Skip to first unread message
and...@gmail.com
Feb 21, 2017, 11:48:24 PM2/21/17
to SonoffUsers
Greetings
I just started with IoT and have flashed my first sonoff recently. I'm only controlling 1 sonoff basic for now, and am using the Sonoff-MQTT-OTA-Arduino firmware. I know it's not the latest, but had I had issues with the Tasmota one. Anyway, so right now, I don't have any server/broker as I'm still reading about them, so I'm just using the webserver interface to turn the sonoff on or off.
My issue is when I try to access the sonoff from a connection outside of my home wifi. I set up a dynamic DNS and did the port forwarding on my router/firewall. However when I try to connect to my sonoff's web interface from outside, say for example mysonoff.dyndns.net, it redirects to the internal IP of my sonoff, so the address bar of my browser will first show mysonoff.dyndns.net when connecting, then 192.168.1.14, which then of course fails since I'm connecting from an external connection.
Anybody have any ideas about what's causing the issue? I also have another device on another port which I access the same way from outside, and it works fine so I don't think it's an issue with the firewall and port forwarding. No issues when connecting to the sonoff from inside either.
Thanks
Nick Barnett
Feb 24, 2017, 11:42:34 AM2/24/17
to SonoffUsers
Can you just set up a manual port forwarding rule and try to access it via the outside IP address and see if that works? You might have some goofy upnp messup, a dyndns hoseup, or some refer is happening at some point. Really hard to tell without looking at logs or a capture.
Harald Reutter
Feb 25, 2017, 9:21:21 AM2/25/17
to SonoffUsers
Hi,
had the same issue with Espurna, it's an MTU problem related to an not-up-to-date ESPAsynTCP Library..(at least that was it for me...) check out this thread :
maybe this will help..
regards,
Harry
David Lang
Feb 25, 2017, 2:31:40 PM2/25/17
to SonoffUsers
sounds like there's a bug in the firmware that is issuing a redirect or link that points to a fully qualified URL instead oa a relative URL. Check that you are on the latest version and if so, submit a bug report.
David Lang
P.S. unencrypted control of things inside your house from outside is not a great thing to do, you should implement a reverse proxy that add encryption instead of just a port forwarding.
Julian Knight
Mar 4, 2017, 3:05:06 PM3/4/17
to SonoffUsers
Too right!!!! Dangerous and irresponsible. Come on IoT folk, haven't we yet learned?
One way to implement a secure channel is to use Cloudflare to handle your traffic and only allow connections to your home network from Cloudflare itself. The free version of Cloudflare gives you a certificate you can use. It isn't totally secure unless you also create an HTTPS connection from CF to your home network but you can use a free self-signed certificate for that part. I think you need a registered domain though, not sure if it works with dynamic DNS domains. Still they are only a few dollars per year.
As an alternative, why not create a simple BOT using Telegram and control it that way since Telegram will give you an end-to-end encrypted channel and authentication. All you need is a Pi running Node-RED on your local network to act as the local controller. Then you don't need to expose any inbound ports at all.
On Saturday, 25 February 2017 19:31:40 UTC, David Lang wrote:
On Saturday, 25 February 2017 19:31:40 UTC, David Lang wrote:
...
David Lang
Mar 4, 2017, 3:17:53 PM3/4/17
to Julian Knight, SonoffUsers
you can run OpenWRT or LEDE on your router and then use Apache there to forward
traffic to things on the inside. You can use Lets Encrypt to get a free cert for
this and have everything encrypted and password protected.
David Lang
On Sat, 4 Mar 2017, Julian Knight wrote:
> Date: Sat, 4 Mar 2017 12:05:06 -0800 (PST)
> From: Julian Knight <j.kni...@gmail.com>
> To: SonoffUsers <sonof...@googlegroups.com>
> Subject: Re: Issue when accessing my sonoff's web interface from outside
traffic to things on the inside. You can use Lets Encrypt to get a free cert for
this and have everything encrypted and password protected.
David Lang
On Sat, 4 Mar 2017, Julian Knight wrote:
> Date: Sat, 4 Mar 2017 12:05:06 -0800 (PST)
> From: Julian Knight <j.kni...@gmail.com>
> To: SonoffUsers <sonof...@googlegroups.com>
> Subject: Re: Issue when accessing my sonoff's web interface from outside
and...@gmail.com
Mar 6, 2017, 2:16:31 AM3/6/17
to SonoffUsers
Thanks a lot for the security pointers! Didn't know about Cloudflare nor BOT/Telegram. I'll read up on those.
I figured it was only 1 sonoff and I wouldn't really mind if someone got hold of it to turn my lamp on or off, but I will definitely have to look into securing everything once I get more devices connected. Thanks again!
and...@gmail.com
Mar 6, 2017, 2:17:38 AM3/6/17
to SonoffUsers, j.kni...@gmail.com, da...@lang.hm
Thanks for your suggestions. Didn't know about those and will have to read up on them to secure my setup. Cheers!
Julian Knight
Mar 6, 2017, 5:48:06 PM3/6/17
to SonoffUsers
Sorry for being rather direct about this but these things are causing havoc across the Internet.
As for your light - would you feel the same if you used a Sonoff on your hair straighteners or an electric fire and someone turned it on when you were on holiday for 2 weeks? Or maybe turned off your freezer? I know you aren't doing that now but these things have a tendency to creep up on us.
Reply all
Reply to author
Forward
0 new messages