Having Trouble With Nest & Energenie Gateway Since pfSense
-
Ok,
I will read through all this that you have kindly linked and hope it will help me understand why I am having issues with these devices.
The Energenie gateway is found on my network and is assigned an IP but the app cannot see it when on pfsense, the nest works as such that it thinks it is connected to the interenet and it does function properly but it is unable to collect weather information on pfsense but works perfectly when on my vodafone router.
As for the LANANDWIFI the only interface that was assigned to it in the group was LAN so I have deleted it now.
-
Post up the rules you have setup on your lan and unifi interfaces.
Also are you running packages like pfblocker, snort, proxy, etc..
Out of the box lan is any any rules and clients can go anywhere they on on the internet on any port. So if your having some problem pulling weather you have modified the rules or are running something blocking it like pfblocker or havng dns problems.
-
Below are the current rules, I am not running any packages yet, I want to get pfsense up and running with normal operation before adding any packages.
If you cannot see any problems with my rules maybe I should reset and start again?
-
All of those rules on your lan are POINTLESS!!! rules are evaluated top down first rule to trigger wins no other rules evaluated. So those being below an any any rule mean nothing!
Rule on on unifi do you have a downstream network of 192.168.1/?
What network is your unifi net and what network is your lan net.
If you were adding rules on your lan net via seeing blocks - ie the easy rules. You prob had out of state blocks.. What is 192.168.1.5?? That rules is pretty pointless if 192.168.1 is your unifi network.
Is your lan 172.17.0/?
-
Hi,
Thank you so much for your time!!
My LAN is 192.168.0.*
My Unifi (WiFi) is 192.168.1.*
My Unifi AC-Lite is 192.168.1.5I was experimenting with an issue with some of my dockers on unRAID which are all 172.17.0
I hope that makes sense!
-
Well if your dockers on your "lan" but on a different network that is a borked config. You need to put your dockers on an actual network.. It is not proper to run multiple layer 3 networks on the same layer 2 - and not secure and does not isolate the networks, and can cause asymmetrical traffic, etc. etc.. There is really never a good reason to do it - other than say the time it takes to migrate hosts to new address scheme, etc.
I would suggest you either put your dockers on a vlan or put them on current network they are connected to.
-
ok,
I will investigate this further, I have not specified the dockers IP's on my unRAID server, they are all set to bridge mode automaticallly and auto assign their own IP's I have never had an issue but I have never set up pfsense before.
Many Thanks for all your time, I really appreciate it!
-
hmmm I run some dockers on my synology nas, and I access them via the nas IP not some other one.. Do you have a specific docker I could try out on my nas? That your having problems with, ie your seeing those blocks when it tries to go to the enternet for example - I run for example tautulli as a docker for my plex, and I access it via the nas IP
http://192.168.9.10:8181/home
Via that 8181 port..
I will admit I am not a docker guru by any stretch of the imagination, but what I can tell you for sure is trying to run 2 different address schemes on the same L2, ie 192.168.x/24 and 172.17.x/? is not really a valid configuration and should be avoided.
My guess is the "nat" that should be happening between your docker container and what "docker" network its connected to the bridge is not happening.. So while all dockers.. I looked at one of mine and its running in a "bridge" that is 172.17/16 but when you talk to it from outside its like a port forward from your network to the container network.. So if your seeing traffic on pfsense lan from this container network - I take it the ip masquerade is not happening.. But remember I am in no way qualified to be talking about the ins and out of how docker works - its just something from looking at my nas setting for a few minutes.
-
Hi,
I decided to carry out a factory reset and try again as nothing I could do with regard to firewall rules was working for me. I am still positive I was doing something wrong but since wiping and starting from fresh my energenie gateway is working perfectly (wired) the only issue I still have is with the nest (wireless) getting the weather information? The nest connects to the wifi via my UniFi wireless network (as do another 13 devices) The only "strange" thing I notice is that the nest itself says the router address is 192.168.1.5 which is the IP address of the UniFi so maybe that is "correct" but pfsense IP is 192.168.0.10 (different range) so maybe that could be the issue?
Please can you take a look at my screenshots and let me know if I am missing anything on my firewall setup?
As for my dockers, they are all working perfectly and as you can see from the picture below they are mapped ports so I don't think that will cause an issue.
Again, HUGE thanks for your help!
-
your nest has IP address of your AP as its gateway? Yeah that would not be right, a unfii AP does not do any nat..
Any device connected to your unifi wifi network should see pfsense as its gateway. If its pointing to your AP ip as its gateway I have no idea how it could actually be getting to the internet at all..
Where are you seeing that the nest got that as its gateway? On the unit itself...
Your saying the nest has a LAN ip vs your Unfii network, 192.168.0 is your lan, and 192.168.1 is your unifi network?
-
Hi,
Just an update,
I have been out and in the last couple of hours My Energenie gateway has now lost connection (last seen at 14:31)
I had not made any changes to pfsense since late morning so I am struggling to see what the issue is here? (it works 24/7 when on my vodafone router)
As for my nest (on the nest itself) it says the router is 192.168.1.5 there is no mention of gateway, I am going to investigate this further now. When connecting the nest you just choose an SSID which in my case is the UniFi, 13 other devices all work fine on the same connection so it must be looking for a port of somekind specific to the nest.
