Apple Home/HomeKit on a isolated network results in very slow IoT devices

Ahah yes I had woken up, I opened the windows for 10/15 then I turned on the thermostat...but... it wasn't working :sweat_smile:

thanks for the suggestions!

I tried to re-add the Netatmo devices after a reset but without luck, as soon as I "bridge" the 'iot' WLAN to the LAN (I mean I put all the devices in the same subnet) the Netamo devices appear again! So this should be an issue with the firewall... like as it was for the port 25050 (but this worked only for the online connection, not HomeKit).

The devices are talking with HomeKit but there are no logs for HomeKit, I don't know about them, never heard of them... is the Apple way... :roll_eyes:

Anyway the devices are connected to the WLAN, I see both them (also using arp)

192.168.5.150    0x1         0x2         xx:รจ:xx:65:73:8a     *        wl0-ap0
192.168.5.247    0x1         0x2         xx:รจ:xx:6d:c6:80     *        wl0-ap0

Yes I will try again to add them using the main WLAN or searchin on Duck Duck Go, because this is a weird behavior.

I solved it (I edited indeed, but replied before my edit), I had to open a firewall rule to let the "main LAN" to see the "iot LAN"

config zone
	option name 'lan_to_iot'
	option input 'REJECT'
	option output 'ACCEPT'
	option forward 'REJECT'
	list network 'lan'

config forwarding
	option src 'lan_to_iot'
	option dest 'iot'

And now the Homebridge server and other stuff inside the .1.x subnet can view/ping the stuff inside in the .5.x subnet and the devices with static IP are working between the subnet!

All is done fortunately and thanks to your help, I have only to fix the Netatmo devices (well they are working using the Netatmo apps, so no a big issue at the moment).

Thanks again!

1 Like

I'm struggling to find out why the Netatmo devices aren't able to communicate

When I assign to the iot WLAN the iot interface, in order to have them isolated on another subnet, I simply don't see any mDNS packet from the Netatmo devices :thinking: they are connected to WLAN, and they are working to send data to the Netatmo servers but not as mDNS inside the LAN.

I don't know, my thought is that, since is the Homebridge server that is sending the mdns discovery queries, and these device aren't on another subnet, then for some reasons they can't find the Homebridge server!
...but all the other iot devices in the same iot subnet, are able to discovery it. So my guess is that those Netatmo devices are using something else to communicate.I have no idea.

These are the captures on the same subnet or separated. When they are separated I imply can't find packets, looks like they are off!

I don't know what to do... at the moment I simply created a new WLAN called Netatmo bridged to LAN, the devices are there and are working obviously but they are inside my main LAN.

Edit: hmmm I've found that when the Netatmo devices are connected to the main LAN .1, they're sending some ARP packets to search the gateway, ecc.. could be that these devices aren't unable to work with a gateway of .5 instead of .1? I don't know, seems absurd but... (obviously you can't change the network settings on the Netatmo devices, you can only select the wifi ssid to connect).

.
.
Clarification:
I was saying to configure the DHCP server for the 192.168.1.0/24 network to provide the route to the .5.x network to all the hosts including the iot smart appliances in the .1.x network. Probably via dhcp option 121.

Hosts / nodes / endpoints are part of the routed network and run code to support routing. In a typical network with hosts connected to an "access" network, only a default route is needed. Outbound ip communications are (in general) a case of - self || directly connected unicast || not directly connected unicast || multicast || broadcast - . So for the case "not directly connected unicast", if a host is in a network (LAN/subnet) that has additional gateways to reach some networks, the route table on the host needs to be be populated for it. Your change is a partial/full workaround - but is it fully correct and does every device work with it?

With all that said, since you don't know the routing capabilities of the iot smart devices, I recommend that you keep the access networks separate from any transit networks. A transit network is the network between two routers.

If you want to keep hosts in your "LAN" (192.168.1.0/24) then reconfigure your R4S and WAX206 to use a new separate network for the routed connectivity through them. That could be a VLAN if you need you have wired devices on a switch between the R4S and WAX206 and want to keep the firewalling on the R4S.

Something to consider anyways. :wink:

1 Like

Oh I didn't know thought about this solution, but since the Netatmo devices are using the WAX206 at 192.168.5.0/24 as gateway, I think that if I'll the DHCP from the r4s router at 192.168.1.0/24 they will expect an IP in the .1 subnet. I have no idea, I've never used the option 121, only the most commons 6/12.

Hosts / nodes / endpoints are part of the routed network and run code to support routing. In a typical network with hosts connected to an "access" network, only a default route is needed. Outbound ip communications are (in general) a case of - self || directly connected unicast || not directly connected unicast || multicast || broadcast - . So for the case "not directly connected unicast", if a host is in a network (LAN/subnet) that has additional gateways to reach some networks, the route table on the host needs to be be populated for it. Your change is a partial/full workaround - but is it fully correct and does every device work with it?

...ehm yes the problem is just, how? :smiley: they don't have any settings.

I thought also this, but since all the iot devices are wireless 2.4ghz devices, I preferred to create a 2.4GHz WLAN assigned to a new network on a different subnet, in the end (I thought) it should be almost the same as have a VLAN but now I think this is not that easy... but I saved one ethernet port on the Access Point and I also don't like tagged VLANs.

Anyway thanks for the help, but I think we have to continue in one thread only to avoid confusion. This one, or this Netatmo HomeKit native devices, not able to update iOS Home app when isolated (but work online/using Netamo app) - #9 by giuliomagnifico :slight_smile:

1 Like

Yes, continue Netatmo issues in the other thread.

I just wanted to explain here about the complications of a shared access and transit network where clients in that network need multiple routes or some other work-around is needed.

That issue goes away if you keep all access networks separate from transit networks.

We can stop in this thread. :slight_smile:

1 Like

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.