+- Jellyfin Forum (https://forum.jellyfin.org)
+-- Forum: Support (https://forum.jellyfin.org/f-support)
+--- Forum: Troubleshooting (https://forum.jellyfin.org/f-troubleshooting)
+--- Thread: SOLVED: Unable to connect through WAN from firestick only (/t-solved-unable-to-connect-through-wan-from-firestick-only)
Unable to connect through WAN from firestick only - drd - 2023-11-30
Describe the bug
- Install app freshly from Amazon AppStore
- Try to connect to jellyfin.mydomain.tld
- Connection fails
The server has both A and AAAA resource records for both IPv4 and IPv6. It's dockerized, reachable via a docker-swag reverse proxy that handles the renewal of the Let's Encrypt SSL certs and is configured for both TLSv1.2 and TLSv1.3 (default settings).
Here is an ouput of curl -v on my domain:
Code:
$ curl -v https://jellyfin.mydomain.tld
* Trying [<public-IPv6-address>]:443...
* Trying <public-IPv4-address>:443...
* Connected to jellyfin.mydomain.tld (<public-IPv4-address>) port 443
* ALPN: curl offers h2,http/1.1
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* CAfile: /etc/ssl/certs/ca-certificates.crt
* CApath: none
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
* TLSv1.3 (IN), TLS handshake, Certificate (11):
* TLSv1.3 (IN), TLS handshake, CERT verify (15):
* TLSv1.3 (IN), TLS handshake, Finished (20):
* TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.3 (OUT), TLS handshake, Finished (20):
* SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384
* ALPN: server accepted h2
* Server certificate:
* subject: CN=mydomain.tld
* start date: Nov 19 17:42:16 2023 GMT
* expire date: Feb 17 17:42:15 2024 GMT
* subjectAltName: host "jellyfin.mydomain.tld" matched cert's "jellyfin.mydomain.tld"
* issuer: C=US; O=Let's Encrypt; CN=R3
* SSL certificate verify ok.
* using HTTP/2
* [HTTP/2] [1] OPENED stream for https://jellyfin.mydomain.tld/
* [HTTP/2] [1] [:method: GET]
* [HTTP/2] [1] [:scheme: https]
* [HTTP/2] [1] [:authority: jellyfin.mydomain.tld]
* [HTTP/2] [1] [:path: /]
* [HTTP/2] [1] [user-agent: curl/8.4.0]
* [HTTP/2] [1] [accept: */*]
> GET / HTTP/2
> Host: jellyfin.mydomain.tld
> User-Agent: curl/8.4.0
> Accept: */*
>
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
* old SSL session ID is stale, removing
< HTTP/2 302
< server: nginx
< date: Thu, 30 Nov 2023 10:38:41 GMT
< content-length: 0
< location: /web/index.html
<
* Connection #0 to host jellyfin.mydomain.tld left intactThe Qualys SSL Labs test gives me an A.
A couple of weeks ago the server was only exposed on its IPv6 address, and on a different port, without reverse proxy in front of him. At that time the firestick was able to connect.
I've tried uninstalling and reinstalling the app, clearing the cache, clearing all local files, changing DNS, but nothing helps.
I've tested if it's a LAN problem, but every other device on the same LAN is able to connect properly.
I've tried connecting to demo.jellyfin.org and that works flawlessly.
I'm unable to collect logs right now due to being far away from the device.
Any suggestions?
androidtv client version - 0.15.12
Installed from the Amazon Appstore
Fire TV Stick (3rd Gen)
Fire OS 7.6.6.4 (PS7664/3772)
server version - 10.8.13
RE: Unable to connect through WAN from firestick only - drd - 2023-11-30
Solved.
The problem was that my ISP had changed my IPv6 prefix without notice.
This denotes a small problem, the DNS resolver that the androidtv client uses doesn't try to use multiple RRs when querying the DNS server. It defaults to IPv6 if it finds the RRs, and if the connections fails with it stops altogether.
Maybe the behaviour should try to fallback to IPv4 if IPv6 fails.
RE: Unable to connect through WAN from firestick only - tmsrxzar - 2023-11-30
need to test from the android side; open the jellyfin address in the silk browser and see how it behaves, if it cannot connect then it is *android, if it can then it is the app
from there, an adb shell would be useful for diagnosing *android; ping jellyfin.mydomain.tld to see if it resolves
if it resolves properly then it's possible there are ssl issues; adb logcat would be useful for further diagnosing while using the android app to trigger errors
if it is only the app then the 2nd step above with logcat would still be able to show information