Jump to content
lukas.polivka

Berto Cloud driver causes EA navigator issues

Recommended Posts

If you've started having issues with the navigator on your (main) EA controller (unable to display IP cameras, weather station data or music service covert art 10-15 minutes since reboot) and you have the Berto Cloud driver in your project, that's most probably what's causing the issue.

The driver's backdoori-ish behavior (to open its own OpenVPN tunnel in addition to Control4's) includes tampering with controller's Linux OS configuration including the firewall (iptables). In doing so, it breaks networking for the LXC container running the Android navigator.

I've reported the issue to Control4 and now to the author of the driver.

https://github.com/davidmassot/Berto/issues/9

For Control4 dealers interested in more detail:

https://forums.control4.com/fb.aspx?m=468363

Share this post


Link to post
Share on other sites

Lukas,

I've also been in discussion with C4 and with agreement removed certain features from the public version of the driver some time ago. The /etc/crontabs/root entry was missed.

The OpenVPN service is inbound only and does not create any tunnels, it allows users to setup their own VPN endpoint but this was disabled also.

I have now removed the update to the crontab and also disabled the Watchdog and OpenVPN options on the Properties page.

I've not be able to duplicate the camera issue both this version of the driver and previous versions, we have many installs using T3 touchscreen with cameras and EA1 navigators and this issue has not been reported.

Can you give the setup you have to duplicate as whilst I've removed this from my public release, in the private version we still have these activated, I'd like to test.

Thanks

 

David

 

Share this post


Link to post
Share on other sites
Lukas,
I've also been in discussion with C4 and with agreement removed certain features from the public version of the driver some time ago. The /etc/crontabs/root entry was missed.
The OpenVPN service is inbound only and does not create any tunnels, it allows users to setup their own VPN endpoint but this was disabled also.
I have now removed the update to the crontab and also disabled the Watchdog and OpenVPN options on the Properties page.
I've not be able to duplicate the camera issue both this version of the driver and previous versions, we have many installs using T3 touchscreen with cameras and EA1 navigators and this issue has not been reported.
Can you give the setup you have to duplicate as whilst I've removed this from my public release, in the private version we still have these activated, I'd like to test.
Thanks
 
David
 


I can confirm that after updating to version 8 and rebooting all controllers & T3s, all cameras are working flawlessly on OSD, T3, and IOS app.



Sent from my iPhone using Tapatalk

Share this post


Link to post
Share on other sites

Lukas,

I've believe the problem is to do with IP Forwarding which gets turned off by my driver when OpenVPN is disabled, this happens by default when the driver is loaded.

I've not be able to test fully but can see that the Navigator on the controller runs in an LXC container and requires that IP Forwarding is turned on otherwise the VM is unable to reach any network address beyond the controller itself.

I've now removed this, as it is no longer needed, and will push an update, V9.

The iptables changes you refer to is actually the insertion of a Masquerade rule, the same that is required for the LXC containers, so that the VPN subnet can receive traffic back from the local LAN when a client connects.

Zuhair, thanks for your testing and support. You may want to check again after turning the OpenVPN  server On/Off, not sure if you use or not but regardless the V9 update should sort the problem if it still exists.

We don't use the master controller as a Navigator so have never seen this issue but will setup a test configuration to satisfy myself that it is fixed.

Thanks for your help.

Regards

David

 

 

 

Share this post


Link to post
Share on other sites

Hello David,

thank you for addressing the issue so quickly. I was (and still am) unfortunately overloaded with our dealer training so I was not able to reply with updates in timely manner.

You got it right - only the navigator on the primary/director EA controller was affected. Slave controllers and T3 touch screens were unaffected.

I've documented the whole troubleshooting process on the official Control4 dealer forums I've linked in the original post. Not sure if you have access.

As for the 'backdoor-ish shenanigans' - I was almost certain the intent was not malicious (you wouldn't have made a backdoor so obvious), but it sure did raise my suspicions as such modifications of the controller/OS by drivers are highly… unusual.

Looking forward to using your drivers again. Any plans to document the binding/'API' for the MQTT driver so we can develop 3rd-party device drivers?

Share this post


Link to post
Share on other sites
Just now, lukas.polivka said:

Hello David,

thank you for addressing the issue so quickly. I was (and still am) unfortunately overloaded with our dealer training so I was not able to reply with updates in timely manner.

You got it right - only the navigator on the primary/director EA controller was affected. Slave controllers and T3 touch screens were unaffected.

I've documented the whole troubleshooting process on the official Control4 dealer forums I've linked in the original post. Not sure if you have access.

As for the 'backdoor-ish shenanigans' - I was almost certain the intent was not malicious (you wouldn't have made a backdoor so obvious), but it sure did raise my suspicions as such modifications of the controller/OS by drivers are highly… *unusual*.

Looking forward to using your drivers again. Any plans to document the binding/'API' for the MQTT driver so we can develop 3rd-party device drivers?

Lukas,

Not a problem.

I actually do have a sample MQTT Client driver that I can email you which provides a template of how you can interface to the MQTT bridge driver, if you send me an email, I'll pass it on.

Thanks

David

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


×
×
  • Create New...