Scada-LTS
Scada-LTS copied to clipboard
SCADA-LTS
Alarm pop-up while remote access using VPN
Describe the bug When I try to access the ScadaLTS server via VPN, after a few seconds, the system throws a pop-up with the following warning: "Connect error:Whoops! Lost connection to http://scadaLTS_VPN_ip:8080/Scada-LTS/ws-scada/alarmLevel".
To Reproduce Steps to reproduce the behavior:
- Login
- Wait a few seconds
Expected behavior I believe it shouldn't throw any alarms. After clicking OK, the system still works, doesn't lose connection, the gifs and scripts keep rolling, but for the final user it's a bummer having to click every time they open a new window.
Screenshots
Desktop (please complete the following information):
- OS: Windows 11
- Browser: Edge and Chrome
- Version: ScadaLTS 2.7.5.4
Hi @eng-rodrigo-lobo,
- After logging in as admin, right-click on 'Inspect' and show what is happening in the 'Network' tab - whether these connections are rejected;
- After logging in as admin, right-click on 'Inspect' and show what is happening in the 'Console' tab;
- Do you have a graphical interface and a Firefox/Chrome browser installed on the server where Scada-LTS is located and can you check whether Scada-LTS works properly on this server directly?
- It is also worth installing the latest available prerelease;
Regards, Kamil Jarmusik
Hello, I hope you all are well!
I am facing problems when using DNS for external access to the system, I noticed that WebSocket only works when accessed locally via IP as per the examples below.
I believe it's just some route, because if I switch to the old interface the system works correctly without WebSocket errors.
Thank you in advance for your attention
Hi @eng-rodrigo-lobo,
- After logging in as admin, right-click on 'Inspect' and show what is happening in the 'Network' tab - whether these connections are rejected;
- After logging in as admin, right-click on 'Inspect' and show what is happening in the 'Console' tab;
- Do you have a graphical interface and a Firefox/Chrome browser installed on the server where Scada-LTS is located and can you check whether Scada-LTS works properly on this server directly?
- It is also worth installing the latest available prerelease;
Regards, Kamil Jarmusik
Hey @Limraj , first of all thanks for your reply!
Here are the answers to your questions:
-
Here is the "network" tab of my browser (Microsoft Edge) right after the error:
-
Here is the "Console" tab right after the error:
I realized there's a situation with the Websocket connection, like @weschenfelder presented too.
-
Yes, I'm accessing the computer remotly via Anydesk. I set up all the system via Anydesk and it's running smooth locally, no exception thrown like when I try the remote access via VPN.
-
I'm considering this option, but I'd like to confirm if it's something we can solve or at least bypass for the final user first.
Thanks again for your time!
Hi @eng-rodrigo-lobo and @weschenfelder,
We use Scada-LTS via VPN, we also used after DNS, and we did not observe such problems, so probably the problem is related to network configuration...
Why do ws-scada links show iframe.html at the end, this is not our link....
Regards, Kamil Jarmusik
Hi @Limraj !
I believe that the problem occurs due to the reverse proxy, where it collects the DNS entry and points to a local IP and port. When routing directly via public IP, access to the system works perfectly.
However, because we host several services, websites and other applications, we use the incoming proxy and alongside it the WAF to fragment brute force attacks on the main host.
I will try to identify a way to resolve the reverse proxy issue and comment on the ticket again.
Hi @Limraj !
To be honest, I don't know very much about network connections, so I don't know exactly what should I check in the network configuration to check what may be causing this behaviour. If you have at least a few general directions to provide, I'd gladly accept.
About the iframe.html, I didn't even know it wasn't supposed to show there. The only add-on I configured in this system was a script for using Google Charts with "server scripts" in ScadaLTS, since the available graphs don't have other features that I usually use in my projects (change background colors, donut graphs, bar graphs, etc).
To implement this, I followed a tutorial found at the ScadaBR Forum, adding a Script line at the page.tags file. Do you think could be related to the problem?
Hi @eng-rodrigo-lobo,
- What happens when you go back to the old page.tag file? (console/network)
- Send a link to this tutorial and write how you modified this page.tag file.
Regards, Kamil Jarmusik
Hi @Limraj,
-
I just tried it, and I get the same behaviour as before, with the same error pop-up. The same iframe.html shows again, this time I got curious and checked the details:
-
Sure, here's the link to the forum's tutorial (it's in portuguese): http://forum.scadabr.com.br/t/utilizando-gauge-do-google/1915
Actually it isn't much, the tutorial tells you to stop tomcat, open page.tags and add the following line within Scripts tag:
Then, restart tomcat and add build your graph according to Google Charts documentation using 'script to server' asset in the Graphical Views.
