Pfsense <-> solaredge

Gertjan · Sep 20, 2017, 10:27 PM

Installled several weeks ago a Solar Edge - a "900" series (5 Kw if I remember well).
https://photos.app.goo.gl/jr3C5Vi6n6EPT4P43

No ports needed to be opened. We activated the wifi connection (was an option we took) and the cable connection.
The Solar Ege logic "calls home", as a normal device that is connected on your LAN, and connects to a server from SE on the net.
The solar company does not connect from the outside (from Internet) to your Solar Edge installation.

I have all the manual here, user- installation, etc - and nothing is said about opening firewall ports.

What is your Solar Edge type / version ??

edit : https://www.solaredge.com/sites/default/files/se-inverter-installation-guide.pdf page 53

NOTE
If your network has a firewall, you may need to configure it to enable the connection to the 
following address: 
l
Destination Address: prod.solaredge.com
l
TCP Port: 22222 (for incoming and outgoing data)

Your Solar Edge device will contact "prod.solaredge.com" every 5 minutes or so to send over production data.
We never opened up port "22222" (NATted to the solar edge device).

The app on our smartphones uses the data coming from "solaredge.com" that your converter put there.

I frankly believe that " incoming " data is misleading. A home device that needs ports to be for the Internet, that period should be over now. TO error prone - to dangerous and completely NOT needed for basic operation.

I guess they mention the "firewall port 22222 and prod.solaredge.com" because there are people that actually block also all OUTGOING traffic on their LAN except destination ports 80, 25, 143, 443,993, 995, 53, 21, 22 ….. but this very rare, and those people know what to do in this case :)

re-edit : just called my brother.
He is still using the Wifi connection after 4 months. He removed the RJ45 cable. The access point (Ubiquiti UniFi device) is just 8 feet away. He never had the notion of a wifi connection loss - all the stats are 100 % present ever since. Their (SE) Wifi card/antenna seems pretty stable to us.

stephenw10 · Sep 20, 2017, 10:17 PM

That ^ seems like a much more likely approach. ;)

Also, nice install. :)

Steve

The cosmic gate · Sep 30, 2017, 8:09 AM

We were on holiday for a few weeks, but now when I disabled DNSBL it's running stable for 5 days now.
So there's something within this pfblockerNG option that needs to be changed or whitelisted

stephenw10 · Oct 1, 2017, 11:29 PM

That seems likely. You may see it in the alerts section of pfBlocker though it depends how you have it setup.
Adding that domain to a custom list and setting it to enable will probably solve it.

Steve

The cosmic gate · Oct 4, 2017, 6:36 PM

@stephenw10:

That seems likely. You may see it in the alerts section of pfBlocker though it depends how you have it setup.
Adding that domain to a custom list and setting it to enable will probably solve it.

Steve

I Re-enabled DNSBL, and hope to find the alert.
But where / how to whitelist ?

stephenw10 · Oct 4, 2017, 9:04 PM

In the DNSBL main tab in pfBocker there's a section that is collapsed by default, "Custom Domain Whitelist".

Expand that, add domains you need to not block.

Steve

The cosmic gate · Oct 9, 2017, 2:34 PM

As above, I entered the custom solaredge URL , but again after a few (probably 3) monitoring stops ;(

mtarbox · Oct 9, 2017, 5:57 PM

We have two systems installed by Vivint.
On one, panels-> wifi expander -> wifi router -> modem -> Vivint.
One the other, panels -> wireless bridge -> wifi router -> modem -> Vivint.
Vivint supplied the wifi expanders, wireless bridges and wifi router.
Nothing goes through my pfsense box.

The cosmic gate · Oct 9, 2017, 6:13 PM

@mtarbox:

We have two systems installed by Vivint.
On one, panels-> wifi expander -> wifi router -> modem -> Vivint.
One the other, panels -> wireless bridge -> wifi router -> modem -> Vivint.
Vivint supplied the wifi expanders, wireless bridges and wifi router.
Nothing goes through my pfsense box.

