Hello,
I just upgraded to 1.10.0 and I now have a warning "Possible external access detected" but (I believe) it is not the case. How is this checked ?
Thanks !
JS
Hello,
I just upgraded to 1.10.0 and I now have a warning "Possible external access detected" but (I believe) it is not the case. How is this checked ?
Thanks !
JS
Hello again,
I think I understand what happens.
As I understand it, Octoprint check if the request is coming from a public or private IP. In my case, my PC has IPv6 activated and has 2 IPv6 addresses : a link-local (and I would have thought that is would be used on my home network) and a global address provided by my ISP DHCP.
I am using mDNS "fqdn" that is whateverpiname.local
to connect to Octoprint.
It seems that mDNS (in my context... and I am not sure why exactly) returns IPv6 global address instead of the link local one. Thus leading Octoprint to believe it is open to Internet (which is not the case).
May be the method used to test if the OctoPrint instance should be improved to limit "false positive" alerting ?
Love Octoprint anyway !
Thanks for this great software.
JS
You're right, it checks the client request address to see if it is local or external access. That's done with this logic here:
I am not sure how the check could be improved if your IP address looks like an external one - what other factor/information could OctoPrint use to know it is definitely internal? It's better to have a false positive here than a false negative.
Your octoprint.log should show the connecting client's IP so you can check your theory is correct.
Hello @Charlie_Powell,
Thanks for the reply.
Log (auth.log) do show the IPv6 gobal address.
The problem is that this may trigger quite a lot of false positive for home users. If there are too many... people won't trust the test anyway and just dismiss the warning.
I can see 3 ways to improve the check... which may... or may not... be practical :
JS
This may be a tiny bug in 1.10.0 as well Incorrect External Access Warning · Issue #5005 · OctoPrint/OctoPrint (github.com)
Hello again,
That probably the cause indeed.
If I run some netifaces script in Python on my OctoPi, I can see "mask" key ans not netmask.
>>> print(json.dumps(netifaces.ifaddresses('wlan0').get(socket.AF_INET6), indent=4))
[
{
"addr": "****:****:****:****:****:****:****:****",
"mask": "ffff:ffff:ffff:ffff::"
},
{
"mask": "ffff:ffff:ffff:ffff::",
"addr": "fe80::****:****:****:****"
}
]
And code shows :
It is indeed looking for netmask and not mask...
Thanks for the help.
JS
This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.