I tried installing all ccid packages, enabled pcscd and etc which resulted in the usb card reader option to start working but as I have none and use my phone that option doesn't really help me out. Trying to connect with my phone causes it to just print the error "Can't establish connection to smartphone as card reader(SaC)"

I have ran out of ideas what could cause this and am wondering if anyone has a clue.

I have also attempted to check the code for the Remote_IFD but as I don't really know CPP it led me nowhere
Governikus/AusweisApptree/community/src/ifd/remote

Here is the term output:

    brianthehughes No it already exists as a port on FreeBSD same goes for Linux it exists on all distros as a package and works fine over there.

      Mar0xy
      Oh my, that is a lot of build and runtime dependencies. I’ll check it out and see where I end up.

      Mar0xy

      Using the package version of AusweisApp I was able to install and run the application without issue..

      As I read more into the pre-requisites to attempt a connection, please confirm that you have the eID and PIN(s) required to proceed, and can - Check device and ID card, Change PIN.

      Ultimately, without a the eID and the PIN, I am unable to get my phone to be allowed as a device and receive the same error as you. :-)

      1. Please confirm that your eID function is activated.
      2. Please confirm that your self-selected six-digit PIN is known. - Step 2.1

      As no pairing is allowed until these are already in place.

      ifd 2025.01.01 10:44:14.411 234090 W ConnectRequest::onError(ifd/base/ConnectRequest.cpp:173) : Connection error: QAbstractSocket::ConnectionRefusedError "Connection refused"
      default 2025.01.01 10:44:14.424 233840 ...viceModel::onEstablishConnectionDone(ui/qml/RemoteServiceModel.cpp:297) : Pairing finished: IfdConnector_ConnectionError | "An error occurred while trying to establi
      sh a connection to the smartphone as card reader (SaC)."

      https://www.ausweisapp.bund.de/en/online-identification/what-you-need

      1 - eID function is activated

      To be able to identify yourself online, the eID function of your ID card or electronic residence permit must be activated. With the eID card, this is activated automatically.

      How do I know if the eID function of my ID card is activated?

      There are several ways to find out:

      • Your ID card was issued after July 2017. In this case, the eID function is also automatically activated for ID cards and electronic residence permits.
      • You use the "Check device and ID card" feature in AusweisApp on your smartphone and receive a positive result with a green check mark next to "eID function activated".
      • You go to your local public administration office to check whether the eID function of your ID card has been activated.

      What if the eID function of my ID card is deactivated?

      For activation, you can contact your local public administration office. You can find out about the opening hours, contact persons and responsibilities of the offices and authorities in your area by calling the public authority hotline 115 or on the Internet: https://servicesuche.bund.de/#/en.

      2 - self-selected, six-digit PIN is known

      Every time you identify yourself online, you must enter your self-selected, six-digit PIN to enable data transmission. If you do not know this PIN, there are several ways to set a PIN:

      1. If you have never set a self-selected, six-digit PIN for your ID card and you have your five-digit transport PIN at hand, you can easily and conveniently set a PIN in AusweisApp using the "Change PIN" feature. You will find the five-digit transport PIN in the PIN letter you receive in the mail after you apply for a new ID card.
      2. You set a new PIN for your ID card at the public administration office responsible for you. You can find out the opening hours, contact persons and responsibilities of the offices and authorities closest to where you live by calling the public authorities hotline 115 or on the Internet: https://servicesuche.bund.de/#/en.
      a month later
      • Edited

      Not entirely sure, but you should be able to do the pairing step without an eID @brianthehughes
      All the stuff about PIN and eID you quoted comes after you managed to pair your phone as a card reader in the first place.
      You should be able to recreate the problem by

      1. installing the ausweisapp FreeBSD port and starting the app
      2. installing the AusweisApp on Android via Play Store and starting it
      3. Enter pairing mode on both instances of the application
        When attempting the pairing step, you should get the same error as OP (and me)

