-
Notifications
You must be signed in to change notification settings - Fork 713
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Unable to connect to LAN IP addresses #1793
Comments
As of version 1.0.7, this is still broken. |
I'm having the same problem, networks like 10.x.x.x and 192.168.x.x fail to connect with the message show above. Other apps like firefox and curl using tmux have no problem connecting. |
Confirming this bug for version 1.0.11 (F-Droid). FWIW, it also occurs if you try to connect via a domain name that points to a LAN address. |
The canonical Element-Web at app.element.io gave me a similar error, which I eventually traced back to being caused by mixed content: I was trying to access an http server from an https web app. I added a reverse proxy to my homeserver (using |
Are you using an emulator to run Element Android? If it is the case, URLs like http://192.168.0.109:8008 can not work because it is not the 192.168 is not the lan of the emulator itself. |
I'm using a physical device personally. We have a Synapse server set up for internal use on a local network not connected to the internet, which has been running for a few years now. I've been through several devices since then, at least 4-5 Android phones, a tablet, and even different emulators. The results were the same in each and every single case - the old Riot.im Android client works fine, the Electron desktop client works fine, Element Android does not. I'd be willing to bet money it has something to do with the differences between how Riot.im and Element handle network connections and/or URLs. It's clearly not a routing issue, because the client CAN find the server and even displays its fingerprint, it just refuses to connect to it. What's more, if I spin up a new server on the phone itself via Termux (literally apt install python, pip install matrix-synapse, synctl start in the terminal app on the phone itself), everything works fine if I try to connect to this server via http://127.0.0.1, but NOT if I try http://192.168.0.xxx. The old client (Riot.im 0.9.12) works with either. I'm genuinely curious how this few people seem to have run into this issue so far, how is the client even debugged during development if you can't connect to a local server with it? Do the devs just use matrix.org? Has nobody tried to connect to a local instance yet? Do I need some kind of weird manually injected HTTPS certificate or proxy server or god knows what just to connect to my own LAN? |
still can't connect to local matrix servers. also any non https address |
still can't connect to local matrix servers, any updates here? |
Looking at network_security_config.xml:
So Element can only be used with cleartext on those specific domains (and subdomains). There's some more context here: element-hq/riot-android#2495, and it's really Android itself that is pushing for apps to block cleartext. I checked out v1.1.3, added Looking at the Android docs here, it isn't jumping out at me that it can use IP addresses nicely. It seems like it'd be great to whitelist |
@tobymurray thank you, that solved the issue for me |
This functionality exists in the desktop client, so hoping to mirror that. This addresses a number of the use cases touched on in element-hq#1793. `localdomain` is a conventional domain that is an equivalent of the `localhost` host. Enabling clear text to `*.localdomain` means it's easier to develop the Android application, as a Matrix server can be deployed locally without much fuss anywhere on the developer's LAN. This can reduce the reliance on a DNS or SSL certificates when neither are really relevant to the interaction of the client/server. In particular, managing SSL certs without a public domain is a pain in the butt. At the same time, this does not significantly diminish the security of Element Android, as `*.localdomain` is not a TLD so any "real" deployment still needs SSL.
This functionality exists in the desktop client, so hoping to mirror that. This addresses a number of the use cases touched on in element-hq#1793. `localdomain` is a conventional domain that is an equivalent of the `localhost` host. Enabling clear text to `*.localdomain` means it's easier to develop the Android application, as a Matrix server can be deployed locally without much fuss anywhere on the developer's LAN. This can reduce the reliance on a DNS or SSL certificates when neither are really relevant to the interaction of the client/server. In particular, managing SSL certs without a public domain is a pain in the butt. At the same time, this does not significantly diminish the security of Element Android, as `*.localdomain` is not a TLD so any "real" deployment still needs SSL.
This functionality exists in the desktop client, so hoping to mirror that. This addresses a number of the use cases touched on in element-hq#1793. `localdomain` is a conventional domain that is an equivalent of the `localhost` host. Enabling clear text to `*.localdomain` means it's easier to develop the Android application, as a Matrix server can be deployed locally without much fuss anywhere on the developer's LAN. This can reduce the reliance on a DNS or SSL certificates when neither are really relevant to the interaction of the client/server. In particular, managing SSL certs without a public domain is a pain in the butt. At the same time, this does not significantly diminish the security of Element Android, as `*.localdomain` is not a TLD so any "real" deployment still needs SSL.
This functionality exists in the desktop client, so hoping to mirror that as much as Android allows This addresses a number of the use cases touched on in element-hq#1793. Enabling clear text to various official and standard LAN-only domains means it's easier to develop the Android application, as a Matrix server can be deployed locally without much fuss anywhere on the developer's LAN. This can reduce the reliance on a DNS or SSL certificates when neither are really relevant to the functionality of the client/server. In particular, managing SSL certs without a public domain is a pain in the butt. At the same time, this does not significantly diminish the security of Element Android, as at the current time these domains are either explicitly not valid TLDs or conventionally not TLDs (so would be an unexpected change if they were to become so). In the event e.g. `.home` becomes a TLD, it would be appropriate to remove it from this list.
Related to #1793, allow cleartext to LAN domains
Perhaps this helps? <application |
Thanks to @tobymurray, I built version for allowing LAN addresses, and this is insane. Why app thinks, that it's smarter, than user and I need to rebuild the whole app to actually use it? My server is private and to access it you need to connect to VPN, which encrypts all traffic by default. ALL OTHER client allows this behavior. On PC ans iOS element allows it too. But not for android. Why not to allow this for android - idk. |
I replied in the issue you opened, but my understanding is this is a limitation of Android's security configuration, not Element specifically. |
I have a local Synapse server running at http://192.168.0.109:8008 on my local network. Every other client and device I have can successfully connect to it, including the old Riot.im Android client (0.9.12) and the desktop version of Element, but RiotX/Element cannot. If I try to enter a 192.168.0.0/24 address as a custom server, the client will immediately throw an error message saying "No network. Please check your internet connection." whether or not there's a server running on that socket.
A few other strange observations:
['::1', '127.0.0.1', '192.168.0.103']
in the config file), it will still only be able to connect using the localhost address, not the LAN oneThe text was updated successfully, but these errors were encountered: