Connecting Spresense to AWS IOT Core MQTT broker?

jlutzwpi

Hello all, I updated the LTE extension board with the latest firmware and I'm able to connect to a SIM via LTE. However, following the LteGnssTracker.ino sample sketch, I'm not able to connect to the AWS IOT Core MQTT Broker. I get the following error message:

Starting GNSS tracker via LTE.
=========== APN information ===========
Access Point Name : hologram
Authentication Type: NONE
DEBUG: Modem restart : 0
DEBUG: Successful modem poweron.
DEBUG: Successful start searching.
DEBUG: Successful get IMS capability : FALSE
DEBUG: Successful set RAT : 0
Attempting to connect to network.
Gnss setup OK
Waiting for successful attach.
DEBUG: Report netinfo stat : 2
DEBUG: Successful PDN attach.
attach succeeded.
DEBUG: Successful get localtime : 2022/07/15,00:01:20
2022/07/15 00:01:20
Attempting to connect to the MQTT broker: xxxx.iot.us-east-1.amazonaws.com
DEBUG: Start tls_connect
DEBUG: Loading CA certificates
DEBUG: Loading client certificates
DEBUG: Loading private key
DEBUG: Connect to server
ERROR: mbedtls_net_connect() error : -0x52
MQTT connection failed! Error code = -2

I've tried loading the certs from the SD card, as well as storing the certs directly into memory.

Does anyone have any insight into why I can't connect to the MQTT broker?

Thanks!
Justin

jens6151 0 1 1

Hi I am connecting to AWS IOT Core MQTT broker too.

Difficult to say without the exact code (which modifications did you make?)

Just some thoughts

1. Add a line to verify that the certificates are correctly loaded. In the sample sketch there is no check for failure. e.g. print the file size

  Serial.printf("rootCertsFile size %d", rootCertsFile.available());

2. when using the SD card, place the file to the root folder and just give the name. i.e. NOT /mnt/sd/xxx, just the file name.

3. When there are many files on the SD card root (1000+) then it is very slow and might sometimes fail.

4. Double check the broker address and certificates are correct and valid. Check that the AWS configuration is correct. Could you connect with the same credentials via the AWS command line sample that was given when you downloaded them?

jlutzwpi

@jens6151-0-1-1 Hi thanks for responding. I've been able to connect a couple times before I get the connection issues again. I'm reading in the certs from memory, so I'm not using the SD card. I heard of people having trouble with that.
Below is the output of a recent connect I got:

Attempting to connect to the MQTT broker: xxx.iot.us-east-1.amazonaws.com
DEBUG: Start tls_connect
DEBUG: Loading CA certificates
DEBUG: Loading client certificates
DEBUG: Loading private key
DEBUG: Connect to server
ERROR: mbedtls_net_connect() error : -0x52
MQTT connection failed! Error code = -2
DEBUG: Start tls_connect
DEBUG: Loading CA certificates
DEBUG: Loading client certificates
DEBUG: Loading private key
DEBUG: Connect to server
DEBUG: Performing the SSL/TLS handshake
DEBUG: Verify peer X.509 certificates
DEBUG: Verified peer X.509 certificates
DEBUG: tls_connect done
DEBUG:LTETLSClient:128 connected to xxx.iot.us-east-1.amazonaws.com
DEBUG:LTETLSClient:158 written 30 byte
DEBUG:LTETLSClient:246 read 1 byte
DEBUG:LTETLSClient:246 read 1 byte
DEBUG:LTETLSClient:246 read 1 byte
DEBUG:LTETLSClient:246 read 1 byte
You're connected to the MQTT broker!

It then takes a bit to get the minimum number of satellites, but I also get this debug error while it runs:

Position is fixed.
DEBUG: Successful get localtime : 2022/07/18,17:55:28
Position is fixed.
DEBUG: Successful get localtime : 2022/07/18,17:55:29
Position is fixed.
DEBUG: Successful get localtime : 2022/07/18,17:55:30
Sending message to topic: spresense
Publish: $GPGGA,xxxxx.00,xxxx.8694,N,xxxx.1743,W,1,04,3.2,122.1,M,,M,,*67

ERROR: mbedtls_ssl_write() error : -0x50
Position is fixed.

Sending message to topic: spresense
Publish: $GPGGA,xxxx.00,4225.8696,N,xxxx.1719,W,1,04,3.2,108.0,M,,M,,*64

ERROR:LTETLSClient:148 not connected
Position is fixed.

Really strange behavior. I'll run again and won't be able to connect again. It seems like really unstable behavior with the certs. Any recommendations?

jlutzwpi

@jlutzwpi and I can connect with the certs through a Python program so I know the certs are correct.

jens6151 0 1 1

@jlutzwpi
I see that you could connect. That is good.

I do not know for sure what happens. But I have some more thoughts.

Actually I did not do any long term tests yet. However I also got some mbedtls_ssl error (sorry I do not remember the number). It always happened when I uploaded a large amount of data (200K image) I assumed that there is a file size limit on Amazon side since about 100K images worked. I did not verify this thought.

So connecting to the current issue. I assume that the remote closes the connection. ArduinoMqttClient does not offer a onDisconnected callback. But you could try polling.

Mqtt requires an alive message that is send within the mqttClient.poll() function. Do you call that and is the alive message timeout within the Amazon IOT requirements (the default should be)?

@ Sony developers
Are there any limitations regarding tls/ssl for the LTE module or LTETLSClient?
For example the nrf9160 module (just an example, not related with Spresense) fails on simultaneous tls connections but works with multiple sequential connections.

CamilaSouza

Hey, @jens6151-0-1-1 and @jlutzwpi
I'm not aware of any limitations like the one you mentioned. Are these limitations on the nrf9160 documented or were they discovered empirically by the users?

Our documentation offers some tips for unstable communications.
FAQ: https://developer.sony.com/develop/spresense/docs/faq_en.html#_about_the_spresense_lte_extension_board
Recommended sections:

• Communication is unstable. What can I do to make it more stable?

• Communication conditions are unstable and sometimes communication errors occur.

• The TLS secure communication function does not work correctly, what should I do?

Some of the tips were already mentioned here, like updating the firmware to the most recent versions and downloading certificates.
But here some tips that might be applicable in this case:

• If the main board is powered only by the PC, a communication error may occur due to insufficient current capacity. Using a USB power supply capable of supplying a current of 1A or more may improve the problem. If you are using the USB connector on the main board as a serial console, please use the USB connector on the LTE extension board for the power supply.

• Keep the device away from devices that emit strong radio waves that may interfere with the communication.

• Communication may be unstable in locations with poor reception, such as inside a building or a place surrounded by metal.

jlutzwpi

@CamilaSouza Thank you both. Excellent feedback.

I connected a micro USB to the LTE extension board and it appears to have better performance.

I also changed the logic in LteGnssTracker.ino to change the mqttClient connect check from an if to a while:

while(!mqttClient.connect(broker, port)) {
    Serial.print("MQTT connection failed! Error code = ");
    Serial.println(mqttClient.connectError());
    sleep(3);
  }

I found that even if it doesn't connect right away, it eventually does.
I'm now getting lat/long data from the Spresense to the AWS IOT core. Exciting stuff!

I still get occassional LTETLSClient not connected errors, but if I restart the board I see that it will start working again. It could also be that I'm in a area that can have spotty mobile service.

Thank you both for your help!
Justin

CamilaSouza

Hey, @jlutzwpi
That's so nice!!

Keep up the good work.