      Edit: A (hopefully) relevant part of my log:
      qml 2025.02.15 20:30:06.106 102294 ReaderScanEnabler::enableScan(ui/qml/ReaderScanEnabler.cpp:40) : Starting scan on REMOTE_IFD
      card 2025.02.15 20:30:06.106 120999 ReaderManagerWorker::callOnPlugin(card/base/ReaderManagerWorker.cpp:131) : Start scan on plugin: governikus::RemoteIfdReaderManagerPlugin
      network 2025.02.15 20:30:06.110 102294 DatagramHandlerImpl::resetSocket(network/DatagramHandlerImpl.cpp:91) : Bound on port: 24727
      card 2025.02.15 20:30:06.110 102294 ReaderManager::doUpdatePluginCache(card/base/ReaderManager.cpp:272) : Update cache entry: REMOTE_IFD
      qml 2025.02.15 20:30:06.241 102294 W ...ionModel::isScreenReaderRunning(ui/qml/ApplicationModel_generic.cpp:21) : NOT IMPLEMENTED
      qml 2025.02.15 20:30:07.039 102294 W (/qt/qml/Governikus/View/BaseController.qml:44) : No focus item found using TitleBar
      qml 2025.02.15 20:30:07.044 102294 ReaderScanEnabler::enableScan(ui/qml/ReaderScanEnabler.cpp:49) : Stopping scan on REMOTE_IFD
      card 2025.02.15 20:30:07.045 120999 ReaderManagerWorker::callOnPlugin(card/base/ReaderManagerWorker.cpp:131) : Stop scan on plugin: governikus::RemoteIfdReaderManagerPlugin
      network 2025.02.15 20:30:07.048 102294 ...mHandlerImpl::~DatagramHandlerImpl(network/DatagramHandlerImpl.cpp:104) : Shutdown socket
      card 2025.02.15 20:30:07.049 102294 ReaderManager::doUpdatePluginCache(card/base/ReaderManager.cpp:272) : Update cache entry: REMOTE_IFD
      default 2025.02.15 20:30:12.233 102294 ...viceModel::connectToRememberedServer(ui/qml/RemoteServiceModel.cpp:268) : Starting to pair.
      ifd 2025.02.15 20:30:12.233 102294 IfdClientImpl::establishConnection(ifd/base/IfdClientImpl.cpp:155) : Establishing connection to remote device.
      ifd 2025.02.15 20:30:12.234 120998 I ConnectRequest::setTlsConfiguration(ifd/base/ConnectRequest.cpp:88) : Start pairing to server
      ifd 2025.02.15 20:30:12.235 120998 IfdConnectorImpl::onConnectRequest(ifd/base/IfdConnectorImpl.cpp:107) : Request connection.
      ifd 2025.02.15 20:30:12.235 120998 W ConnectRequest::onError(ifd/base/ConnectRequest.cpp:173) : Connection error: QAbstractSocket::ConnectionRefusedError "Verbindung verweigert"
      default 2025.02.15 20:30:12.240 102294 ...viceModel::onEstablishConnectionDone(ui/qml/RemoteServiceModel.cpp:297) : Pairing finished: IfdConnector_ConnectionError | "Bei der Verbindung zum Smartphone als Kartenleser (SaK) ist ein Fehler aufgetreten."
      qml 2025.02.15 20:30:14.269 102294 ReaderScanEnabler::enableScan(ui/qml/ReaderScanEnabler.cpp:40) : Starting scan on REMOTE_IFD
      card 2025.02.15 20:30:14.269 120999 ReaderManagerWorker::callOnPlugin(card/base/ReaderManagerWorker.cpp:131) : Start scan on plugin: governikus::RemoteIfdReaderManagerPlugin

      Hi @Mar0xy,

      I’ve looked into the issue, and it seems like the problem is occurring before the eID authentication process, likely during the initial pairing step. The error QAbstractSocket::ConnectionRefusedError suggests that the connection is being blocked or not properly initialized.

      Troubleshooting Steps to Try:

      1. Verify Dependencies

      Ensure all necessary packages are installed:

      pkg info | grep pcscd

      Make sure pcscd is installed and running:

      sudo service pcscd start

      2. Check Network Connectivity

      • The logs show that the application binds to port 24727.

