Can't Fix Problem when using work proxy

Discussion in 'Join' started by CoolRaoul, Dec 2, 2015.

  1. CoolRaoul

    CoolRaoul Member

    Joined:
    Dec 1, 2015
    Messages:
    56
    Likes Received:
    2
    I've found an issue with Chrome extension when at work, computer internet access passing through a corporate proxy and phone directly connected using public mobile network.
    In that configuration, communication between phone and browser extension appears unidirectional: it works perfectly from browser to phone (which means that extension is able to connect outside) but not in the opposite direction.

    Note: I understand this could not be easy to fix since difficult to reproduce for you.
     
    Last edited: Dec 2, 2015
  2. joaomgcd

    joaomgcd Administrator Staff Member

    Joined:
    Feb 3, 2015
    Messages:
    9,479
    Likes Received:
    806
    Unfortunately my guess is that your corporate firewall is blocking the ports related to Google Cloud Messaging. There's nothing I can do about that, sorry :( Wish I could help.
     
  3. CoolRaoul

    CoolRaoul Member

    Joined:
    Dec 1, 2015
    Messages:
    56
    Likes Received:
    2
    What surprises me is that Pushbullet used to work with the same proxy although, according to that article, using GCM too:
    "Google Cloud Messaging is used to transfer the messages, so that's why you need to join up with your Google account"
    Pushbullet is now filtered at our site, but not at the protocol or port level, only via URL filtering, because it's has been now categorized as a "chat" service (since it implemented this kind of functionality) and that's why I was putting hope in "Join" which appears to implement essentially what I need (sending data, mostly text, between devices) without no extra bell & whistles (at least for the moment).
     
  4. joaomgcd

    joaomgcd Administrator Staff Member

    Joined:
    Feb 3, 2015
    Messages:
    9,479
    Likes Received:
    806
    As a test you could try using AutoRemote and see if that works. That's using the same way of communicating as Join. Maybe your company started blocking the GCM ports after blocking Pushbullet?
     
  5. CoolRaoul

    CoolRaoul Member

    Joined:
    Dec 1, 2015
    Messages:
    56
    Likes Received:
    2
    I'm unforntunately unable to. According to the log file, the installer tries do download https://dl.dropbox.com/u/9787157/AutoRemote/AutoRemoteDesktop.application without asking for proxy credentials and this fails (and I guess that it may requires administrative privileges which I don't have).

    Maybe a "debug" mode on the "Join" Google extension could be implemented to see what's really happening under the hoods? (this could be useful with other issues too)
     
  6. joaomgcd

    joaomgcd Administrator Staff Member

    Joined:
    Feb 3, 2015
    Messages:
    9,479
    Likes Received:
    806
  7. CoolRaoul

    CoolRaoul Member

    Joined:
    Dec 1, 2015
    Messages:
    56
    Likes Received:
    2
    Same issue with autoremote chrome extension and Android app (works in only one direction)
    (note: maybe I'm wrong since I have pretty much no knowledge of GCM, I've just quickly read the API documentation) I was thinking that as long as the GCM "register" method succeed, all required connectivity with google cloud services could be assumed as available in both directions.
     
  8. joaomgcd

    joaomgcd Administrator Staff Member

    Joined:
    Feb 3, 2015
    Messages:
    9,479
    Likes Received:
    806
    Nope. the registration is a simple HTTP request. Message pushing to chrome is what requires the special ports...
     
  9. CoolRaoul

    CoolRaoul Member

    Joined:
    Dec 1, 2015
    Messages:
    56
    Likes Received:
    2
    I've set up a simple test configuration (squid proxy server on a NAS box, chrome on my PC with proxy defined accordingly) at home to understand precicely how it's work.
    At initialisation time (when the "register" method is called) Chrome GCM based extensions use an HTTP "connect" method to set a persistent connexion. After that, all network data regarding to the GCM dialog is done inside the persistent TCP stream.
    In the case of a proxy, if it configured to refuse (or is unable to achieve) the p
     
  10. CoolRaoul

    CoolRaoul Member

    Joined:
    Dec 1, 2015
    Messages:
    56
    Likes Received:
    2
    I've set up at home a simple test configuration (squid proxy server on a NAS box, Chrome on my PC with proxy defined accordingly) to understand precisely how this is working.

    At initialization time (when the "register" method is called by Chrome extensions using GCM API) an HTTP "connect" method (found in the proxy logs) is done to set a *persistent* connection (in the case of the proxy it's the connection is established and maintain by the proxy server on behalf of the client) . After that, inbound network data related to the GCM session is done inside the persistent TCP stream (tunneled)

    By sniffing network traffic and checking opened TCP streams port on the NAS, I've managed to detect that the HTTP Connect request resulting of Join extension calling google API is directed to a Google owned domain ("1e100.net") using port 5228.

    That HTTP request is certainly refused by our corporate proxy since it allow only 80 and 443 output ports (but passes correctly through my home proxy, much less restrictive)

    Meantime I've been able to discover that PushBullet appears not to use GCM anymore (the article I've quoted is nearly two years old) given it now connects to "api.pushbullet.com" on port 443 (which *is* allowed in our proxy, only the domain has been filtered)

    I'm happy to say that everything has became very much clearer for me. (but sad that this implies that Join will probably never be usable for me at workplace)

    NB: There's only thing I still don't understand: the proxy must answer to the CONNECT request to a forbidden port with an explicit HTTP response error code. GCM API should intercept this response to inform the client which could check this by using the "runtime.lastError" method in the callback function. Not really a big deal but I like when I'm able to understand the whole picture.
     
  11. joaomgcd

    joaomgcd Administrator Staff Member

    Joined:
    Feb 3, 2015
    Messages:
    9,479
    Likes Received:
    806
    Wow, some nice testing you did there :) Glad you understand it now. Shame it still won't work in your environment! Sorry, wish I could help!
     
  12. CoolRaoul

    CoolRaoul Member

    Joined:
    Dec 1, 2015
    Messages:
    56
    Likes Received:
    2
    (Hope you don't mid me resurrecting this closed thread :))
    I'v discovered that Join API uses google's appengine (https://appengine.google.com/) to communicate (via joinjoaomgcd.appspot.com)
    That method doesn't requires a non standard port like GCM direct API since it use standard http(s) ports (80 or 443)
    Could it be possible for your Chrome extension to use the same method to communicate with target join devices? This would solve the problem for number of people behind proxies.
     
  13. joaomgcd

    joaomgcd Administrator Staff Member

    Joined:
    Feb 3, 2015
    Messages:
    9,479
    Likes Received:
    806
    The issue is not with sending messages to other devices from chrome, but with receiving messages in chrome from other devices :)
     
  14. CoolRaoul

    CoolRaoul Member

    Joined:
    Dec 1, 2015
    Messages:
    56
    Likes Received:
    2
    Oh yes, you're right, I've understood that later after having posted.
     
: proxy, chrome, gcm

Share This Page