This forum uses cookies

Kilogica · 09.11.2021, 11:18

Hello,

I try to reach a Wiser for KNX in ETS but I can't.

I opened port 3671 TCP/UDP on router and 443, on https no problem but ETS cannot reach (not even with NAT mode activated).

I asked the ISP to see if they block something but they confirmed that they don't.

What could it be? Any ideas? Confused

***Daniel*** · 09.11.2021, 11:20

This is blocked for security. In LM we have Zerotier which lets you connect securely. Contact SE support directly.

Erwin van der Zwart · 09.11.2021, 13:13

Check the official communication from KNX Assosiation later today.. Then you know why we closed it ..

Kilogica · 09.11.2021, 13:49

I understand the problem, and I'm aware of the KNX secure process etc etc, but I have an old installation without a VPN and I have to reach it, is there a way?

***Daniel*** · 09.11.2021, 13:50

If you use VPN then you don't need NAT. Only public IPs are blocked. When you are on VPN then you use local IPs,

Kilogica · 09.11.2021, 14:34

Yes, I know it, but I didn't have a VPN there, is it possible to reach the bus via ETS in that case?

Thank you

***Daniel*** · 09.11.2021, 14:35

Via LM yes, Wiser NO

Erwin van der Zwart · (This post was last modified: 10.11.2021, 14:15 by Erwin van der Zwart.)

For those who have missed the news article of knx.org: https://www.knx.org/knx-en/for-professio.../index.php

What is missing in this message is what the hackers are doing at this moment, and why it is so critical to close port 3671 for public access.

Currently hackers are scanning for open ports to unprotected KNX installations and when found they scan for all the bus devices from any brand/manufacturer and delete the programming of the device, next to that they enable the BCU password on the affected devices and make it impossible to re-program the device. In theory this means the device is locked and must be replaced.

As you understand this brings high costs for labor and hardware and the original latest programming must be available. Last week there are several cases i have heared of in different countries and different product ranges/manufacturers.

This is why we keep pushing for avoiding open ports as this is a quick and dirty approach and put you and your customers at high risk for these threats.

For remote access use appropiate measurements like VPN and KNX IP secure and move away from the dangerous port forwarding method!

CristianAgata · 10.11.2021, 20:40

(10.11.2021, 14:12)Erwin van der Zwart Wrote: For those who have missed the news article of knx.org: https://www.knx.org/knx-en/for-professio.../index.php

What is missing in this message is what the hackers are doing at this moment, and why it is so critical to close port 3671 for public access.

Currently hackers are scanning for open ports to unprotected KNX installations and when found they scan for all the bus devices from any brand/manufacturer and delete the programming of the device, next to that they enable the BCU password on the affected devices and make it impossible to re-program the device. In theory this means the device is locked and must be replaced.

As you understand this brings high costs for labor and hardware and the original latest programming must be available. Last week there are several cases i have heared of in different countries and different product ranges/manufacturers.

This is why we keep pushing for avoiding open ports as this is a quick and dirty approach and put you and your customers at high risk for these threats.

For remote access use appropiate measurements like VPN and KNX IP secure and move away from the dangerous port forwarding method!

Confirmed..... Avoid the opening of the port 3671 on the client router. It is very dangerous.

puntukas · 22.11.2021, 10:25

Hi,
I have LM in local network behind the firewall and I made a custom port with restricted source IP that redirects to LM 3671.
However it does not work - my i3pro application does not work from outside the network even the fw shows all redirects are working properly.
What could cause a problem? is there any way to check LM logs for KNX connections?
thanks

Erwin van der Zwart · 22.11.2021, 15:21

Did you enabled "NAT mode" in the ETS connection settings?

Frank68 · 24.11.2021, 11:58

(22.11.2021, 15:21)Erwin van der Zwart Wrote: Did you enabled "NAT mode" in the ETS connection settings?

I have enable but not work..

davidchispas · 11.01.2022, 16:16

Hello, in LM devices with old Firmware, would it be enough to uncheck the option of 'KNX IP Features'? so the access would be blocked by the 3671?

***admin*** · 11.01.2022, 16:18

Yes, disabling IP features is enough

***Daniel*** · 11.01.2022, 16:19

Only if you use TP-UART mode, If Routing is selected then this is still enabled.

YOUSSEF · 14.02.2022, 18:26

(09.11.2021, 11:20)Daniel Wrote: This is blocked for security. In LM we have Zerotier which lets you connect securely. Contact SE support directly.

Even if LM is on DynDNS 3671 is blocked?

***admin*** · 15.02.2022, 08:11

Dynamic DNS does not provide any kind of protection. It does not matter if it's a domain name or an IP address. Opening port 3671 is a security issue in a any case.

Dan22 · 16.02.2022, 16:44

There is no other way to connect to port 3671 other than via VPN, otherwise it is not possible?
I have a problem on my computer with an L2TP connection, it is disabled by WIN-10. I've already gone through what, no change in settings has helped, not even in the registers.

***Daniel*** · 16.02.2022, 16:50

Have you tried ZeroTier? It is not VPN strictly speaking.

Dan22 · (This post was last modified: 16.02.2022, 17:43 by Dan22.)

I haven't tried zero tier, there is a guaranteed guide somewhere, I would not like to go to LM at the customer's

Daniel,
Thanks for the advice, ZT works.

Login
Username:
Password:	Lost Password?
	Remember me