言語 / Languages

Articles in this section

See more

Soracom Napter Troubleshooting Guide

This guide provides solutions for common issues encountered when using Soracom Napter for remote access and explains how to use Audit Logs to diagnose connection failures.

Common Connection Issues

If you are unable to establish a connection to your device using Soracom Napter, check the following common configurations and network settings.

The Napter Session Has Expired

Soracom Napter provides temporary remote access with a configured time limit (up to 8 hours). If your connection drops or is refused, the session duration may have elapsed.

Resolution: Disconnect your client and create a new Napter session in the User Console.

Network Restrictions (Corporate Firewalls/Proxies)

If you are connecting from a corporate network, strict security policies may block the random ports or IP addresses assigned by Napter.

Resolution: Check with your network administrator to ensure there are no proxies or firewalls blocking traffic to the destination IP and port provided by the Napter session.

Incorrect TLS Configuration

Napter offers TLS offloading for unencrypted protocols (like HTTP), but this can interfere with protocols that handle their own encryption, such as SSH or RDP.

  • Resolution: When setting up Napter for SSH or RDP, ensure the configuration reflects that the protocol is already secure. Select the option My IoT device's connection is encrypted (HTTPS/SSH). Do not enable TLS offloading for these protocols.

Mismatched Device Ports

The port number specified during the Napter session creation must match the port on which your device's service is listening.

Resolution: Verify the target port. Common defaults include:

  • SSH: 22
  • HTTP: 80
  • RDP: 3389

Device-Side Firewalls

Even if Napter is working, the device itself may block the incoming connection.

Resolution: Check firewalls on the device (such as iptables on Linux or Windows Firewall). Ensure the device accepts incoming traffic on the cellular interface for the specific port being accessed.

Unsupported Protocols

Soracom Napter supports TCP only.

Resolution: Ensure your application uses TCP. UDP and ICMP (Ping) are not supported through Napter.

Troubleshooting with Napter Audit Logs

If the basic checks above do not resolve the issue, use the Napter Audit Log to pinpoint where the connection is failing.

How to Retrieve Audit Logs

  1. Identify your Global IP: Visit a site like ifconfig.me to find the public IP address of the computer you are connecting from. You will need to allow this IP when creating the Napter session.
  2. Note Connection Details: When you create the Napter session, record the assigned IP address and port (e.g., 123.456.789.12:3456).
  3. Attempt Connection: Try to access the device using the Napter details.
  4. Access Logs: Log in to the User Console. From the Menu, under the Logs & Statistics header select Napter Audit Log.
  5. Review Events: Look for the events generated during your connection attempt.

Napter Audit Log Menu

Interpreting Log Events

The event type recorded in the logs indicates the stage at which the connection failed.

Scenario 1: No "ACCESS" Event Logged

You see events like CREATED, DELETED, or EXPIRED, but no ACCESS event.

  • Cause: Traffic is not reaching the Soracom platform. This usually indicates that your local network (the network you are connecting from) is blocking the outbound connection to the Napter IP and port.
  • Resolution: Verify that your local network permits access to the destination IP address and port number noted in step 2.

Audit Log showing no Access event

Scenario 2: "DENIED" or "REFUSED" Events

  • DENIED: The connection reached Soracom, but was blocked because the source IP address did not match the allowed IP range specified when the session was created.

  • REFUSED: Often appears as multiple DENIED events, indicating repeated unauthorized access attempts.

  • Resolution:

    1. Check the Details column in the logs. Compare the source IP listed there with your current Global IP.
    2. If your IP has changed or was entered incorrectly, create a new Napter session with the correct source IP.

Audit Log showing Denied event

Scenario 3: "CONNECTED" Event Logged

The CONNECTED event indicates that Soracom successfully forwarded the traffic to your device. If you still cannot access the service, the issue lies on the device side or the specific protocol configuration.

  • Potential Causes:
    • TLS Mismatch: You enabled TLS offloading for a protocol that doesn't support it (or vice versa).
    • Wrong Port: The service on the device is not running on the port you specified.
    • Routing: The device is routing return traffic via a different interface (e.g., Wi-Fi or Ethernet) instead of the cellular interface.
    • Device Firewall: The device is dropping the packets.
    • Service Down: The application (web server, SSH daemon) is not running.

Audit Log showing Connected event

Advanced Troubleshooting: Soracom Peek

If the audit logs show CONNECTED but access fails, you may need to analyze the actual network packets.

Soracom Peek allows you to capture IP packets passing between the Soracom platform and your device without installing software on the device itself. Use Peek to confirm if the device is receiving the request and if it is sending a response packet back.

Contacting Support

If you cannot resolve the issue after following these steps, please create a support ticket with the following details to help expedite the investigation:

  • IMSI: The IMSI of the SIM(s) experiencing the issue.
  • Device Details: Manufacturer, Model Number, and Product Name.
  • Timestamp: The exact date and time the issue occurred.
  • Logs: A screenshot or export of the Napter Audit Log.
  • Description: A detailed description of the error and steps taken.
  • Packet Capture: A pcap file from Soracom Peek (if available).
Was this article helpful?
0 out of 0 found this helpful
Return to top