Uhhm wrong topic ?

mtarbox · Oct 9, 2017, 6:35 PM

@The:

@mtarbox:

We have two systems installed by Vivint.
On one, panels-> wifi expander -> wifi router -> modem -> Vivint.
One the other, panels -> wireless bridge -> wifi router -> modem -> Vivint.
Vivint supplied the wifi expanders, wireless bridges and wifi router.
Nothing goes through my pfsense box.

Uhhm wrong topic ?

I was just telling you how my system was configured, and wondering why SolarEdge did not do something similar.

The cosmic gate · Oct 13, 2017, 10:25 AM

At the moment i configured thw whitelist :
and
but still when i enable DNSBL, after 3 days the connection to the solaredge portal is not okay.

stephenw10 · Oct 17, 2017, 11:07 PM

Hmm, weird that it happens after 3 days… Like maybe it's cached something and only has to re-resolve it then.

How about a different approach. Can you hardcode the SolarEdge DNS servers it's using?

If not try adding a port forward on the LAN for DNS traffic from the solaredge to some other DNS server. Maybe 8.8.8.8 or even run DNSmasq on another port and forward to that.

Steve

The cosmic gate · Oct 19, 2017, 10:10 AM

@stephenw10:

Hmm, weird that it happens after 3 days… Like maybe it's cached something and only has to re-resolve it then.

How about a different approach. Can you hardcode the SolarEdge DNS servers it's using?

If not try adding a port forward on the LAN for DNS traffic from the solaredge to some other DNS server. Maybe 8.8.8.8 or even run DNSmasq on another port and forward to that.

Steve

I should have a look, but i think its possible to enter the DNS in the solaredge invertor , i'll give the google DNS a try then
hope that would solve this problem

The cosmic gate · Oct 24, 2017, 3:07 PM

At the moment i'am getting crazy of this .
I disabled DNSBL for some days now,and today again the SE invertor stops sending data to toe SE portal :(
What should be the best way to troubleshoot is ?

( If i reboot PFsense, its working fine for a few days )

Gertjan · Oct 25, 2017, 9:04 PM

Check out the DHCP log.
By default, DHCP is activated on the SE.
Can you see the renewal dropping in every x time ?

Instruct the DHCP server on pfSense that it will always give the same IP to your SE.
Then, pfSense => System => Routing => Gateway and add a line - ( "Gateway" will be the IP of your SE - don't check any boxes).

Now you have a graph ( Status => Monitoring and select Quality).

The cosmic gate · Oct 27, 2017, 1:26 PM

@Gertjan:

Check out the DHCP log.
By default, DHCP is activated on the SE.
Can you see the renewal dropping in every x time ?

Instruct the DHCP server on pfSense that it will always give the same IP to your SE.
Then, pfSense => System => Routing => Gateway and add a line - ( "Gateway" will be the IP of your SE - don't check any boxes).

Now you have a graph ( Status => Monitoring and select Quality).

Done, lets wait for now

The cosmic gate · Oct 30, 2017, 1:45 PM

ok the drop / connection loss is there again , see the graph :

what's the next best thing to check ?

The cosmic gate · Nov 1, 2017, 6:41 PM

Nobody with some tips / hints ?

The cosmic gate · Nov 6, 2017, 6:39 PM

@The:

Nobody with some tips / hints ?

Please ;(

stephenw10 · Nov 13, 2017, 2:36 PM

Wow so the inverter just starts dropping packets after a few hours?

It could be uploading data at that point I guess. Did that happen at the same time it lost connection?

Does anything else restore the connection besides rebooting pfSense? Physically disconnecting the inverter Ethernet cable for example? Or rebooting the inverter (if you can do that)?

Did the dhcp log show anything when it failed?

We need to determine what the actual disconnect is when it fails. What diagnostics do you have on the inverter? Were you able to hardcode anything?

Steve