Nextcloud Apps actualize/open folders/file through WIFI only not 4G/5G internet access

📱 Desktop & mobile clients
, ,
1

Nextcloud version: 28.0.3 (was also the case with 27.x
Operating system and version : Ubuntu 23.10 (was also the case with 22.04 LTS and 23.04
Apache: 2.4.57
PHP version: 8.2.10-2

My issue:

Hello Nextcloud community, my first post in this forum, but i’ve read a lot during my tests and installation.

Here is the problem I’m facing:

All my mobile Nextcloud App (boths from my Android 13 and my wife’s iPone 14) actualize folders when connected to WIFI (home WIFI or public WIFI outside our home) but not when WIFI is disconnected.
Little precision: all others apps have access to internet just fine.
Even if I force a folder to actualize (by sliding down), I’m unable to see folders or files created since last access trough WIFI.
Same problem to open file of course.
The Talk app works fine in WIFI or in 4G/5G connection. It’s only the Nextcloud app, but I don’t have an error message when actualizing.
Sometime after adding a new file from my phone to nextcloud folders, if I’m not connected through WIFI, I can see the error Erreur de l'initialisation SSL that I think I can translate by Error with SSL initialization.

I saw the problem a long a time ago, but it didn’t really bothers me until a couple a days ago when I was requested to access a file I just added from my computer during a medical rendez-vous… (always at bad timing right ?)
So I’m trying to understand why, but I’m struggling to find the solution.

I have Arch Linux and Windows computers and my wife use it’s Mac, all Nextcloud App zre working just fine, sharing, opening, syncing works perfectly great.

regarding my configuration: I have an official certificate generated by GeoTrust, so that I opened on my VM only 443 port, not the 80. But HTTP port is not blocked by the firewall (at least it doesn’t appear on syslog). I’ve both ipv4 and ipv6 opened and configured in apache <VirtualHost *:443>.

The only error that appears in Log is:

two-factor auth provider 'u2f' failed to load

probably because, I use an old version of nextcloud that I’ve updated many times.

config.php file:

<?php
$CONFIG = array (
  'instanceid' => '',
  'passwordsalt' => '',
  'secret' => '',
  'trusted_domains' => 
  array (
    0 => 'www.fr',
    1 => 'xxx.fr',
    2 => 'yyy.fr',
    3 => 'zzz.fr',
  ),
  'overwrite.cli.url' => 'https://xxxx.fr/',
  'htaccess.RewriteBase' => '/',
  'datadirectory' => '/var/www/nextcloud01/data',
  'dbtype' => 'mysql',
  'version' => '28.0.3.2',
  'dbname' => '',
  'dbhost' => '',
  'dbport' => '',
  'dbtableprefix' => 'oc_',
  'mysql.utf8mb4' => true,
  'dbuser' => '',
  'dbpassword' => '',
  'installed' => true,
  'memcache.local' => '\\OC\\Memcache\\APCu',
  'memcache.distributed' => '\\OC\\Memcache\\Redis',
  'memcache.locking' => '\\OC\\Memcache\\Redis',
  'redis' => 
  array (
    'host' => 'localhost',
    'port' => 6379,
  ),
  'default_language' => 'fr',
  'default_locale' => 'fr_FR',
  'default_phone_region' => 'FR',
  'twofactor_enforced' => 'true',
  'twofactor_enforced_groups' => 
  array (
  ),
  'twofactor_enforced_excluded_groups' => 
  array (
    0 => '2AuthExcluded',
  ),
  'mail_smtpmode' => 'smtp',
  'mail_sendmailmode' => 'smtp',
  'mail_from_address' => 'no-reply',
  'mail_domain' => 'xxx.fr',
  'mail_smtphost' => 'xxx.fr',
  'mail_smtpport' => '587',
  'mail_smtpauth' => 1,
  'mail_smtpauthtype' => 'PLAIN',
  'mail_smtpname' => 'no-reply@xxx.fr',
  'mail_smtppassword' => '',
  'enable_previews' => true,
  'enabledPreviewProviders' => 
  array (
    0 => 'OC\\Preview\\PNG',
    1 => 'OC\\Preview\\JPEG',
    2 => 'OC\\Preview\\GIF',
    3 => 'OC\\Preview\\BMP',
    4 => 'OC\\Preview\\XBitmap',
    5 => 'OC\\Preview\\MP3',
    6 => 'OC\\Preview\\TXT',
    7 => 'OC\\Preview\\MarkDown',
    8 => 'OC\\Preview\\OpenDocument',
    9 => 'OC\\Preview\\Krita',
    10 => 'OC\\Preview\\MSOffice2003',
    11 => 'OC\\Preview\\MSOffice2007',
    12 => 'OC\\Preview\\MSOfficeDoc',
    13 => 'OC\\Preview\\PDF',
  ),
  'maintenance' => false,
  'loglevel' => 2,
);

