pfSense & Smart Outlets

newUser2pfSense

I've purchased a wireless smart outlet that works fantastic. I'll provide the information of the smart outlet to help answer my question and not as a plug. The smart outlet is a ConnectSense Smart Outlet 2. My question revolves around when being away from my pfSense home network and accessing the smart outlet using Apple's Homekit. Apparently the smart outlet uses Apple's Homekit with an Apple TV, which I have, to control them - turn them on/off. I have all of the accounts setup correctly, the smart outlets setup correctly, etc., but I can't seem to access the smart outlets while away from my home network. Anyone have any experience with controlling smart outlets while away from your home network? Any guidance would be helpful. Thank you.

occamsrazor

I use TP-Link Kasa HS100/110 smart outlets and they just work remotely without additional configuration. I’m guessing they communicate to some TP-Link server somewhere and then my iPhone connects to that when I’m outside my house. Sorry that doesn’t help you much I know.
I guess where to start is figure out if yours do the same, I’m presuming Homekit does something similar via Apple servers.

newUser2pfSense

occamsrazor...Thank you for the reply. I thought the same - my iPhone would connect to an Apple server using the Home/kit app, which does see the smart outlets by the way, which in turn would use my Apple TV to communicate to the smart outlets to turn them on or off. It would seem to do that though wouldn't the Apple server have to communicate back through my pfSense WAN to my WLAN to communicate with my Apple TV to communicate to the smart outlets; a WAN to WLAN rule? Maybe my thinking is all wrong on this.

occamsrazor

@newuser2pfsense said in pfSense & Smart Outlets:

occamsrazor...Thank you for the reply. I thought the same - my iPhone would connect to an Apple server using the Home/kit app, which does see the smart outlets by the way, which in turn would use my Apple TV to communicate to the smart outlets to turn them on or off. It would seem to do that though wouldn't the Apple server have to communicate back through my pfSense WAN to my WLAN to communicate with my Apple TV to communicate to the smart outlets; a WAN to WLAN rule? Maybe my thinking is all wrong on this.

Take what I say with a pinch of salt, as I haven't used Homekit devices (although am an all-Apple user). Usually the devices maintain some kind of outgoing connection with the outside server, which in turn allows reverse direction incoming communications without requiring port forwards. For example I don't have any explicit port forwards on my TP-Links.
Are you using VLANs at all? I tried putting my TP-Links on a separate VLAN for security and created firewall rules but for various issues of multicast (I think) it didn't work so well, I got bored of the hassle trying to figure it out, and ended up just putting it all back in one flat network with no VLANs.

johnpoz

Don't use homekit... But you shouldn't have to be local to control these devices..

I have multiple brands of smart plugs, and use the Lutron/Caseta Wireless Smart Bridge with a few of switches I have on the walls to control normal lights. This smart bridge that controls those lights (and soon ceiling fans - yeah they announced a couple weeks back)..

If you can control your stuff when your home, it should work the same way when your not home.. What are you running on pfsense that could be blocking anything. Pfblocker, Snort? Proxy?

All of these devices work about the same - either the devices themselves phone home, or some smart hub/bridge does..

Homekit is really nothing more than a software API to control these things as an overlay..

According to their site. They have their own app to control that says you can be anywhere.

Control from Anywhere with the free ConnectSense App for iOS or Android. No Hub or subscription required.

Are you saying that is not working, or however your trying to use homekit is not working when your remote? And your trying to control through homekit while your away?

newUser2pfSense

I do have Suricata running which is the only application that could be blocking. If it's Suricata that is blocking communications, I'm not sure which rule it would be that I chose to drop. However, the ConnectSense iPhone app works when I'm on my wireless network. The iPhone Home/Kit app works when I'm on my network. It's when I'm away from my network that the ConnectSense app and Home/Kit app can't control the smart plugs. ConnectSense tech support did state that it takes the Apple TV to control them which I do have an Apple TV 4K. Everything is on the same wireless network. As well, I'm logged into the ConnectSense account in the ConnectSense app.

bmeeks

@newuser2pfsense said in pfSense & Smart Outlets:

I do have Suricata running which is the only application that could be blocking. If it's Suricata that is blocking communications, I'm not sure which rule it would be that I chose to drop. However, the ConnectSense iPhone app works when I'm on my wireless network. The iPhone Home/Kit app works when I'm on my network. It's when I'm away from my network that the ConnectSense app and Home/Kit app can't control the smart plugs. ConnectSense tech support did state that it takes the Apple TV to control them which I do have an Apple TV 4K. Everything is on the same wireless network. As well, I'm logged into the ConnectSense account in the ConnectSense app.

It's very easy to tell if Suricata is blocking something and what it is blocking. Simply look on the ALERTS tab for the interface and search for alerts containing the IP address of your ConnectSense devices. You should run Suricata on your LAN interface as that will make finding local network hosts much easier since the IP addresses will display as from the LAN. When you run Suricata on the WAN, every local address (those in your LAN) will show up in alerts with only the WAN public IP. So not easy then to find what local host triggered a rule.

NogBadTheBad

@newuser2pfsense said in pfSense & Smart Outlets:

"with an Apple TV, which I have, to control them - turn them on/off"

Is it the latest Apple TV, Homekit only works with these:-

It should work when away from home, I didn't have to do anything special with mine to get it to work.

Here's my IOT firewall rules, nothing special:-

newUser2pfSense

bmeeks...Thanks for the reply. I just checked all of my Suricata logs and the DHCP reservation IP address I have set for the smart outlet could not be found. It's good to know Suricata isn't blocking the smart outlet.

NogBadTheBad...I do have the latest Apple TV, it's a 4K; I checked the model number - A1842 (64 GB). I wonder though if you have to enable Homekit in the Apple TV? Maybe there is a setting for that?

UPDATE - I didn't have two factor authentication enabled on my iPhone. That was the issue. I had no idea you had to have it enabled for it to work. The smart outlets now work while not on my home network.