# ESP32 connection to husarnet doesnt work on phone hotspots, only wifi routers

Elec_BM · December 13, 2019, 3:47pm

ESP32 connection to husarnet doesnt work on phone hotspots, only wifi routers

Hello all,
I am using an ESP32 to connect to the husarnet website to make a connection between two devices across the internet.

When I set it to connect to my home wifi network, it connects with no issues, and I can see my device as active on the husarnet website.
When I set it to connect to my phone hotspot, it makes a connection(ie gets IP address), but the requests to the husarnet site go unanswered, so it never pairs correctly. When I connect other devices(ie tablet web browser) to the hotspot I have full internet connection.

Is there something about an phone hotspot that would block the connection? I tried it on both iphone and android. Is it a lack of port forwarding or IPv6 limitation?

For the project I’m making I really need to be able to have someone set up an SSID and password to a pre-determined value(ie the one I program in), and the easiest way to do that is with a phone hotspot.

Samples of the debug output are listed below:

The connection that works:

IP address: 192.168.1.14
[10019161] write hostname (len: 0)
[10019165] initOnTcpThread
[10019165] bind -> 0
[10019166] truncated host name
[10019167] Visit https://app.husarnet.com/husarnet/fc94a … 2e4680b139 to configure the device
[10019170] ngsocket FC94:AE2F:7583:2C96:6022:5540:9048:DFAF listening on 5582
[10019181] websetupThread running…
[10019184] sending init request…
[10019189] sending join code to fc94:b01d:1803:8dd8:b293:5c7d:7639:932a
[10019195] starting ngsocket loop
[10019197] IP address change detected
[10019200] establishing connection to base [::FFFF:BCA5:17C4]:443
[10019414] TCP connection to base server established
[10019590] createPeer FC94:B01D:1803:8DD8:B293:5C7D:7639:932A
[10021191] sending init request…
[10021192] sending join code to fc94:b01d:1803:8dd8:b293:5c7d:7639:932a
[10021227] createPeer FC94:CB08:D44C:1F98:36BB:D266:87C7:4E7D
I (21372) wifi: pm start, type:0

[10021280] createPeer FC94:7D8A:8254:8E9B:7E54:AD88:4540:CAE
[10021334] createPeer FC94:50C:E453:EF91:203C:6EF2:3F9B:8145
[10021427] received invalid message from base (kind: 6)
[10021461] createPeer FC94:977A:9AF5:BCD8:EFFF:DA4C:C86D:3195
[10021560] established secure connection to fc947d8a82548e9b7e54ad8845400cae
[10021665] received invalid message from base (kind: 6)
[10021687] received invalid message from base (kind: 6)
[10022913] UDP connection to base server established
[10023191] sending init request…
[10023193] sending join code to fc94:b01d:1803:8dd8:b293:5c7d:7639:932a
[10023441] established secure connection to fc94b01d18038dd8b2935c7d7639932a
[10025191] sending init request…
[10025192] sending join code to fc94:b01d:1803:8dd8:b293:5c7d:7639:932a
[10026475] remote command: ping
[10026476] sending init request…
[10026479] sending join code to fc94:b01d:1803:8dd8:b293:5c7d:7639:932a
[10026648] remote command: init-response
[10026834] remote command: get-version
[10028156] remote command: ping
[10028272] remote command: get-version
[10028388] remote command: set-hostname
[10028388] write hostname (len: 8)
[10028507] remote command: host-add
[10028509] write hosts (len: 25)
[10028627] remote command: host-add
[10028628] write hosts (len: 48)
[10028745] remote command: host-add
[10028747] write hosts (len: 73)
[10028865] remote command: whitelist-add
[10028866] write hosts (len: 91)

The iphone connection that doesnt work:

I (37693) wifi: connected with ElecBM, channel 6
…Waiting for client
.done
IP address: 172.20.10.2
[10038591] write hostname (len: 0)
[10038595] initOnTcpThread
[10038595] bind -> 0
[10038598] truncated host name
[10038598] ngsocket FC94:AE2F:7583:2C96:6022:5540:9048:DFAF listening on 5582
[10038600] starting ngsocket loop
[10038602] Visit https://app.husarnet.com/husarnet/fc94a … 2e4680b139 to configure the device
[10038603] IP address change detected
[10038614] websetupThread running…
[10038621] sending init request…
[10038625] establishing connection to base [::FFFF:BCA5:17C4]:443
[10038626] sending join code to fc94:b01d:1803:8dd8:b293:5c7d:7639:932a
[10038674] createPeer FC94:CB08:D44C:1F98:36BB:D266:87C7:4E7D
[10038710] createPeer FC94:7D8A:8254:8E9B:7E54:AD88:4540:CAE
[10038745] createPeer FC94:50C:E453:EF91:203C:6EF2:3F9B:8145
[10038780] createPeer FC94:B01D:1803:8DD8:B293:5C7D:7639:932A
[10038814] createPeer FC94:977A:9AF5:BCD8:EFFF:DA4C:C86D:3195
[10040631] sending init request…
[10040633] sending join code to fc94:b01d:1803:8dd8:b293:5c7d:7639:932a
[10042631] sending init request…
[10042632] sending join code to fc94:b01d:1803:8dd8:b293:5c7d:7639:932a
[10044631] sending init request…
[10044633] sending join code to fc94:b01d:1803:8dd8:b293:5c7d:7639:932a
[10046631] sending init request…
[10046632] sending join code to fc94:b01d:1803:8dd8:b293:5c7d:7639:932a
[10048631] sending init request…
[10048633] sending join code to fc94:b01d:1803:8dd8:b293:5c7d:7639:932a
[10050631] sending init request…
[10050633] sending join code to fc94:b01d:1803:8dd8:b293:5c7d:7639:932a
[10052631] sending init request…
[10052632] sending join code to fc94:b01d:1803:8dd8:b293:5c7d:7639:932a
[10054631] sending init request…
[10054632] sending join code to fc94:b01d:1803:8dd8:b293:5c7d:7639:932a
[10056631] sending init request…
[10056632] sending join code to fc94:b01d:1803:8dd8:b293:5c7d:7639:932a
[10058631] sending init request…
[10058633] sending join code to fc94:b01d:1803:8dd8:b293:5c7d:7639:932a
[10060631] sending init request…
[10060632] sending join code to fc94:b01d:1803:8dd8:b293:5c7d:7639:932a

m4tx · December 17, 2019, 10:25am

Port forwarding is not required for the Husarnet to work; neither is IPv6. In the worst case scenario (i.e. when the clients cannot communicate peer-to-peer for any reason), Husarnet uses a publicly available base server to do all the communication between peers. The base server listens on port 443 to avoid most firewall issues, and can be accessed through IPv4. Troubleshooting information about IPv6 refers to the software you run on top of Husarnet — since we use IPv6 to identify peers, you need IPv6-capable software to do the communication. The data itself however may be then sent internally using IPv4.

Therefore, your issue does not seem to be caused by port forwarding or IPv6 capabilities of your phone. The log you’ve sent does not ever say that the connection to the base server was established (as you can see with your home wifi network log with TCP connection to base server established), which probably means your mobile carrier is blocking communication to the Husarnet base server either by a simple firewall, or deep packet inspection. The latter is especially likely, since we are using port 443 to connect to the base server, but we don’t actually ever send valid HTTPS packets. Unfortunately, if that is actually the case, we cannot do much at this point — we are planning to improve the HTTPS packet mimicking, as well as use other ports than 443 at the later releases of Husarnet.

Elec_BM · December 18, 2019, 5:17am

Thanks for the detailed description. Has anyone ever made it work over a phone? Is it just my carriers/country policy, or is this a worldwide phenomenon?

I’ve been looking up alternate ways to do it. The most promising seems to be to set the ESP32 to be an access point, allow the phone to connect to it(that works), then set a local SSID and password (of a non-phone) through the phone html interface, then let it reboot with that information. Not quite as good for simplicity, but better overall for flexibility. Even if its just me, and this works on X% of phones out there, there’s no point making something that wont work when I need it.

Chiron · May 31, 2020, 2:48pm

@Elec_BM have you solved it, how is the status?

I have success with an ESP32 connecting over a smartphone as hotspot. It is an old Samsung/Android device.

Elec_BM · June 3, 2020, 8:42pm

No, I havent tried again. I have to find a solution that works when I am not in possession of the device, so I was going to go the path of having it start as a hotspot, you connect and enter the local wifi details, then you restart connected to that net. Thats a more complicated option, and I’ve let the effort slide on it.
Obviously phone hotspots are easier and more secure - no one really cares about making an ID and password to match a device for that, and there is no other parts of the network to worry about compromising.

dominik · July 1, 2020, 8:28am

It might be specific for the mobile network operator. I use my ESP32 often over the internet using my iPhone hotspot.