      • Check if anything is listening on this port:

        sudo sockstat -l | grep 24727


      • If nothing is listening, try running the app as root:

        sudo AusweisApp2


      3. Enable Debug Logging

      Run the application in debug mode to gather more details:

      AusweisApp2 --debug

      This might provide more insights into why the connection is refused.

      Thank you for your suggestions. I have tried them all, with no change to the behavior of the application.
      sudo sockstat -l | grep 24727
      returns this when Ausweisapp is running:
      maehsi AusweisApp 7075 18 tcp4 127.0.0.1:24727 *:*
      maehsi AusweisApp 7075 19 tcp6 ::1:24727 *:*
      maehsi AusweisApp 7075 38 udp46 *:24727 *:*

      logs seem to be too large to post here

      The option --debug does not work, instead --keep seems to be the only similar option. For some reason, two logs are created, log 2:
      default 2025.02.17 21:04:00.843 107550 Env::createSingleton(global/Env.h:127) : Create singleton: governikus::SignalHandler
      init 2025.02.17 21:04:00.843 107550 printInfo(init/Bootstrap.cpp:59) : Logging to "/tmp/AusweisApp.viKqRv.log"
      init 2025.02.17 21:04:00.843 107550 I printInfo(init/Bootstrap.cpp:61) : ##################################################
      init 2025.02.17 21:04:00.843 107550 I printInfo(init/Bootstrap.cpp:65) : ### Application: AusweisApp
      init 2025.02.17 21:04:00.843 107550 I printInfo(init/Bootstrap.cpp:65) : ### Application Version: 2.2.2
      init 2025.02.17 21:04:00.843 107550 I printInfo(init/Bootstrap.cpp:65) : ### Organization: ausweisapp2
      init 2025.02.17 21:04:00.843 107550 I printInfo(init/Bootstrap.cpp:65) : ### Organization Domain:
      init 2025.02.17 21:04:00.843 107550 I printInfo(init/Bootstrap.cpp:65) : ### System: GhostBSD 24.10.1
      init 2025.02.17 21:04:00.843 107550 I printInfo(init/Bootstrap.cpp:65) : ### Kernel: 14.1-STABLE
      init 2025.02.17 21:04:00.843 107550 I printInfo(init/Bootstrap.cpp:65) : ### Architecture: x86_64
      init 2025.02.17 21:04:00.843 107550 I printInfo(init/Bootstrap.cpp:65) : ### Device: maehsi-ghostbsd
      init 2025.02.17 21:04:00.843 107550 I printInfo(init/Bootstrap.cpp:65) : ### Qt Version: 6.8.1
      init 2025.02.17 21:04:00.843 107550 I printInfo(init/Bootstrap.cpp:65) : ### OpenSSL Version: OpenSSL 3.0.15 3 Sep 2024
      init 2025.02.17 21:04:00.844 107550 I printInfo(init/Bootstrap.cpp:67) : ##################################################
      init 2025.02.17 21:04:00.846 107550 printInfo(init/Bootstrap.cpp:77) : Library path: "/usr/local/lib/qt6/plugins"
      init 2025.02.17 21:04:00.847 107550 printInfo(init/Bootstrap.cpp:77) : Library path: "/usr/local/bin"
      init 2025.02.17 21:04:00.847 107550 printInfo(init/Bootstrap.cpp:80) : TLS backends: QList("openssl", "cert-only") | using: "openssl"
      default 2025.02.17 21:04:00.847 107550 Env::createSingleton(global/Env.h:127) : Create singleton: governikus::VolatileSettings
      default 2025.02.17 21:04:00.847 107550 ResourceLoader::init(global/ResourceLoader.cpp:45) : Register resource: "/usr/local/share/ausweisapp2/AusweisApp/AusweisApp.rcc" | true
      default 2025.02.17 21:04:00.847 107550 Env::createSingleton(global/Env.h:127) : Create singleton: governikus::AppSettings
      network 2025.02.17 21:04:00.850 107550 NetworkManager::setApplicationProxyFactory(network/NetworkManager.cpp:516) : proxy -> system
      default 2025.02.17 21:04:00.850 107550 Env::createSingleton(global/Env.h:127) : Create singleton: governikus::NetworkManager
      default 2025.02.17 21:04:00.919 107550 FileDestination::getPath(global/FileDestination.h:62) : "config.json" not found in following destinations | QStandardPaths::LocateFile
      default 2025.02.17 21:04:00.919 107550 FileDestination::getPath(global/FileDestination.h:66) : "/home/maehsi/.local/share/ausweisapp2/AusweisApp"