My LAN is 192.168.0.* and my UniFi is 192.168.1.*
-
@mbc0 said in Having Trouble With Nest & Energenie Gateway Since pfSense:
As for my nest (on the nest itself) it says the router is 192.168.1.5
Where does it say that? What are you looking at? The device on the wall has nothing that says router,
Take a picture of where you see that.. It clearly shows IP, mask and gateway - I will take a picture when I get home. I would swear it doesn't say router when you look at network details. I just looked at mine this morning before left for work - I was going to take a picture of it even ;) For use on this thread.
Did you name your SSID 192.168.1.5?
Lets say nest used port XYZ doesn't matter your rule is ANY ANY!!
When I get a chance I will sniff the traffic coming off the nest on how it checks the outside temp.
Also where is not showing the outside temp, is your location set? What version of the software running on your nest, on your app?
I found this seems like your same sort of problem
https://www.reddit.com/r/Nest/comments/8cg367/nest_app_no_longer_shows_outside_temp_ios/
Here is my info showing software version and when last updated, etc. I will take a picture of it detailed network info when I get home
-
Hi!
I have taken some photo's to show you what I mean,
I am contacting energenie today to see what their gateway is looking for port wise.
It is the farsight weather that the nest will not display when on pfsense...
-
1262 ping response time is a bit
What respones time do you get if you ping 8.8.8.8 from a PC / Laptop ?
-
@nogbadthebad yes, I agree! I get 16ms from wired devices and 21 from wireless devices in the same room
-
"21 from wireless devices in the same room" Same SSID as the Nest & Energenie ?
If its the same SSID is the Nest & Energenie on 2.4 Ghz and the device your testing from on 5Ghz ?
-
Same room as the Nest and same SSID (Home Control)
Home Control is a seperate SSID I set up on my UniFi just for all my smart devices, light switches etc
The Energene Gateway is wired not wireless
Also, I have just received this information from Energenie as I am typing this reply
"The problem you are experiencing is probably as a result of the internal/external port 9998 been closed: Please follow the following instructions and ensure port 9998 is open:
- Please use this link to find out if port 9998 is open http://www.yougetsignal.com/tools/open-ports/
- If the port is closed. You will need to find your gateway in your network. The gateway uses a dynamic IP address obtained from the DHCP server of the network it's plugged into. You will be able to find devices on your network through your router settings. To access your router settings you need to know its IP address, and if you're having trouble accessing this it may have changed. You can find the IP address using ipconfig. The options from this point will vary depending on which home hub you own. Once you find your gateway
take note of it’s IP address or MAC address. - You will need to place your gateway in a DMZ. A DMZ (demilitarized Zone) is a conceptual network design where publicly accessible servers are placed on a separate, isolated network segment. The intention of a DMZ is to ensure that publicly accessible servers cannot contact other internal network segments, in the event that a server is compromised. Open the web browser and type the IP address of the device in the address bar (default is 192.168.1.1/192.168.0.1/192.168.0.254). Press Enter. The default username and password are both admin, click OK to log into the device. There should be an option for Configure the DMZ. You could check Enable for the current DMZ Status, enter the IP address of the gateway.
- At this point the gateway should begin to work. You will be able to control your devices. Now you will need to enable port forwarding port 9998. This step will vary depending on your router. Access your router settings. Select advance settings. Under security there should be an option for port forwarding. Here are the settings you will need
a. Name: enter a name for the service (Energenie)
b. Start Port: enter the start port for the service (9998)
c. End Port: enter the end port for the service (9999)
d. Protocol: Select the protocol for the ports: select UDP
e. External and internal ports
f. IP Address: IP address of gateway
Can now take the gateway out of DMZ. Bear in mind that the gateway uses a dynamic IP address obtained from the DHCP server of the network it's plugged into. If the gateway reboots it will have a different IP address. You can go back to change the IP address you’ve set in the above port forwarding rule."
-
its address is .5 and its router is .5 - that will not work..
And its point to itself for dns... Looks like it got some sort of IPv6 address..
You have something major wrong with dhcp.. You can not have the same router/gateway as your own IP and also point to yourself for dns and expect anything to work.
So your nest has same IP as your AP..
They need an inbound port forward - no... Return it... There is zero reason for these devices to require inbound traffic.
-
I understand but all other 13 devices are working fine. I cannot configure the nest all I can do is choose an SSID and connect to it so I presume the nest is screwing up? All other devices can connect to the internet and talk to each other etc
-
oh they are talking if your router is behind a nat it seems like..
You have something wrong for dhcp... In the nest it will pull dhcp yes.. Clearly that is wrong.
Look at your other wireless devices - they sure and the hell do not point to their own IP for a router and dns which is someone elses IP.
From that list your ac lite is .39 your AP.. Thought you said before that your AP was .5
Ok your nest is .5 what do you have setup in that static reservation... You need it to talk to pfsense for its gateway/router and dns.
