[SOLVED] SSL Issue when using websocket from a VPN

Hello,
I’m hitting a weird issue.

Defold: 1.2.186
iOS 14.6
Nakama server: 3.1.2+cf6d355a
Websocket extension: 3.0.0

I’m using Nakama with Defold.
My Nakama instance is hosted in Europe.

When I open the app without a VPN (I’m in Europe), the app connects to the server and everything works fine.

As soon as I set up the VPN in a “far” country (Canada, UAE), I get the following error:

WARNING:WEBSOCKET: STATE_CREATE -> STATE_CONNECTING
ERROR:DLIB: mbedtls_ssl_handshake failed: Unknown error - -26624 (-0x6800)
ERROR:DLIB: SSL handshake timeout
WARNING:WEBSOCKET: STATUS: 'Failed to open connection: WOULDBLOCK'  len: 37
WARNING:WEBSOCKET: STATE_CONNECTING -> STATE_DISCONNECTED
DEBUG:SCRIPT: Problem connection
DEBUG:SCRIPT: Failed to open connection: WOULDBLOCK

The issues arises when trying to connect with a websocket.

socket.connection = websocket.connect(...)

Does anyone know what the issue is? And how to solve it? Here’s my config.yml on Nakama’s side :

socket:
  server_key: "XXXXXXX"
  port: 7350
  address: ""
  protocol: "tcp"
  max_message_size_bytes: 4096
  max_request_size_bytes: 131072
  read_buffer_size_bytes: 4096
  write_buffer_size_bytes: 4096
  read_timeout_ms: 30000
  write_timeout_ms: 30000
  idle_timeout_ms: 60000
  write_wait_ms: 10000
  pong_wait_ms: 10000
  ping_period_ms: 8000
  ping_backoff_threshold: 20
  outgoing_queue_size: 64
  ssl_certificate: "" #/nakama/data/cert.pem"
  ssl_private_key: "" #/nakama/data/key.pem"

I posted also on Nakama forum because I’m not sure if the issue comes from Nakama and Defold.

The timeout happens here:

This is part of the process when the connection is created:

As you can see there’s a timeout being passed around. What kind of timeout have you set when connecting the socket? See example here:

I now see that you mentioned that you are using Nakama. The timeout can be configured for the Nakama client when the client is created:

local defold = require "nakama.engine.defold"
local nakama = require "nakama.nakama"
local config = {
    host = "127.0.0.1",
    port = 7350,
    use_ssl = false,
    username = "defaultkey",
    password = "",
    engine = defold,
    timeout = 10, -- connection timeout in seconds
}
local client = nakama.create_client(config)

@britzl I looked at the code of the extension and realized the websocket has undocumented configuration parameters. I set

[websocket]
debug = 1
socket_timeout = 10000000

in my game.project and it just worked!

By the way, adding a timeout value in nakama parameter didn’t fix the issue:

local config = {
    host = "127.0.0.1",
    port = 7350,
    use_ssl = false,
    username = "defaultkey",
    password = "",
    engine = defold,
    timeout = 10,
}

Ah, yes, there’s two different timeouts. The one you are using deals with the underlying socket timeout and the one I mentioned is for the high level websocket timeout. Sorry for the confusion!

1 Like

Added this to the documentation:

3 Likes