Ecobee thermostat can’t connect to servers
-
I have an Ecobee smart thermostat that suddenly stopped connecting to its servers. Everything was working fine until last week when the device reported it could not connect to ecobee.com, which means I can no longer control it remotely from the Ecobee app.
I want to note that I didn’t change anything in pfSense—this issue started occurring randomly. My setup includes a Netgate 2100 router, a managed switch connected to the router, and a Unifi AP connected to the switch for WiFi in my home.
I checked my firewall rules, and there is nothing blocking the connection. I also performed a packet capture, and the logs show that the thermostat is reaching the Ecobee servers without issues.
To troubleshoot further, I replaced the Netgate 2100 with my spare Netgate 1100, keeping everything else the same, including the Unifi AP. Surprisingly, the thermostat worked perfectly fine with the 1100. Based on this, I decided to reset the 2100 to factory settings, but the thermostat still couldn’t connect. The thermostat is connected to the network, receives an ip address, and is able to ping the gateway and any ip address including ecobee and 1.1.1.1.
At this point, I’m wondering if there’s something about the Netgate 2100 that could be causing this issue. I have never had problems with any other IoT devices on my network, so this is very confusing.
Any help would be greatly appreciated!
-
@xmacj What version of pfsenes are you running, and what version of DHCP server, KEA or ISC? If you use KEA I'd suggest a test going back to ISC to see if that resolves the problem...
-
Hmm, hard to imagine anything in the 2100 that could do that without it being configured specifically to do so.
Do you get a different WAN address when using the 1100 vs 2100? You might have something blocking your IP at the remote side.
-
@Gblenn I am on ISC currently, but I have tried both and have had no luck. I updated Pfsense Beta 25.03 to check if it would resolve the issue, but it did not.
-
@stephenw10 I am 99% sure that both the 2100 and 1100 receive the same IP address from my modem (Nighthawk CM200) as my IP does not change often. I will double-check this when I have some time to test it. Additionally, I want to mention that I created an OpenVPN network, assigned it to a VLAN, and connected the thermostat to that network. It successfully reached the Ecobee servers.
-
The OpenVPN was also on the 2100?
Mmm, it pretty much has to be something at the remote side somehow. The 2100 and 1100 are very similar. One the traffic in past the built in switch the routing for it would be nearly identical.
-
If anyone stumbles upon this, I resolved the issue by changing my IP address
-
@xmacj Perhaps the remote side didn't like something about your original ip address.
I have an ecobee premium (upgraded by ecobee due to wifi issues on a ecobee 3 lite - data drop outs, morse code).
No wifi issues (it's bound to 2.4ghz band). But it does like to phone home to amazon every 50s. None of the amazon features are enabled, but it still insists.
To mitigate this, 2 different measures are in place. On the dns side, only requests to *.ecobee.com are resolved (adguard home). All others return 0.0.0.0 .
On the pfsense side, amazon asn is blocked for this device just in case the dns filters are off (sometimes happens during testing).
-
Has anyone figured out a long term solution for this? I have a Netgate 4100 and been dealing with this issue for months. My Ecobee loses connection to the servers, I spoof my mac to get a new CPE IP from my ISP and it works for about 2 weeks before it fails again. I had the exact same issue with my Google Nest too.
I have stood up a parallel network using a Cisco router instead of my Netgate and have my Ecobee going to the internet via that and in the 2 months since i did that the Ecobee hasn't lost connectivity to the Ecobee servers once.
There is something wrong with the pfSense software that causes the connections to the servers to no longer work.
Changing my CPE IP every 2 weeks to keep it working is not a wise solution.
-
@ezhawk How are you identifying a connection loss?
-
Yup what connections do you see when it's working? What do you see when it stops working?
-
@GPz1100 said in Ecobee thermostat can’t connect to servers:
@ezhawk How are you identifying a connection loss?
With my current Ecobee, I can see that it no longer communicates with the Ecobee app and on the device itself, in the wifi details, everything says connected but the connection to ecobee.com will be down even though it can be ping'd.
@stephenw10 said in Ecobee thermostat can’t connect to servers:
Yup what connections do you see when it's working? What do you see when it stops working?
When it is connected and working normally by going around my pfSense I can see the connection to ecobee.com on the device itself says connected. And I can connect to it via the ecobee app. When it is behind the pfSense it'll work for ~2 weeks before it no longer can connect to ecobee.com and the communication from the app no longer works as it can't connect to the servers. I can bandaid it for 2 weeks by spoofing a different mac and getting a different public ip but after ~2 weeks it'll happen again.
I thought ISP for a while, but now that i have a second router Cisco and I have my Ecobee using that as it's internet connection I've never lost connection once and it's been using that router for a few months. It is connected to the same modem as my pfsense so the path and everything are the same. the only difference is ecobee traffic isn't going to my pfsense. everything else on my network goes through the pfsense and works just fine.
