Posts: 264
Threads: 39
Joined: Feb 2016
Reputation:
1
Hello,
I used to have remote program on demand for my customer. I press a button wich open 3671 port temporely, then program, then push off the buton with a script. I also have a script wich close it at 24h00 just in case of forgot.
My Problem, is that, since 2.6.1 firmware on SL/HL, they put security update:
security: disallow KNX/IP Tunneling connections from external IPs (Port 3671 is blocked from any public IP address)
I did'nt understand why it was'nt working anymore, but it was the explanation.
My question, is there a way to allow it, or at least allow my office IP ...
ANy help, would be precious.
Best regards
-----------
FRANCE SMARTHOME & SMARTBUILDING INTEGRATION
SE ECO EXPERT
Posts: 4659
Threads: 24
Joined: Aug 2017
Reputation:
212
Hello, We also blocked this functionality on LM. We scanned the network and we found nearly 2000 devices with permanently opened KNX port. Unfortunately people are not responsible and anybody now can take control of such project. For LM this is not a problem as we can now use ZeriTier for secure remote connection, also ETS download. Unfortunately SE does not provide this solution yet. From fw 2.6.1 every firmware. package has to be signed by SE, due to this we no longer can provide direct software update for SE customers.
We provided to SE package which will allow you to specify an external IP which will allow the connection. It is now up to them to deliver this to you.
------------------------------
Ctrl+F5
Posts: 1764
Threads: 6
Joined: Jul 2015
Reputation:
117
12.05.2021, 09:24
(This post was last modified: 12.05.2021, 09:27 by Erwin van der Zwart.)
I already discussed this with our team and they are aware, so Daniel you will get some feedback on it (:
From my point of view we need an option to open it by a menu command and it closes after x period again to make it at least possible, current situation will give lots of questions like above as everyone is using the controller as a remote accesspoint...
TBC..
Edit: I see that we get the option to enter a external IP, that will work for me, but auto closing after xx period would be even more secure..
Posts: 4659
Threads: 24
Joined: Aug 2017
Reputation:
212
Erwin, you will be able to open it only for a specific external IP.
------------------------------
Ctrl+F5
Posts: 1764
Threads: 6
Joined: Jul 2015
Reputation:
117
(12.05.2021, 09:25)Daniel. Wrote: Erwin, you will be able to open it only for a specific external IP.
Yes perfect, i already edit my previous post (:
Posts: 264
Threads: 39
Joined: Feb 2016
Reputation:
1
(12.05.2021, 09:04)Daniel. Wrote: Hello, We also blocked this functionality on LM. We scanned the network and we found nearly 2000 devices with permanently opened KNX port. Unfortunately people are not responsible and anybody now can take control of such project. For LM this is not a problem as we can now use ZeriTier for secure remote connection, also ETS download. Unfortunately SE does not provide this solution yet. From fw 2.6.1 every firmware. package has to be signed by SE, due to this we no longer can provide direct software update for SE customers.
We provided to SE package which will allow you to specify an external IP which will allow the connection. It is now up to them to deliver this to you.
ok great, the problem is known and people react
Of course I know people are not aware about security, but as you said, other do stuff well.
I guess we need to be able to put a Ip adress OR a DNS alias also. Some customer should have dynamic address and use service like dyndns...
Thank all for your feedback
-----------
FRANCE SMARTHOME & SMARTBUILDING INTEGRATION
SE ECO EXPERT
Posts: 106
Threads: 40
Joined: Sep 2017
Reputation:
0
Hi Erwin,
where I can found the package for LSS100100 ?
BR
KNX Advanced Partner + Tutor
Posts: 264
Threads: 39
Joined: Feb 2016
Reputation:
1
+1
we are waiting for it
-----------
FRANCE SMARTHOME & SMARTBUILDING INTEGRATION
SE ECO EXPERT
Posts: 1764
Threads: 6
Joined: Jul 2015
Reputation:
117
Not released yet as far as i know, will ask the guys for an eta..
Posts: 106
Threads: 40
Joined: Sep 2017
Reputation:
0
Any news ?
KNX Advanced Partner + Tutor
Posts: 264
Threads: 39
Joined: Feb 2016
Reputation:
1
(02.09.2021, 09:34)toujour Wrote: Any news ?
no news also...
I still use the 2.6.0 version since no patch... But this version has difficult issu to program spacelogic Schneider product (programing stop before the end)? I don't have the issue with 2.5.0 firmware. Strange.
I also see a 2.6.2
--> system config: add CORS origin settings for the HTTP server
but don't think it s the patch
-----------
FRANCE SMARTHOME & SMARTBUILDING INTEGRATION
SE ECO EXPERT
Posts: 4659
Threads: 24
Joined: Aug 2017
Reputation:
212
It is included in 2.6.2
------------------------------
Ctrl+F5
Posts: 264
Threads: 39
Joined: Feb 2016
Reputation:
1
what do you mean.
Where do we put our Ip adress or hostname ? it s this CORS functionnality or other setup?
-----------
FRANCE SMARTHOME & SMARTBUILDING INTEGRATION
SE ECO EXPERT
Posts: 4659
Threads: 24
Joined: Aug 2017
Reputation:
212
You need a Script to run for the KNX IP will send you PM. The CORS is something what most likely nobody will need but you will find it under HTTP servers in Services.
------------------------------
Ctrl+F5
Posts: 10
Threads: 2
Joined: Jan 2018
Reputation:
0
(02.09.2021, 10:11)Daniel Wrote: You need a Script to run for the KNX IP will send you PM. The CORS is something what most likely nobody will need but you will find it under HTTP servers in Services.
Hello Daniel,
Please, can you explain how to remotely access port 3671 of the wiser??
Thank you very much in advance.
Best Regards.
Jose
Posts: 4659
Threads: 24
Joined: Aug 2017
Reputation:
212
(25.03.2022, 10:01)Jose Wrote: (02.09.2021, 10:11)Daniel Wrote: You need a Script to run for the KNX IP will send you PM. The CORS is something what most likely nobody will need but you will find it under HTTP servers in Services.
Hello Daniel,
Please, can you explain how to remotely access port 3671 of the wiser??
Thank you very much in advance.
Best Regards.
Jose
You cant, in LM we have solution, wiser does not. You can create VPN network on site.
------------------------------
Ctrl+F5
Posts: 221
Threads: 45
Joined: Nov 2015
Reputation:
2
Is this an issue with local IP addresses as well? I can use 3671 locally if I set the IP to the standard factory one, but if I change the internal IP to 172.10.11.10 I can't reach it through ETS.
No ports are open to the internet, this is locally only.
Wiser with 2.7.0.
Posts: 7773
Threads: 42
Joined: Jun 2015
Reputation:
447
Class B range is 172.16.0.0 - 172.31.255.255, 172.10.11.10 is a public IP address.
Posts: 221
Threads: 45
Joined: Nov 2015
Reputation:
2
Ok - thanks. It is a managed network, so I'll contact the admin.
|