Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Thermostats going in and out

    Scheduled Pinned Locked Moved General pfSense Questions
    18 Posts 7 Posters 834 Views 8 Watching
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • bmeeksB Offline
      bmeeks
      last edited by bmeeks

      Will the vendor share this cell phone app with you for troubleshooting? It would be interesting to actually watch what is happening within the app's reporting while at the same time capturing traffic on the VLAN and WAN interfaces.

      Some kind of WiFi interference is certainly a possibility as @Gertjan mentioned. Although you would not expect it to cover an entire typical resort as that's a large area, maybe some employee brought in their own WiFi AP and stuck it somewhere? One thing to check, if your AP infrastructure provides that info, is what WiFi sources are showing up and their signal levels. For example, in Ubiquiti APs the controller software can show you other non-affiliated transmitters whose signal is being received by the APs and at what level. But on the other hand, if interference was the issue you would really expect that to impact all WiFi on site (thus web browsing and everything else would suck).

      Lastly, based on that Twitter link @NogBadTheBad provided, it would make you suspect Honeywell might have an issue on their end ???

      I think many of these old-school companies trying to step up in the Internet world have difficulty. I have a pair of Lennox Wi-Fi thermostats that call home to a Lennox server. You can then connect to the Lennox server site via your phone to see and control your system. That process works maybe 65% of the time at best. The remote end server disappears fairly regularly for hours or a few days, then it's back. I suspect they just don't put enough capacity in their backend to handle the traffic from thousands and thousands of thermostats scattered all over everywhere.

      S 1 Reply Last reply Reply Quote 0
      • GertjanG Offline
        Gertjan @Stewart
        last edited by Gertjan

        Just one word about this, as I want you to think 'out of the box' (I'm not saying your setup is wrong, as I can't tell ) :

        @stewart said in Thermostats going in and out:

        This is an isolated resort covering many acres. No other interference that would account for this.

        If you receive 3G/4G/5G on your premisses, everybody who has a cell phone can 'share' the data connection - and his phone becomes an Wifi AP.
        All phones are not equal. Some just open the radio and start blasting away.
        Not very good for a connection of the (your !) local AP and AC unit close by.

        @stewart said in Thermostats going in and out:

        I can look into this.

        System > Routing > Gateways :

        c7cd0046-1b2c-40c7-b88b-550b3418ba12-image.png
        On the PORTAL interface I have AP's like 192.168.2.2 192.168.2.3 192.168.2.4 etc.

        Check :

        a4f6da09-2d15-41a6-87eb-b2b6ca422670-image.png

        so that dpinger doesn't take action when it start loosing the ping.
        It's the monitoring that you want. See : Status > Monitoring, select Quality (left) and the name you gave to it (right).

        No "help me" PM's please. Use the forum, the community will thank you.
        Edit : and where are the logs ??

        1 Reply Last reply Reply Quote 0
        • S Offline
          slimypizza
          last edited by

          I have 2 Honeywell thermostats in the house that had been performing flawlessly for a few years. Recently however there began some connectivity issues, red warning screens on the app, changes to settings not being acted upon, etc. I thought it was on Honeywell’s end and still believe that. Maybe they’ve been going through some unannounced upgrades. I hope that’s all it is. Very disruptive though.

          1 Reply Last reply Reply Quote 0
          • S Offline
            Stewart @bmeeks
            last edited by

            @bmeeks

            We use IgniteNet APs so we can see all of the devices connected, how long they are connected for and gaps in connection time. This is what I can see from one of the units:
            f0a61055-5c20-42a0-986f-90224e7e0f1a-image.png
            As you can see, always connected with regular traffic.

            1 Reply Last reply Reply Quote 0
            • S Offline
              Stewart
              last edited by Stewart

              Found something, maybe
              Firewall logs show some oddities:
              7b8004fb-7354-4779-958e-532592c42f03-image.png
              Not sure what to make of this.

              The rule that triggered this action is:

              @5(1000000103) block drop in log inet all label "Default deny rule IPv4"

              P 1 Reply Last reply Reply Quote 0
              • bmeeksB Offline
                bmeeks
                last edited by bmeeks

                The obfuscation of the IP addresses makes it a little hard to follow. So I assume the 199.62.xx.xx address is your WAN IP and the 97.xxx is the Honeywell server end ??