-
Ok what I would do here is connect it behind pfSense, where it presumably will initially be working, and note the connections it opens to the servers.
Then compare that with the open connections when it stops working.
Two weeks is an odd period of time. It's hard to think what might change in that time. Your public IP changes perhaps?
Some server address resolves to something different? Maybe the Cisco router is not resolving directly and pfSense is?
-
@ezhawk Your IP address might be getting blacklisted by Ecobee servers. I’m not sure which provider they use to host their services, but it could be blocking your ip for doing fishy activities online. Are you running any services that are possibly scraping the internet or continuously attempting to reach the internet anything that could determine your IP to be fishy? In my case I was running a service that was testing proxy urls to check which ones worked non stop 24/7. After I put that service on a vpn I have had no issues with Ecobee lol… So this may not even be a Pfsense issue for you..
-
@stephenw10 said in Ecobee thermostat can’t connect to servers:
Ok what I would do here is connect it behind pfSense, where it presumably will initially be working, and note the connections it opens to the servers.
Then compare that with the open connections when it stops working.
------The last time I looked at the states for the Ecobee between when it was and wasn't working, nothing was different.Two weeks is an odd period of time. It's hard to think what might change in that time. Your public IP changes perhaps?
-----My public IP doesn't change until I spoof macs to get a new one. As soon as I get a new one, it'll start working. It is almost like the connection gets stale and doesn't refresh. I've tried deleting all states, but that didn't resolve it either.Some server address resolves to something different? Maybe the Cisco router is not resolving directly and pfSense is?
---My clients do not use pfSense as a resolver or the Cisco. I have my own DNS servers that are being used regardless if the connection is going out the pfSense or the Cisco.@xmacj said in Ecobee thermostat can’t connect to servers:
@ezhawk Your IP address might be getting blacklisted by Ecobee servers. I’m not sure which provider they use to host their services, but it could be blocking your ip for doing fishy activities online. Are you running any services that are possibly scraping the internet or continuously attempting to reach the internet anything that could determine your IP to be fishy? In my case I was running a service that was testing proxy urls to check which ones worked non stop 24/7. After I put that service on a vpn I have had no issues with Ecobee lol… So this may not even be a Pfsense issue for you..
No, I don't have any services that do scraping. Also, I had this same exact problem with Google Nest as well. I thought it might of been Google so I switched to Ecobee and still have the same problem.
-
Hmm, states may be the same. The client device will still be trying to reach the servers. Or should be at least. But perhaps the servers just stop responding?
-
@stephenw10
If the servers just stop responding, why do they only stop responding behind pfSense and not when it is behind a Cisco device? -
Good question. And they may not stop responding. We need to gather more data from the failed situation.
I assume you see nothing blocked in the logs?
-
@ezhawk When behind pfsense, and lost ecobee connectivity, did you try rebooting the ecobee?
You can reboot it by pulling it off the wall, or a better way is flip the breaker for the hvac system. Leave it off a few sec, then turn it back on.
As I mentioned earlier in this thread, the only issues i've had with ecobee have been with the lite version where after a period of time it would develop morse code in the data. Likely due to a memory leak or some run away process. Rebooting it would fix this for a while. Ecobee eventually replaced the unit with the premium (which has better cpu/more ram), which hasn't has this issue.
Edit: I didn't have to make any special adjustmentsfor pfsense states/ecobee client settings. Whatever default state timeouts are in place work fine here.
Is the cisco router using the same primary internet connection as pfsense?
-
@stephenw10 said in Ecobee thermostat can’t connect to servers:
Good question. And they may not stop responding. We need to gather more data from the failed situation.
I assume you see nothing blocked in the logs?
I've put my Ecobee back through the pfSense. We'll see how long it lasts until it stops connecting. I did just update to 25.07.1 on the pfSense yesterday.
@GPz1100 said in Ecobee thermostat can’t connect to servers:
@ezhawk When behind pfsense, and lost ecobee connectivity, did you try rebooting the ecobee?
You can reboot it by pulling it off the wall, or a better way is flip the breaker for the hvac system. Leave it off a few sec, then turn it back on.
As I mentioned earlier in this thread, the only issues i've had with ecobee have been with the lite version where after a period of time it would develop morse code in the data. Likely due to a memory leak or some run away process. Rebooting it would fix this for a while. Ecobee eventually replaced the unit with the premium (which has better cpu/more ram), which hasn't has this issue.
Edit: I didn't have to make any special adjustmentsfor pfsense states/ecobee client settings. Whatever default state timeouts are in place work fine here.
Is the cisco router using the same primary internet connection as pfsense?
I've rebooted the Ecobee countless times. If that was the fix, I'd be glad, but it isn't. I don't have a lite, I have a premium.
Yes, the Cisco and pfSense are literally plugged into the same modem with each device getting its own unique public IP.