Nor Apache nor system logs shows errors right after a synchronisation test when not in WIFI.

Hope someone already experience that error and find a way.

Ready to give more inputs if needed.

Best regards.
Julien

2
  • Does xxxx.fr resolve to the same thing when you’re in your in-house Wifi as it does when away?
  • Are both the Talk and Android Files clients using exactly the same URL and protocol (https)?
  • Are anybody your computers laptops? If so, do they work with Nextcloud when you’re away from your in-house Wifi?
3

Hi,
thanks a lot for your answer.

Does xxxx.fr resolve to the same thing when you’re in your in-house Wifi as it does when away?

Yes, no specific dns are in use on my phones nor my house, I use the default DNS given by the ISP, I don’t have any VPN that changes or redirect traffic neither.
IPv6 is disabled on my computers, not in my phones, and I have an IPv6 and IPv4 address given by the ISP, so I just don’t know if the DNS gives the IPv4 or the IPv6 of my VM.

Are both the Talk and Android Files clients using exactly the same URL and protocol (https)?

To be sure about that, here is what I just did this morning:

  1. Remove the account from both Nextctloud and Talk
  2. Clean all the Storage (User data and cache) for boths
  3. Check they were up to date (was the case already)
  4. Disable my WIFI and use only the ISP internet access
  5. I try to add the account with the https://xxx.fr fo boths, here the results:
  • For Nextcloud I got right after entering the URL, with my Android the Error Echec de l'initialisation SSL, The iPhone is more chatty: An SSL error has occurred and a secure connection to the server cannot be made.
  • For Talk I have an Android Web page Web page unavailable with this error at the end: net::ERR_CONNECTION_RESET.
  1. With the same condition if I try to access the URL with browsers: it works with Firefox (Android) but don’t work with the others web browser, Chrome (Android): ERR_CONNECTION_RESET , Safari: Safari cannot open the page because it could not establish a secure connection to the server., and Firefox (iPhone) : NSURLErrorDomain.

Are anybody your computers laptops? If so, do they work with Nextcloud when you’re away from your in-house Wifi?

The Arch linux one is a laptop. Connecting to the web pages or syncing files with the linux Nextcloud App works perfectly well on it, whatever the WIFI I use, even with the Wifi from my phone !!!

More info: I don’t have any SSL restriction on my apache conf file only SSLEngine On and both the SSLCertificateFile and SSLCertificateKeyFile, that’s it.

BR
Julien

4

I’d check the ssl settings from outside, perhaps things are slightly different when you look from inside than from outside:

Well, do the above check. But some default settings that were good at some point, doesn’t mean they are good now. The selection of available ciphers can change a bit, and it is good to review this from time to time. The ssllabs-test is great to check compatibility. For good settings, there are tools to generate some recommended settings such as https://ssl-config.mozilla.org/

5

Response is Grade B and Ready on IPv4 address.
But Unable to connect to the server on IPv6
with a final message: Warning: Inconsistent server configuration.

I’m running some tests to understand why IPv6 doesn’t works but I’m quite sure that this will solve the problem. I let you know as soon as possible and I will give the solution too.

6

Hi everyone,
the problem was coming from the network IP configuration, my provider’s manual says to use /128 mask for IPv6 address but they really give a /56 mask. I just changed from /128 to /56 and it’s working just fine now.

Thanks a lot for your help.

1 Like