stream_socket_client unable to connect (connection timed out)

Question

I am using the certificate, and the private key

$ctx = stream_context_create();
stream_context_set_option($ctx, 'ssl', 'local_cert', $certfile);
stream_context_set_option($ctx, 'ssl', 'passphrase', $pass);
$fp = stream_socket_client('ssl://gateway.xyz.com:2195', $err, $errstr, 60, STREAM_CLIENT_CONNECT, $ctx);

Its running in my local XAMPP Server, but its not working in the external server:

Warning: stream_socket_client() [function.stream-socket-client]: unable to connect to ssl://gateway.sandbox.push.apple.com:2195 (Connection timed out) in /home/biranchi/public_html/push.php on line 42

Failed to connect 110

What is the error? Do i need to change some setting in the server?

Answer 1

Check your personal firewall settings and make sure you're not blocking this out. Try disabling the firewall.

Also, some APIs like requests to come from an actual domain rather than a desktop. I don't have reason to believe Apple works this way, but that's something to check also.

Also make sure and ping gateway.sandbox.push.apple.com and make sure you have a good connection.

Answer 2

I had fixed the issue by opening the port 2195 on the production server. You can verify by following command $telnet gateway.push.apple.com 2195

-bash-3.2# telnet gateway.push.apple.com 2195

Trying 17.149.38.141...
Connected to gateway.push.apple.com (17.149.38.141).
Escape character is '^]'.
Connection closed by foreign host.

Answer 3

You have to set your firewall to allow all the 17.0.0.0/8 block (it all belongs to Apple!). Check THIS ANSWER

And according to Apple:

The APNs servers use load balancing, so your devices won't always connect to the same public IP address for notifications. It's best to allow access to these ports on the entire 17.0.0.0/8 address block, which is assigned to Apple.

If you are using CSF firewall (like me), I'd recommend to add this line to csf.allow file:

tcp|out|d=2195|d=17.0.0.0/8

Then restart CSF. Using the above instead of just "17.0.0.0/8" will allow only outbond connections to Apple and specifically to port 2195. NSA won't like it but this is much more precise and safe! ;)