                If correct, then are the IP addresses in each block/pass sequence identical? That is weird. It's like the state is not working or something maybe.

                Do you have any sort of multi-WAN configuration? I'm assuming "no" since you didn't mention it.

                Edit: wait a minute... looking at those logs again is really confusing. Why is 443 the Source port? I would think that is the destination port, and there would be a random source port.

                S 1 Reply Last reply Reply Quote 0
                • P Offline
                  pete35 @Stewart
                  last edited by pete35

                  @stewart

                  just a guess - you may try to set Firewall Optimization Options to conservativ, if not already set:

                  34ea46f1-8310-4be7-9000-624850d466fe-image.png

                  <a href="https://carsonlam.ca">bintang88</a>
                  <a href="https://carsonlam.ca">slot88</a>

                  S 1 Reply Last reply Reply Quote 0
                  • S Offline
                    Stewart @bmeeks
                    last edited by

                    @bmeeks said in Thermostats going in and out:

                    The obfuscation of the IP addresses makes it a little hard to follow. So I assume the 199.62.xx.xx address is your WAN IP and the 97.xxx is the Honeywell server end ??

                    97.x.x.x is the WAN port. 199.62.x.x is the Honeywell server.

                    If correct, then are the IP addresses in each block/pass sequence identical? That is weird. It's like the state is not working or something maybe.

                    Weird indeed! Notice that it's like it the WAN receives 2 packets each time, the first is blocked while the second is allowed.

                    Do you have any sort of multi-WAN configuration? I'm assuming "no" since you didn't mention it.

                    Nope.

                    Edit: wait a minute... looking at those logs again is really confusing. Why is 443 the Source port? I would think that is the destination port, and there would be a random source port.

                    The thermostats connect out from the 97.x.x.x IP using a random port to 199.x.x.x on port 443. This is the reply back so it would come from 443 back to the random port.

                    bmeeksB 1 Reply Last reply Reply Quote 0
                    • S Offline
                      Stewart @pete35
                      last edited by

                      @pete35 said in Thermostats going in and out:

                      @stewart

                      just a guess - you may try to set Firewall Optimization Options to conservativ, if not already set:

                      34ea46f1-8310-4be7-9000-624850d466fe-image.png

                      I've set it, so we'll see how it goes.

                      1 Reply Last reply Reply Quote 0
                      • bmeeksB Offline
                        bmeeks @Stewart
                        last edited by

                        @stewart said in Thermostats going in and out:

                        @bmeeks said in Thermostats going in and out:

                        The obfuscation of the IP addresses makes it a little hard to follow. So I assume the 199.62.xx.xx address is your WAN IP and the 97.xxx is the Honeywell server end ??

                        97.x.x.x is the WAN port. 199.62.x.x is the Honeywell server.

                        If correct, then are the IP addresses in each block/pass sequence identical? That is weird. It's like the state is not working or something maybe.

                        Weird indeed! Notice that it's like it the WAN receives 2 packets each time, the first is blocked while the second is allowed.

                        Do you have any sort of multi-WAN configuration? I'm assuming "no" since you didn't mention it.

                        Nope.

                        Edit: wait a minute... looking at those logs again is really confusing. Why is 443 the Source port? I would think that is the destination port, and there would be a random source port.

                        The thermostats connect out from the 97.x.x.x IP using a random port to 199.x.x.x on port 443. This is the reply back so it would come from 443 back to the random port.

                        Ah, okay. So I had the IP addresses backwards.

                        The double replies are indeed strange. Perhaps @pete35's solution will work. That setting will stretch out the state table entry expiration times. Still strange, though, that two replies seem to come back at essentially the same time (or certainly within one second of each other as the logger shows the times as the same due to its one-second resolution).

                        S 1 Reply Last reply Reply Quote 0
                        • S Offline
                          Stewart @bmeeks
                          last edited by

                          @bmeeks I had to undo it. Just got a call that for about the last hour or so calls have been going straight to voicemail intermittently. Looks like it broke the VOIP at the location.

                          1 Reply Last reply Reply Quote 0
                          • First post
                            Last post
                          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.