At a loss with an Insteon HUB 2 Home Control Device



  • I'm at a real loss on why I can't get an Insteon HUB 2 (Smarthome home control device) set up on my home network.  I'm Supposed to plug the IP cable of the Insteon HUB 2 into my 'router' then run the Insteon app on my phone, enter my email address, phone number, and password which sets up an 'account'.  They guys at Insteon tell me I have a home network issue! :-(

    Thought I would ask here and see if anyone here could tell me if they think pfSense might some how be interfering with this process.  I'm running pfSense 2.1.5 and Snort.  I've disable Snort with no luck.

    Some random info:

    1. I've set the Insteon device up with a static IP address and plugged it into the switch attached to my pfSense router.  They say it doesn't need any ports open, but I open all TCP/UDP ports with it's IP address.

    2. I guess my Android phone app is suppose to get to the the Insteon HUB via WiFi through my Netgear router.

    3. I enter the HUB IP address and port (192.xxx.x.xxx:25105) and get prompted for a user name and p/w so I must be getting to the HUB.



  • @TAC57:

    They say it doesn't need any ports open, but I open all TCP/UDP ports with it's IP address.

    If they say so, then immediately close all that to not expose the unit to unnecessary risk.

    I guess my Android phone app is suppose to get to the the Insteon HUB via WiFi through my Netgear router.

    How and where is your Netgear router connected to the pfSense and the switch?

    I enter the HUB IP address and port (192.xxx.x.xxx:25105) and get prompted for a user name and p/w so I must be getting to the HUB.

    On the Android phone?



  • 1.  Opening all the ports on the IP address associated to the HUB2 only exposes the Insteon HUB doesn't it?

    2.  My pfSense box goes into a 8 port gigabit switch.  My Netgear router (access point) is connected to one of those ports.

    3. I enter the Insteon HUB address from a computer hooked up to the network.

    I guess I just want to make sure pfSense isn't doing any type of filtering on my LAN and causing my problems.



  • So is the netgear acting as a router? Who is handling DHCP and routing in this setup? More than likely, like most SOHO devices, The android phone app is unaware of anything layer3 and is just scanning your subnet for that device. Even if the HUB2 is reachable, but in a a different subet, the app will never see it. Give us some more deatils of your configuration, ie: are wifi from netgear and wired lan from pfsense in the same subnet?



  • @TAC57:

    1.  Opening all the ports on the IP address associated to the HUB2 only exposes the Insteon HUB doesn't it?

    In my world that is not "only". Who knows what attack vectors are associated with it and in a networked environment it's never a single unit that's exposed. Once the bad guys have used anything to get into your network, they can pick and choose what other sitting duck to shoot down.

    2.  My pfSense box goes into a 8 port gigabit switch.

    When you say it that way, I would immediately think that the switch is on the WAN side of the pfSense but is it on the LAN interface of the firewall? Is there only a WAN and a LAN interface in use on the pfSense?

    My Netgear router (access point) is connected to one of those ports.

    Is it configured as an access point or how have you made sure it acts as one?

    3. I enter the Insteon HUB address from a computer hooked up to the network.

    Hooked up where? To the swith?

    I guess I just want to make sure pfSense isn't doing any type of filtering on my LAN and causing my problems.

    If everything communicating is on the LAN side of the pfSense and in the same ip subnet, the pfSense is not filtering anything of that traffic.

    Can the Android phone reach other things on your network, pfSense web admin interface or any other servers you have there?



  • First I'd like to thank you guys for walking me through this.  :-)

    My Netgear WNR3500L has DHCP turned off and I've assigned it a local IP address of 192.168.1.2.  It is acting like a wireless access point and 3 port switch.  The WAN port that was connected to my cable modem before pfSense is empty.  The first LAN port of the WNR3500L is fed from a D-Link 8 port switch connected to my pfSense box.  The three other LAN ports on the 3500 are connect to local computers, one of which is my Insteon HUB.

    In addition to the wireless from the WNR3500L (SSID: fogthedog) I have an amped wireless SR10000 Range Extender (SSID: FBI Surveillance Van).  This device doesn't have a hard wire connection to my local network so it repeats the signal from an existing wireless router.  I've also recently added an ASUS RT-N66R wireless router in "AP Mode" hard wired to my local network (SSID 24GB and 5GB).  In AP mode it also has DHCP turned off.

    My network is setup as follows:

    1. Cable mode (WAN)–> pfSense box (192.168.1.1) which is my DHCP server. 
            Two cat5 cables to my pfSense box 1) cable modem (WAN) in, and 2) out to D-Link DGS-2208 8 port switch (LAN)

    2. pfSense box (LAN) --> D-Link DGS-2208 10/100/1000 8 port switch.
          2a) Netgear WNR3500 (192.168.1.2) is connected to the D-Link 8 port switch.
          2b) My ASUS RT-N66R in AP mode is connected to the D-Link 8 port switch.

    Of course I have a number of other items connected to the 8 port switch, TiVo, FreeNAS server, media server, etc.  These devices all work great.

    Thanks,

    -TAC


  • Netgate Administrator

    What exactly is not working here?
    It seems like you're already able to connect to your Insteon HUB by entering it's IP address and listening port directly.
    These things work one of two ways, they sometimes have a direct mode to connect via the local network but never rely on that. Manufacturers haven't got time to be talking through all there customers setting up port forwards and dyndns etc to make their app work so instead they either rely on using upnp to open a channel directly to the 'hub' or, much more likely, both the hub and the app in your phone talk directly to the manufacturers servers that are publicly addressable. This allows the two to talk indirectly as long as both have 'internet access' which is almost anywhere. It also means you can use the app to control the hub when you're not at home.

    I'd be surprised if you have to do anything special to make this work.

    Do you have a link to the user manual?

    Steve



  • Steve,

    What wasn't working was the Android app that is supposed to "find" my HUB on my local network would respond with "Attempt Failed.  Please try again."  Very descriptive error message!  Smarthome (Insteon) tech support said it must be your local network and told me to get rid of my pfSense router.  They assured me it could be nothing with their system.

    I have since deleted and reinstalled their app on my phone, factory reset the HUB, and used a brand new email address to set things up now it's working.  I didn't change anything in pfSense, go figure!  ;-)

    Anyway, I'd like to thank everyone for their time.  As a relative newb I really appreciate it!

    Thanks again.

    -TAC



  • The problem is almost certainly a issue with the wireless device you are using with AP.



  • Smarthome tech support assured me their system is a no-brainer.  Their app on my phone talks to my local network via WiFi (my phone has to be on my WiFi) which then communicates to the HUB via a CAT5 cable which is plugged into my local network.



  • I'd agree with them if you were just running an AP that was incapable of NAT, DHCP or firewall of any sort but you have two firewalls there capable of nat right?  Pfsense and the Netgear - There is definitely room for misconfiguration (Double NAT) or some other issue.



  • If DHCP is turned off on my Netgear router shouldn't it be connecting IP addresses wirelessly that that it receives from my pfSense box?


  • Netgate Administrator

    This is exactly why most boxes like this use some sort of "cloud" middleware. Though personally I'd much rather have devices talking locally.

    Steve



  • I still think my problem was their 'cloud' middleware.


Log in to reply