Google Nest Hub - update blocked by pfSense
-
So my Google Nest Hub (1st gen) recently announced it needed to do an update. It displayed 0% progress for several minutes, then showed "network problem". The device was bricked until it could do the update. I tried factory reset, but as soon as I reconnected it to my account and WiFi, it immediately tried to update again (same result).
I found this post on Google's support page. This person used a "custom" router (not a consumer device), and eventually found that once he swapped it out for a old Huawei he had around, the Nest updated no problem.
So I tried to duplicate this and dug out an old TP-Link router I had lying around, temporarily replacing my pfSense box. Sure enough, my Nest immediately started updating. Update complete, I put pfSense back into service, and the Nest is running perfectly.
I'm running pretty much "default" settings on pfSense (my only modifications were to permit connections for my daughter's Nintendo Switch, as per here). I have no idea when/if the Nest is going to want to update again. Does anyone have any idea what pfSense is blocking? Thanks.
-
@debesty It's not blocking anything, especially with the default Allow All LAN rule. What might be happening is that crappy old routers typically use static ports when NATing outbound traffic. pfSense, for security reasons, uses dynamic ports. This setting is controlled by the outbound NAT config. For most traffic it makes no difference. For some clients, like gaming consoles, you need to switch from dynamic to static source ports in order to get an open NAT grade from MS/Sony.
-
Could also be an IPv6 issue. It looks like the Nest Hub will use only v6 if it thinks it's available.
If pfSense is handing out v6 addresses but doesn't actually have upstream v6 connectivity it would look like this. A pcap should show it doing that though.Steve
