Hi,
using CWMP with reverse proxy is a pain. With Apache I have to use disableReuse=on but then many requests end with “Connection dropped” rendering provisioning of some devices impossible. Without “disableReuse=on” almost everything works except some requests, eg. setting WiFi SSID on Huawei ONT I get “Bad session”:
2021-03-04T08:38:44.363Z [INFO] 10.113.153.249 00259E-HG8546M-4857544359AE748A: ACS request; acsRequestId="177fc63a2fc0101" acsRequestName="GetParameterValues"
2021-03-04T08:38:44.473Z [ERROR] 10.112.197.181 00259E-HG8546M-4857544359AE748A: Bad session state
This must be related to session cache as the CWMP backend maps the response to invalid IP address.
CWMP without reverse proxying works like a charm. I also tried Nginx with the same results (eg. Connection dropped without setting keepalive on upstream or Bad session with keepalive enabled).
Has anyone got a working CWMP reverse proxy?
Mirek
I can share my apache setup which is using a Balancer as well. We have the ACS server running on port 7548 as we used a previous ACS server and are redirecting it to GenieACS.
<Proxy balancer://acs>
BalancerMember http://IP.GOES.HERE:7548 disablereuse=On keepalive=On
ProxySet lbmethod=byrequests
</Proxy>
<VirtualHost *:7547>
ServerName acs.domain:7547
ServerAlias acs.ip.goes.here:7547
ProxyVia on
RewriteEngine On
ProxyPass "/service/cwmp" "balancer://acs/"
ProxyPassReverse "/service/cwmp" "balancer://acs/"
ProxyPass "/service/cwmp/" "balancer://acs/"
ProxyPassReverse "/service/cwmp/" "balancer://acs/"
ProxyPass "/" "balancer://acs/"
ProxyPassReverse "/" "balancer://acs/"
</VirtualHost>
on which versions?
I had similar problems with 1.2.3 and 1.2.4
Unfortunatly it did not see this topic and created one.
Unfortunately it does not work for me, I always get Connection dropped od Bad session errors:
2021-03-10T07:11:14.620Z [ERROR] 10.113.153.249 00259E-HG8546M-4857544359AE748A: Connection dropped
2021-03-10T07:11:14.620Z [WARN] 10.113.153.249 00259E-HG8546M-4857544359AE748A: Channel has faulted; channel="huawei" retries=1 faultCode="session_terminated" faultMessage="The TR-069 session was unsuccessfully terminated"
Only way it works is direct connection to Genieacs.
This is my reverse proxy setup as suggested:
<Proxy balancer://cwmp>
BalancerMember http://127.0.0.1:7547 disablereuse=On keepalive=On
ProxySet lbmethod=byrequests
</Proxy>
<VirtualHost 172.25.7.3:7547>
ProxyVia On
ProxyPass / "balancer://cwmp/"
ProxyPassReverse / "balancer://cwmp/"
RequestHeader set Forwarded expr=for=%{REMOTE_ADDR}
</VirtualHost>
I am now getting the same error after going to 1.2.4 as well.
I found by changing the ACS Url that I defined in the inform to point to the ACS itself instead of the reverse proxy resolved the errors I was getting.
That’s not my case. InternetGatewayDevice.ManagementServer.URL of my devices is set to http://172.25.7.3:7547 which is the reverse proxy itself, since Genieacs is bound to loopback on the same machine (see above).
Hello,
In my case, HTTP 1.1 post via nginx passed like HTTP 1.0 it causes data loss (HTTP headers).
To fixe this I added on nginx conf : proxy_http_version 1.1
Best regards
There is no such thing in Apache reverse proxy as far as I know.
I reduced the problem at my installation by speeding up external scripts.
(E.g. if the external DB is not already in the memory, it will take too long and it will produce the error)
It is definitely not perfect, because it is still something like a race condition.
Well, how is that possible that directly exposing Genieacs eliminates the errors completely?
I do not know.
In wireshark I see, that the connection from nginx to genieacs is HTTP 1.0 but the answer is HTTP 1.1,
Maby there is some kind of timeout with the proxy constellation, that caused that problem.
I have not tried setting HTTP proxy version to 1.1, yet.
I’m using HaProxy with genieACS and it works like a charm. However I had to move authentication to the ACS servers because HaProxy didn’t handle it too well.
Looks promising, thanks for the tip.
@bajojoba that sounds great.
Could you please provide us some details.
e.g. which versions of haproxy and genieacs you are using and maby some advice for the haproxy configuration.
I’m also using HaProxy version 1.7.5-2 and works great.
Here’s a copy of my haproxy backend config from haproxy.cfg
backend ACS_Updated
mode http
http-reuse never
option http-keep-alive
option forwardfor
http-request add-header "Forwarded" %[src,regsub(^,for=,g)]
server NAME_OF_OTHER_ACS x.x.x.x:7547 #IP of my other ACS
Increase the logging level on the reverse proxy to collect more detailed information about requests and responses, especially when errors occur. Use network monitoring tools to capture and analyze traffic between CPE devices, the reverse proxy, and the CWMP backend. You don’t need to be an expert to buy proxies, but you shouldn’t be in a hurry either. This will help identify any anomalies or patterns that may be causing problems. Check forums or community groups related to CWMP or the specific devices you are working with. Perhaps other users have experienced similar problems and can offer valuable insights or solutions.