Regards, Rodrigo Lobo
Hi @Limraj
Just to add on my last post, I was curious about what was calling this iframe thing. This time I updated the ScadaLTS to the latest version 2.7.6 and accessed via VPN this updated ScadaLTS, getting again the same results.
When I checked the iframe calls, I realized it comes from the following path within the ScadaLTS folders:
Do you know what triggers the ScadaLTS to call this resource?
Regards, Rodrigo Lobo
Hi @eng-rodrigo-lobo Looks like a problem with the old version of the sockjs library and Internet Explorer: https://github.com/sockjs/sockjs-client/issues/249 So there is a chance that you have an old version in the browser cache, since Scada-LTS 2.7.1.1 (https://github.com/SCADA-LTS/Scada-LTS/issues/2285) we use sockjs version 1.6.0 (from Feb 27, 2022: https://github.com/sockjs/sockjs-client/releases/tag/v1.6.0);
To solve this:
- After the page loads, try -> Shift + F5 or Ctrl + Shift + r ('Reload the current page, ignoring cached content')
- If that doesn't help, maybe there is a compatibility issue with sockjs and edge, then just install firefox. (edit: I see that you tried on Chrome, reload page ignore cache, or update the version chrome)
Regards, Kamil Jarmusik
Hi @Limraj !
Busy days lately, sorry for the late answer.
I tried cleaning the cache and tried to access the ScadaLTS using Firefox and Chrome (both with the latest releases) and still got the same issue...
One thing I realized is that a websocket tries to connect and fails always,and then the pop-up is shown, I'll show you below:
MICROSOFT EDGE (version 118.0.2088.76)
GOOGLE CHROME (version 118.0.5993.118)
FIREFOX (version 119.0 )
So, I still have no clue of what's going on
Hi @eng-rodrigo-lobo, It's not about clearing the cache, but refreshing the page with that exact shortcut.
Check use sockjs version:
http://host:8080/Scada-LTS/resources/node_modules/sockjs-client/dist/sockjs.min.js
Regards, Kamil Jarmusik
Hi @limraj
I checked here, sockjs version is v1.6.0, as below (this was in Firefox):
To keep a pattern, I tried both commands you suggested (shift + F5 and ctrl +shift + R) at the watchlist page, but the result was the same (problem with connecting to the websocket and alarm pop-up).
Hello @eng-rodrigo-lobo, this same problem occurred when I imported a JSON completely from another installation, I went in search of delving deeper into the solution to this error and the only way to solve it was to delete the existing version of both java and tomcat and reinstall them.
According to the java forums, this bug can occur due to several problems, among them there may have been a failure during the installation that only became apparent now that you are using the method mentioned above.
@weschenfelder Can you link the source of this information? It is interesting...
Hi @eng-rodrigo-lobo,
- The problem may also be related to the network configuration (maybe some kind of proxy), which for some reason forces cross-domain communication, although the library is included with the application, so it is not hosted on a separate server. https://medium.com/swlh/websockets-with-spring-part-2-websocket-with-sockjs-fallback-1903cf8fe480
- Another possible reason is the firewall configuration that blocks websocket communication, but then sockjs tries http, so that would be weird too...
Could you describe your network/VPN setup? And check if the firewall is not blocking anything?
Regards, Kamil Jarmusik
Hi @Limraj
I was using a partner's VPN to test the remote access, as I'm developing a SCADA for this company and they'll use this network for remote access of the system.
Today I decided to try another VPN just to be sure and for my surprise, it worked fine! No alarm pop-ups.
This new VPN was just a standart OpenVPN CloudConnexa service (https://openvpn.net/cloud-vpn/ | free-tier, up to 3 connections), I just created an account, installed the clients at the 2 testing PCs, configured the firewall exception rules for the ScadaLTS 8080 port and voilà.
I'll check with my partner's VPN provider what are the settings, if they provide me this information, and I'll try to compare with the standart setting of OpenVPN to see if we realize what could be causing those errors mentioned before.
Anyways, I guess your initial assumption was right, probably was some network configuration.
Hi @eng-rodrigo-lobo,
In version v2.7.8 added property: websocket.client.sockjs.url in env.properties, where you can set the path to the Sockjs library/client.
Regards, Kamil Jarmusik