      default 2025.02.17 21:04:00.919 107550 FileDestination::getPath(global/FileDestination.h:66) : "/usr/local/share/ausweisapp2/AusweisApp"
      default 2025.02.17 21:04:00.919 107550 FileDestination::getPath(global/FileDestination.h:66) : "/usr/share/ausweisapp2/AusweisApp"
      securestorage 2025.02.17 21:04:00.919 107550 SecureStorage::load(secure_storage/SecureStorage.cpp:191) : Try locations: QList("", "", ":/config.json")
      securestorage 2025.02.17 21:04:00.919 107550 SecureStorage::loadFile(secure_storage/SecureStorage.cpp:158) : Load SecureStorage: ":/config.json"
      securestorage 2025.02.17 21:04:00.923 107550 SecureStorage::load(secure_storage/SecureStorage.cpp:278) : SecureStorage loaded: true
      securestorage 2025.02.17 21:04:00.923 107550 I SecureStorage::load(secure_storage/SecureStorage.cpp:279) : Vendor "ausweisapp2"
      default 2025.02.17 21:04:00.923 107550 Env::createSingleton(global/Env.h:127) : Create singleton: governikus::UiLoader
      gui 2025.02.17 21:04:00.923 107550 UiLoader::load(ui/base/UiLoader.cpp:109) : Try to load UI plugin: "qml"
      gui 2025.02.17 21:04:00.923 107550 UiLoader::setEnvironment(ui/base/UiLoader.cpp:268) : Set environment: "QSG_INFO" = "1"
      gui 2025.02.17 21:04:00.923 107550 UiLoader::setEnvironment(ui/base/UiLoader.cpp:268) : Set environment: "QT_SVG_ASSUME_TRUSTED_SOURCE" = "1"
      gui 2025.02.17 21:04:00.923 107550 UiLoader::load(ui/base/UiLoader.cpp:124) : Load plugin: QJsonObject({"IID":"governikus.UiPlugin","MetaData":{"default":true,"env":{"QSG_INFO":"1","QT_SVG_ASSUME_TRUSTED_SOURCE":"1"},"userInteractive":true},"archlevel":1,"className":"UiPluginQml","debug":false,"version":395264})
      default 2025.02.17 21:04:00.927 107550 UiPluginQml::onUseSystemFontChanged(ui/qml/UiPluginQml.cpp:940) : Using "AusweisApp_Roboto" with styles QList("Regular", "Medium", "Bold")
      init 2025.02.17 21:04:00.928 107550 AppController::onUiPlugin(core/controller/AppController.cpp:427) : Register UI: governikus::UiPluginQml
      gui 2025.02.17 21:04:00.928 107550 UiLoader::load(ui/base/UiLoader.cpp:109) : Try to load UI plugin: "webservice"
      gui 2025.02.17 21:04:00.928 107550 UiLoader::load(ui/base/UiLoader.cpp:124) : Load plugin: QJsonObject({"IID":"governikus.UiPlugin","MetaData":{"default":true,"passive":true,"readerManager":false},"archlevel":1,"className":"UiPluginWebService","debug":false,"version":395264})
      init 2025.02.17 21:04:00.928 107550 AppController::onUiPlugin(core/controller/AppController.cpp:427) : Register UI: governikus::UiPluginWebService
      gui 2025.02.17 21:04:00.928 107550 UiLoader::load(ui/base/UiLoader.cpp:109) : Try to load UI plugin: "websocket"
      gui 2025.02.17 21:04:00.928 107550 UiLoader::load(ui/base/UiLoader.cpp:124) : Load plugin: QJsonObject({"IID":"governikus.UiPlugin","MetaData":{"default":true},"archlevel":1,"className":"UiPluginWebSocket","debug":false,"version":395264})
      init 2025.02.17 21:04:00.928 107550 AppController::onUiPlugin(core/controller/AppController.cpp:427) : Register UI: governikus::UiPluginWebSocket
      default 2025.02.17 21:04:00.928 107550 Env::getShared(global/Env.h:336) : Spawn shared instance: governikus::HttpServer
      network 2025.02.17 21:04:00.928 107550 HttpServer::bindAddresses(network/HttpServer.cpp:65) : Cannot start server: "The bound address is already in use" | QHostAddress("127.0.0.1") | 24727
      network 2025.02.17 21:04:00.928 107550 HttpServer::bindAddresses(network/HttpServer.cpp:69) : Abort init of http server because of fatal error...
      network 2025.02.17 21:04:00.928 107550 HttpServerRequestor::getRequest(network/HttpServerRequestor.cpp:57) : Request URL (GET): QUrl("http://127.0.0.1:24727/eID-Client?Status")
      network 2025.02.17 21:04:00.930 107550 HttpServerStatusParser::parseReply(network/HttpServerStatusParser.cpp:69) : Status Code: 200 "OK"
      network 2025.02.17 21:04:00.930 107550 HttpServerStatusParser::parseReply(network/HttpServerStatusParser.cpp:69) : Header | access-control-allow-origin: *
