Indigo Domotics

Weird issue: When I try and login using my reflector from my desktop I get an error telling me "Failed to connect". The iOS app works just fine. So, since I'm on my trial period I figured I'd try opening up a port to access Indigo instead. Well, that works on my Mac (while on an outside network) but not on my iPhone (entered as MYFORWARDINGSERVER.COM:PORT. Any ideas on how to fix either?

Are you using HTTPS when accessing the reflector on your Mac?

For the second issue, are you forwarding to port 8176 on your Indigo Server? That's the port that Indigo Touch uses (both iOS and web).

Can't tell if I'm having the same issue due to vague terminology above.

I can access control pages via prism on the Mac or iOS.

But I can't use the Indigo Mac app to connect to my home server at any of the the following in the "Connect to remote server" dialog:

external IP:port# (and the port is open on the router, mapped to the Mini running Indigo Server
https://external IP:port#
http://twodoghill.indigodomo.net
https://twodoghill.indigodomo.net
twodoghill.indigodomo.net

Until I tried the prism web pages, I thought I had a problem on my WAN this morning.

The OS X client uses a different port than iOS / web, so it won't go through the Prism Reflector.... and also won't go through your router on 8176. You can find out the current port for the OS X client by going to the Start Indigo Server dialog... default is 1176 IIRC. But it is HIGHLY inadvisable to open up that port through your router.

But it is HIGHLY inadvisable to open up that port through your router.

And why is that?

Different Computers wrote:

But I can't use the Indigo Mac app to connect to my home server at any of the the following in the "Connect to remote server" dialog:

Is this on your home network, or from afar?

If on the network, you just need your local Mac name/IP address; not your reflector.

It's when I'm outside my LAN.

Though I think the reflector worked from the LAN too, it's not what I typically use.

And why is that?

When your OS X app talks to Indigo on 1176 it won't be through a secure channel like you have when utilizing the reflector service - so anyone could easily watch that traffic and have full access to your home automation system...

Although this is true (the traffic over port 1176 to the Indigo Server is not encrypted), there still is authentication that occurs using the username/password. So while packet sniffing an active remote connection could give some details about what is occurring in the house and a man-in-the-middle attack would be possible, it does still provide some decent authentication (credentials are not sent in plain text) to keep that bad guys out. If you VPN into your home LAN then everything would be encrypted of course (although then you wouldn't need to open port 1176 on the router).

Sooooo, any idea why I can't connect remotely from the Indigo client?

Once you have the router port forwarding configured, you should just enter the WAN IP address of your router in Indigo's connect dialog. If the router port number isn't 1176, then enable the checkbox and put the port number in the edit field. Do not use :port notation,l and do not use HTTP: prefix as the Indigo Server isn't HTTP.

If that doesn't work, then your Mac firewall is blocking the connection (try turning off the firewall totally for troubleshooting) or the router port forwarding isn't correct. Note that Indigo has 2 servers, so just because Indigo Touch or Web access works doesn't mean the Mac firewall is configured correctly – it might be blocking port 1176. Lastly, note some routers don't support loopback so you may have to be outside your home's LAN (either physically or tunneled somewhere else via VPN) to test it.

no worries about loopback (which my terrible ISP-required router doesn't support reliably) because I'm trying to make this work from work.

Not getting anywhere with setting it to the IP address. I haven't changed the port. I set port forwarding on 1176 to the Mini running Indigo. Still no joy.

I'll look at the firewall, thanks.

My firewall was already off.

Buuuut I had my router port forwarding set to the wrong port. All better now!

So while packet sniffing an active remote connection could give some details about what is occurring in the house and a man-in-the-middle attack would be possible, it does still provide some decent authentication (credentials are not sent in plain text) to keep that bad guys out.

I don't consider really consider a non-secure channel to be at all secure when connecting at, say, a coffee shop. I've witnessed how easy it is to use a laptop to spoof, say, Starbuck's WiFi and have the person next to you connect to your laptop instead of their router. If someone does that and screws with your Twitter feed, so be it... but screwing around with your house... not so cool.

I'm not saying a targeted attack is likely here, but there are PLENTY of bored people out there and plenty of script kiddie tools available...

Adam