Pfsense <-> solaredge
-
At the moment i'am running the latest pfsense together with pfblockerNG.
And 2 weeks ago we also get the complete installation of the solar panel inverter from SoralEdge.
As the people from SE asked I forwarded port : 22221 - 22222.
But everytime after approximately 3 days the communication between the WiFi inverter and the SE panel stops.
When I rebooted pfsense everything is running fine for this 3 days.
What could probably fix this problem?
Or where can I have a look or must be a rule or something the keep this working. -
I assume the SE remote management have to poll the inverter directly if they need a port forwarded. However the inverter may also require outbound traffic separately that may be failing.
Check the firewall logs for blocked traffic on those ports when it fails.
Check the state table for states to/from the inverter IP.
Things spontaneously stopping are usually caused by an update to something that updates by itself like pfBlocker or Snort. Check the alterts/blocks log for those.
Steve
-
Installled several weeks ago a Solar Edge - a "900" series (5 Kw if I remember well).
https://photos.app.goo.gl/jr3C5Vi6n6EPT4P43No ports needed to be opened. We activated the wifi connection (was an option we took) and the cable connection.
The Solar Ege logic "calls home", as a normal device that is connected on your LAN, and connects to a server from SE on the net.
The solar company does not connect from the outside (from Internet) to your Solar Edge installation.I have all the manual here, user- installation, etc - and nothing is said about opening firewall ports.
What is your Solar Edge type / version ??
edit : https://www.solaredge.com/sites/default/files/se-inverter-installation-guide.pdf page 53
NOTE If your network has a firewall, you may need to configure it to enable the connection to the following address: l Destination Address: prod.solaredge.com l TCP Port: 22222 (for incoming and outgoing data)Your Solar Edge device will contact "prod.solaredge.com" every 5 minutes or so to send over production data.
We never opened up port "22222" (NATted to the solar edge device).The app on our smartphones uses the data coming from "solaredge.com" that your converter put there.
I frankly believe that " incoming " data is misleading. A home device that needs ports to be for the Internet, that period should be over now. TO error prone - to dangerous and completely NOT needed for basic operation.
I guess they mention the "firewall port 22222 and prod.solaredge.com" because there are people that actually block also all OUTGOING traffic on their LAN except destination ports 80, 25, 143, 443,993, 995, 53, 21, 22 ….. but this very rare, and those people know what to do in this case :)
re-edit : just called my brother.
He is still using the Wifi connection after 4 months. He removed the RJ45 cable. The access point (Ubiquiti UniFi device) is just 8 feet away. He never had the notion of a wifi connection loss - all the stats are 100 % present ever since. Their (SE) Wifi card/antenna seems pretty stable to us. -
That ^ seems like a much more likely approach. ;)
Also, nice install. :)
Steve
-
We were on holiday for a few weeks, but now when I disabled DNSBL it's running stable for 5 days now.
So there's something within this pfblockerNG option that needs to be changed or whitelisted -
That seems likely. You may see it in the alerts section of pfBlocker though it depends how you have it setup.
Adding that domain to a custom list and setting it to enable will probably solve it.Steve
-
That seems likely. You may see it in the alerts section of pfBlocker though it depends how you have it setup.
Adding that domain to a custom list and setting it to enable will probably solve it.Steve
I Re-enabled DNSBL, and hope to find the alert.
But where / how to whitelist ? -
In the DNSBL main tab in pfBocker there's a section that is collapsed by default, "Custom Domain Whitelist".
Expand that, add domains you need to not block.
Steve
-
As above, I entered the custom solaredge URL , but again after a few (probably 3) monitoring stops ;(
-
We have two systems installed by Vivint.
On one, panels-> wifi expander -> wifi router -> modem -> Vivint.
One the other, panels -> wireless bridge -> wifi router -> modem -> Vivint.
Vivint supplied the wifi expanders, wireless bridges and wifi router.
Nothing goes through my pfsense box. -
We have two systems installed by Vivint.
On one, panels-> wifi expander -> wifi router -> modem -> Vivint.
One the other, panels -> wireless bridge -> wifi router -> modem -> Vivint.
Vivint supplied the wifi expanders, wireless bridges and wifi router.
Nothing goes through my pfsense box.Uhhm wrong topic ?
-
@The:
We have two systems installed by Vivint.
On one, panels-> wifi expander -> wifi router -> modem -> Vivint.
One the other, panels -> wireless bridge -> wifi router -> modem -> Vivint.
Vivint supplied the wifi expanders, wireless bridges and wifi router.
Nothing goes through my pfsense box.Uhhm wrong topic ?
I was just telling you how my system was configured, and wondering why SolarEdge did not do something similar.
-
At the moment i configured thw whitelist :
and 
but still when i enable DNSBL, after 3 days the connection to the solaredge portal is not okay. -
Hmm, weird that it happens after 3 days… Like maybe it's cached something and only has to re-resolve it then.
How about a different approach. Can you hardcode the SolarEdge DNS servers it's using?
If not try adding a port forward on the LAN for DNS traffic from the solaredge to some other DNS server. Maybe 8.8.8.8 or even run DNSmasq on another port and forward to that.
Steve
-
Hmm, weird that it happens after 3 days… Like maybe it's cached something and only has to re-resolve it then.
How about a different approach. Can you hardcode the SolarEdge DNS servers it's using?
If not try adding a port forward on the LAN for DNS traffic from the solaredge to some other DNS server. Maybe 8.8.8.8 or even run DNSmasq on another port and forward to that.
Steve
I should have a look, but i think its possible to enter the DNS in the solaredge invertor , i'll give the google DNS a try then
hope that would solve this problem -
At the moment i'am getting crazy of this .
I disabled DNSBL for some days now,and today again the SE invertor stops sending data to toe SE portal :(
What should be the best way to troubleshoot is ?( If i reboot PFsense, its working fine for a few days )
-
Check out the DHCP log.
By default, DHCP is activated on the SE.
Can you see the renewal dropping in every x time ?Instruct the DHCP server on pfSense that it will always give the same IP to your SE.
Then, pfSense => System => Routing => Gateway and add a line - ( "Gateway" will be the IP of your SE - don't check any boxes).Now you have a graph ( Status => Monitoring and select Quality).
-
Check out the DHCP log.
By default, DHCP is activated on the SE.
Can you see the renewal dropping in every x time ?Instruct the DHCP server on pfSense that it will always give the same IP to your SE.
Then, pfSense => System => Routing => Gateway and add a line - ( "Gateway" will be the IP of your SE - don't check any boxes).Now you have a graph ( Status => Monitoring and select Quality).
Done, lets wait for now
-
ok the drop / connection loss is there again , see the graph :
what's the next best thing to check ?
-
Nobody with some tips / hints ?