      network 2025.02.17 21:04:00.930 107550 HttpServerStatusParser::parseReply(network/HttpServerStatusParser.cpp:69) : Header | access-control-allow-private-network: true
      network 2025.02.17 21:04:00.930 107550 HttpServerStatusParser::parseReply(network/HttpServerStatusParser.cpp:69) : Header | content-length: 237
      network 2025.02.17 21:04:00.930 107550 HttpServerStatusParser::parseReply(network/HttpServerStatusParser.cpp:69) : Header | content-type: text/plain; charset=utf-8
      network 2025.02.17 21:04:00.930 107550 HttpServerStatusParser::parseReply(network/HttpServerStatusParser.cpp:69) : Header | date: Mon, 17 Feb 2025 20:04:00 GMT
      network 2025.02.17 21:04:00.930 107550 HttpServerStatusParser::parseReply(network/HttpServerStatusParser.cpp:69) : Header | server: AusweisApp2/2.2.2 (TR-03124-1/1.4)
      network 2025.02.17 21:04:00.931 107550 HttpServerStatusParser::parseReply(network/HttpServerStatusParser.cpp:74) : Found version info VersionInfo({"Implementation-Title":"AusweisApp2","Implementation-Vendor":"ausweisapp2","Implementation-Version":"2.2.2","Name":"AusweisApp2","Specification-Title":"TR-03124-1","Specification-Vendor":"Federal Office for Information Security","Specification-Version":"1.4"})
      webservice 2025.02.17 21:04:00.931 107550 ...WebService::handleExistingApp(ui/webservice/UiPluginWebService.cpp:107) : We are already started... calling ShowUI
      network 2025.02.17 21:04:00.931 107550 HttpServerRequestor::getRequest(network/HttpServerRequestor.cpp:57) : Request URL (GET): QUrl("http://127.0.0.1:24727/eID-Client?ShowUI=CURRENT")
      webservice 2025.02.17 21:04:00.932 107550 ...WebService::handleExistingApp(ui/webservice/UiPluginWebService.cpp:129) : ShowUI request succeeded
      init 2025.02.17 21:04:00.932 107550 C AppController::start(core/controller/AppController.cpp:150) : Cannot initialize UI
      init 2025.02.17 21:04:00.932 107550 C AppController::start(core/controller/AppController.cpp:117) : Cannot start application controller, exit application
      init 2025.02.17 21:04:00.932 107550 initApp(init/Bootstrap.cpp:191) : Enter main event loop...
      init 2025.02.17 21:04:00.934 107550 AppController::completeShutdown(core/controller/AppController.cpp:332) : Emit fire shutdown
      gui 2025.02.17 21:04:00.934 107550 UiLoader::shutdown(ui/base/UiLoader.cpp:197) : Shutdown UiLoader: QList("qml", "webservice", "websocket")
      gui 2025.02.17 21:04:00.935 107550 UiLoader::preparePlugin(ui/base/UiLoader.cpp:149) : Shutdown UI: "qml"
      gui 2025.02.17 21:04:00.935 107550 UiLoader::preparePlugin(ui/base/UiLoader.cpp:149) : Shutdown UI: "webservice"
      gui 2025.02.17 21:04:00.935 107550 UiLoader::preparePlugin(ui/base/UiLoader.cpp:149) : Shutdown UI: "websocket"
      default 2025.02.17 21:04:00.935 107550 ResourceLoader::shutdown(global/ResourceLoader.cpp:71) : Unregister resource: "/usr/local/share/ausweisapp2/AusweisApp/AusweisApp.rcc" | true
      init 2025.02.17 21:04:00.935 107550 AppController::completeShutdown(core/controller/AppController.cpp:338) : Quit event loop of QCoreApplication
      default 2025.02.17 21:04:00.935 107550 Env::createSingleton(global/Env.h:140) : Destroy singleton: governikus::UiLoader
      default 2025.02.17 21:04:00.935 107550 Env::createSingleton(global/Env.h:140) : Destroy singleton: governikus::NetworkManager
      default 2025.02.17 21:04:00.935 107550 Env::createSingleton(global/Env.h:140) : Destroy singleton: governikus::AppSettings
      default 2025.02.17 21:04:00.935 107550 Env::createSingleton(global/Env.h:140) : Destroy singleton: governikus::VolatileSettings
      default 2025.02.17 21:04:00.935 107550 Env::createSingleton(global/Env.h:140) : Destroy singleton: governikus::SignalHandler
      init 2025.02.17 21:04:00.936 107550 initApp(init/Bootstrap.cpp:201) : Leaving application... bye bye!

