Why nanoleaf shapes needs TCP-Port 1883?!?

Started by SGutekunst

SGutekunst

Hi everybody,
i got a few weeks my first nanoleaf product, the mini triangles. I wanted to test them, before i will buy more from nanoleaf. From the beginning i had connection problems between my android phone with the nanoleaf app and the mini triangles. i spend my hours and did many soft and hard-resets, nothing helped me. i thought, the problems are related to my unifi APs or my android phone has a problem. but nothing on the internet helped me. but, than i realized, that my ioBroker has also connections issues with the mini triangles. this was the point i thought, this could an issue with the mini triangles/controller itself.

than i contacted the nanoleaf support and they send me a new controller. at the nanoleaf shop some people also commented, that they got a new controller and there problems where gone.

as i got the new controller, i installed it and connected it to my network, but the problems still exists. the android app is loosing the connection every few seconds.

today i investigated a little bit more, and you have now something to learn about my network. i am using a pfsense firewall, which does not allow traffic to the internet. for sure, port 443 or 80 are allow for all devices, but of course the TCP port 1883 is not allowed. on my pfsense i realized, that the nanoleaf is trying to connect to some AWS ip adresses over the port 1883, for example:

11:10:34.121883 IP 192.168.1.196.36018 > 3.120.52.50.1883: tcp 0
11:10:35.138721 IP 192.168.1.196.36018 > 3.120.52.50.1883: tcp 0
11:10:37.218738 IP 192.168.1.196.36018 > 3.120.52.50.1883: tcp 0
11:10:41.298675 IP 192.168.1.196.36018 > 3.120.52.50.1883: tcp 0
11:11:15.472104 IP 192.168.1.196.34188 > 18.195.249.126.1883: tcp 0
11:11:16.498990 IP 192.168.1.196.34188 > 18.195.249.126.1883: tcp 0
11:11:18.578877 IP 192.168.1.196.34188 > 18.195.249.126.1883: tcp 0
11:11:22.658665 IP 192.168.1.196.34188 > 18.195.249.126.1883: tcp 0

i allowed the mini triangles to contact the TCP port 1883 outside of my network and now all my connection issues are gone away.

so the question for me is now, why did the nanoleaf products need the connection to 1883 and why i am not finding anything about that at the product/support pages from nanoleaf? i thougt, i can use the nanoleafs without a internet connection.

in this case, nanoleafs will not work without a working internet connection. i dont think, that this was the intention in the development of the nanoleafs. i am very sad about this fact :(.

SGutekunst

Is there no one here who can confirm my observed circumstances? And what is about the Nanoleaf Support? Did you not read or moderate your bulletin boards?

m0eppi

… I can confirm the explained behavior. I setup my new Shapes and after a few minutes the lights are freezing. After further seconds the lights was alive again until they stuck again.

Because I had a suspicion I took a look into the logs at my firewall (Sophos UTM). Then I found, that the Nanoleaf got a ip address and try to connect public ip address 3.120.143.32 on port 1833 ?! Why an IoT device (I thought Nanoleaf shapes are a kind of that) calling home?! It must not be that the function stops when there is no connect to the internet! I dont' want that my IoT devices calling home and I also need no cloud features. Maybe you can add an option to your app, that let the choice by the user.

Here is also a further report of this behavior, I think with new firmware (?) also the end-of-life Aurora lights have the same problem here: https://www.reddit.com/r/Nanoleaf/comments/p8u8sk/comment/hae6duo/?utm_source=share&utm_medium=web2x&context=3

@Nanoleaf support: please can you tell somthing about that?

m0eppi

@SGutekunst: I experienced the same story like you, only at iPhone (Connection error/lost in nanoleaf app, get in contact with naoleaf support, Controller replacement, create a "allow" firewall rule for outgoing traffic at port 1883). And … I had the same thought like you :-) …Test of the mini shapes with ioBroker (for showing up different states of my smarthome) before I buy the big ones (but for the moment I don't will do that).

