I am struggling with a Homey & Homey App connectivity issue.
Hope this community might have some suggestions that point me in the right direction.
What is the problem?
For security reasons I have recently moved my Homey-Pro to my IoT VLAN. I did this by re-connecting Homey to a dedicated IoT SSID that is part of the IoT VLAN.
Devices with the Homey app (iPad and iPhone) stayed in the main network.
Result: Everythings works fine (Homey app connects to Homey, status of all devices is shown etc).
Except…that the Homey app seems to be unable to receive updates from Homey that it did not request itself.
I can turn on a light, the light will turn on, but the status in the app is not being updated (e.g it stays off in the app)
I can add a devices to my favourite devices (on top), but it doesn’t show up in the favourites list.
During pairing of a new Fibaro Smart Plug I get the generic instruction, but the animation and feedback is missing (since I know what to do I can finish the proces ‘blindly’)
Only after I restart the Homey app , the correct status are shown (e.g status lamp is correct, favourite devices is added on top and newly paired device is visible)
So my conclusion is that all Homey generated updates do not reach the app, unless Homey explicitly askes for an update.
What did I already do?
Moving my iPad (with the Homey app) to the IoT VLAN solved the issue (so it has to do with connectivity). But that is not what I want. iPad and Homey should be seperated in different VLANs.
Connecting from Athom cloud (= from outside) also solved the issue, but that is also not what I want. I want to be able to have a local connection if I am at home (and I cannot enforce only using the external connection even if I wanted to)
I allowed connectivity on port 80 and 443 from IoT VLAN to Main network in my firewall but that didn’t help (during analyses I have not even seen any connection being setup from Homey → App)
Tried some different Wireless Network settings in the Unifi Console (such as ‘Enable multicast enhancement (IGMPv3)’ or Remaps ARP table for station’ , but nothing seems to change the situation
Ubiquity Unifi setup with AP’s and Cloudkey
Homey Pro in IoT VLAN and iPAd with Homey app in main network VLAN;
“Allow all” firewall rule from main network → IoT
Block all from IoT → Main network (but I experimented unsuccesfully with various allow rules);
My question for help
Any clue what I am doing wrong or what I should do the make the app work properly again?
I guess I am not the only one running Homey in a seperate VLAN.
You wrote: [quote=“Merpster, post:1, topic:58977”]
I allowed connectivity on port 80 and 443 from IoT VLAN to Main network in my firewall but that didn’t help (during analyses I have not even seen any connection being setup from
You must allow traffic from your Main network to your Iot network. Just think How do I acces to my homey. Not how will acces homey to me. (what you did)
Succes (Start all so with open ICMP to use the ping command so you can test it if your rules and routinng are ok.
What if you temporary allow all and sniff traffic first?
Like when you operate / pair the fibaro and Homey should show an updated status.
Somehow you’ll have to discover which ports are used (or ask around in here).
No, all modern browser have developer tools where you can see (amongst other things) which network connections a web page is using.
The web app (and also the “classic” app, by which I assume you mean the mobile app?) first tries to connect to https://A-B-C-D.homey.homeylocal.com, where A-B-C-D are the octets of your Homey’s local IP address (so if your Homey is at 192.168.1.10, it will try and connect to https://192-168-1-10.homey.homeylocal.com).
You can start by checking if that hostname leads anywhere in your network, by opening the URL in a browser for instance.
Hi Robert, maybe I have not described my issue clear enough, but making connection to my Homey is not the issue.
In all cases - with ‘classic’ mobile app with external and direct internal connection as well as with the new online app (don’t know how you can see whether it is using the direct internal connection or the external connection) - this works fine.
The issue seems to be in the realtime Homey generated feedback (like updating the status of a lamp in the Devices overview) in the situation with ‘classic’ mobile app and a local connection.
How do you think that analysing the browser data will tell me why this is not working? Thanks for your clarification!
When homey talks to a device. It’s OK. It will do a request/response thrue the firewall.
When a device sends an update it gets blocked in the firewall.
The only way to solve this is by whitelisting the devices you want to communicate with homey.
So a simple block all outgoing of iot vlan will not work. It should be. Block all except device a:port diviceb:port etc etc
It doesn’t really make sense that my.homey.app (including realtime updates) is working but the mobile app isn’t, though. Websockets use the same HTTP(S) server on Homey, and when I run the Homey app on my Mac I can see realtime updates being transmitted over the HTTPS connection from Homey back to my Mac.
So I think the my.homey.app connects via internet since it fails to find something inside, explaining why it behaves differently than the mobile app.
Weird thing is that it also does this when all firewall rules are off.
(BTW IP adres looks weird to me: dashes i.s.o. dots)
Does your router (or the machine that is handling your local DNS) have DNS rebinding protection enabled? Athom’s method of providing “secure” local access depends on that protection being disabled (ironically making your local network less secure, but I’ve given up on trying to explain this to Athom).
Also, it looks like Athom’s nameserver that handles homeylocal.com is something home made; whenever you send it a query that is not simply an A record, it times out