      the other log is definitely too large to post here. I can't find anything in it that gives away more than the snippet I already posted.

      The application blocks communication unless the pin is entered. Including pairing. This is by design as the user is unlocking the application to pair it with a device. The application is the authority. During my attempts at diagnosis I also believed that one should be able to pair a device with the app first, but that is not the case as the user must first authenticate with the app to add a device. That device is then able to read the card via NFC to the application. During my efforts I do believe I ended up at the developer docs before I provided the conclusion that it is impossible to test without an eID and pin. Governikus/AusweisAppblob/community/docs/installation/CommunicationModel_en.pdf

      1. eID
      2. pin
      3. app (and you need to enter the pin to enable)
      4. pairing

      I do hope the OP was able to connect directly with support resources.

        4 days later

        brianthehughes
        I don't believe that to be correct. I still have a machine with Windows 10 at my disposal. Pairing works exactly like this:

        1. Open the application on both desktop PC and Android phone
        2. Enter pairing mode on both devices
        3. Enter pairing PIN (randomly generated and shown on phone display) on desktop PC
        4. Android phone now works as a connected German ID card reader

        The following steps after pairing was successful would be:

        • Put phone on ID card
        • Click authentication button of some German gov agency on desktop PC in the browser
        • ID card is read, information is transferred between Ausweisapp on desktop and phone, and the server for this stuff
        • Enter personal eID card PIN
        • I am authenticated and can usually fill out some form

        To be sure, I just deleted the pairing on that windows PC and the phone I have and repeated those steps as I described them. That is how it works. On GhostBSD, at step 3, I enter the pairing PIN and get the connection error.

        I have uploaded 2 logs on my Google Drive, one for GhostBSD and one from the Windows application (which works): https://drive.google.com/drive/folders/1u-6TI_8TapDmorznBVRQRluTk1E8EDsR?usp=drive_link

        I concede your evidence. I did not try on Mac or Windows. Well done.

        9 days later

        Mar0xy After upgrading to the latest release, did you experience a similar issue?

          vimanuelt I just tried it again after the upgrade and it still displays the same error.

          vimanuelt I essentially gave up back then and just use it only on mobile or if I need it on desktop I end up using a VM which is less than ideal but there is currently simply no way around it