Nextcloud is on home web server ubuntu 18.04. I can access my nextcloud from lan on any computer. Andriod app can’t access over wlan but can access over mobile network.

I think this issue has nothing to do with Nextcloud app as I also can’t access my web site using wlan from Android.

Note: My Android device has an ipv4 address on lan.

Possible that apache see’s mobile devices as insecure?

Hi @Kenneth_Sartre
I had the exact same problems as you and solved it in this topic (linked at bottom)

I will just blindly assume that you use Cloudflare as well - try to disable the cloudflare Proxy and set the domain to DNS only. This way you can check if cloudlfare is causing the issue.

If this is not the case, are you using any other form for reverse proxy?

Please continue the thread here (as this is an old topic):