SGutekunst

Thanks for your reply. I am happy, that not only i had the problems :).

Ok @Nanoleaf, please have a look on this topic and please add some options on your firmware. I think, calling home is definitely not the right way and many people will not like it, but they will like there working Nanoleaf devices ;).

Aliakbar Eski

Hey guys, this is unfortunate that no one replied to you. Apologies for that, I will inquire with the team how this dropped off the Radar.
I saw this post actually and I personally jumped onto this issue and have been working on it. I am happy to say that this issue has now been fixed and will be out in the next firmware release.
Yes the product does not need an internet connection function, this was clearly a bug, and its now fixed!

Regards
Aliakbar Eski.

Aliakbar Eski

@"Gary Funk" That is exactly what I raised with the team yesterday. Things should be better from now on.

About the discord group, I know about it, but I am now aware of it being advertised or not. I will reach out to the right people about it.

I belong to Engineering and as such, I am not always aware of the many things happening on the community side. My apologies if I am not always on point with the non-technical answers, but for the technical stuff, rest assured I am on it always. Even if I don't respond, I have seen it and am working on it.

Regards
Aliakbar Eski

SGutekunst

Thank you @"Aliakbar Eski" for your support. I just saw, that there is a new firmware since a few days. My Shapes already got it. If i have some time, i will check if the reported behavior is fixed. Thank you so far.

SGutekunst

@"Aliakbar Eski" now i had the time to test the changes at the new firmware (6.3.1). I can now confirm, that my reported behaviors are solved. It is now possible to use the Nanoleafs without the need of an internet connection, or opened port 1883.

But, i see many connection tries from and to the Nanoleaf Shapes:

12:03:23.174119 IP 3.219.229.10.443 > 192.168.1.196.41000: tcp 69
12:03:23.175018 IP 192.168.1.196.41000 > 3.219.229.10.443: tcp 0
12:03:33.083203 IP 192.168.1.196.41000 > 3.219.229.10.443: tcp 69
12:03:33.178082 IP 3.219.229.10.443 > 192.168.1.196.41000: tcp 69
12:03:33.178984 IP 192.168.1.196.41000 > 3.219.229.10.443: tcp 0
12:03:35.184229 IP 192.168.1.196.51758 > 18.185.223.23.1883: tcp 31
12:03:35.194348 IP 18.185.223.23.1883 > 192.168.1.196.51758: tcp 31
12:03:35.195328 IP 192.168.1.196.51758 > 18.185.223.23.1883: tcp 0
12:03:43.087141 IP 192.168.1.196.41000 > 3.219.229.10.443: tcp 69
12:03:43.181893 IP 3.219.229.10.443 > 192.168.1.196.41000: tcp 69
12:03:43.182922 IP 192.168.1.196.41000 > 3.219.229.10.443: tcp 0
12:03:52.053432 IP 192.168.1.196.46590 > 49.12.125.53.123: UDP, length 48
12:03:52.066436 IP 49.12.125.53.123 > 192.168.1.196.46590: UDP, length 48
12:03:53.090372 IP 192.168.1.196.41000 > 3.219.229.10.443: tcp 69
12:03:53.184829 IP 3.219.229.10.443 > 192.168.1.196.41000: tcp 69
12:03:53.185729 IP 192.168.1.196.41000 > 3.219.229.10.443: tcp 0
12:04:03.094370 IP 192.168.1.196.41000 > 3.219.229.10.443: tcp 117
12:04:03.233101 IP 3.219.229.10.443 > 192.168.1.196.41000: tcp 0

At the moment this is not a problem for me.

Thank you for your support!

Gary Funk

Interesting.
3.219.229.10 is Amazon, New York
18.185.223.23 is Amazon, Germany
49.12.125.53 is Hetzner Online GmbH, Germany <– That's the one I would worry about.

Gary Funk

I find it strange that UDP data is being passed between a Nanoleaf controller to some unknown ISP.