radurus
New Member
Also check if the browser has some feature "data saver" or some sort of VPN activated which uses a kind of proxy.
solar assistant and rasberry pi
- Thread starter Bigblockcutlass123
- Start date
I just set up SA last night, and I've had to read between the lines in the docs as well to get it running, but I'm not running a normal network config.. If anything I'm more like 'no wifi' I suspect.. but, if it helps anyone, here's what I went thru:
My RasPi3b running the image would NEVER connect to my home Wifi network. Tried every one of them. Didn't seem to matter.. it took a while for the RasPi to eventually give up and open up its own SolarAssistant network. I configured it that way.
I connected a LAN cable to the RasPi and was able to connect and register. So that means my country/IP/packet filtering wasn't the cause of WiFi connectivity issues.
The RasPi was able to use my phone hotspot and showed connectivity on the solar-assistant.io site that way. That was just a test however.
I ran a long Cat6 to the RasPi and locked it to the IoT network, however, none of my systems would connect to the device, even though it showed it was communicating on the IoT network. IF youre directly on the IoT network, you can talk to it fine. Jumping thru a router from another network.. no go. Note that none of the other IoT devices or web servers on IoT have any issues like this. You also can't ping the RasPi from other networks (but you can ping all my other IoT devices).
MQTT servers are running in a separate docker container in my setup - not integrated with HA, and I do deny anonymous. The docs on the SA website show a way to set an account and password for MQTT? Those options aren't there for me.
I ended up moving the RasPi to the server network and blocked outbound. That allows me to reach it from management workstations, let it see the MQTT server, and let the MQTT server connect to it (anonymously, which I dont really like.. but I dont use SSL with MQTT either, so technically the MQTT password is easy to sniff anyhow. I do it more for the ability to see what client is connecting and sending what traffic.)
I did have to add the bridge config to my mosquitto.conf file (the whole thing about finding the configs, using a share folder, creating separate config files.. those don't apply in my case.. I know exactly where my container config files are, they are mapped to a local server folder).
So, it works! No internet connectivity needed now. I have the SA console, HA integration and that console and my external grafana interface to build my own reports and alerting. (and, Appdaemon can see HA/MQTT data to build scripts should I want to control loads based on Inverter state).
My concern still is that Wifi and BT are NOT needed (never worked for me really), and I do NOT want the RasPi offering up BT and wifi networks to anyone in range. I see no way to disable them however. I have an email in to the SA support folks.. waiting on an answer.
Worst case, I'll remove the RasPi antenna, or look for a chip enable pin I can lift and disable hardware-wise on the RasPi.
Good luck - I like the product, no hints any anything hinky going on yet (was a bit concerned they are located in Africa.. but..) and I'll be watching for sure.
- My home network is set up with 4 VLANS, Servers, Home Users, Guest, IoT. (ubiquiti based)
- IoT cannot reach Internet except for one or two fixed IPs, or other networks except for rules below.
- Firewall/LAN rules allow IoT to reach MQTT, DNS/NTP, HomeAssistant, which all run as containers on a server network node.
- Home and Servers are always allowed to reach 'in' to the IoT network. IoT just can't initiate to them.
- Packet inspection is on, and 50+ countries (including a lot in Africa) are blocked by default as non-trustworthy.
My RasPi3b running the image would NEVER connect to my home Wifi network. Tried every one of them. Didn't seem to matter.. it took a while for the RasPi to eventually give up and open up its own SolarAssistant network. I configured it that way.
I connected a LAN cable to the RasPi and was able to connect and register. So that means my country/IP/packet filtering wasn't the cause of WiFi connectivity issues.
The RasPi was able to use my phone hotspot and showed connectivity on the solar-assistant.io site that way. That was just a test however.
I ran a long Cat6 to the RasPi and locked it to the IoT network, however, none of my systems would connect to the device, even though it showed it was communicating on the IoT network. IF youre directly on the IoT network, you can talk to it fine. Jumping thru a router from another network.. no go. Note that none of the other IoT devices or web servers on IoT have any issues like this. You also can't ping the RasPi from other networks (but you can ping all my other IoT devices).
MQTT servers are running in a separate docker container in my setup - not integrated with HA, and I do deny anonymous. The docs on the SA website show a way to set an account and password for MQTT? Those options aren't there for me.
I ended up moving the RasPi to the server network and blocked outbound. That allows me to reach it from management workstations, let it see the MQTT server, and let the MQTT server connect to it (anonymously, which I dont really like.. but I dont use SSL with MQTT either, so technically the MQTT password is easy to sniff anyhow. I do it more for the ability to see what client is connecting and sending what traffic.)
I did have to add the bridge config to my mosquitto.conf file (the whole thing about finding the configs, using a share folder, creating separate config files.. those don't apply in my case.. I know exactly where my container config files are, they are mapped to a local server folder).
So, it works! No internet connectivity needed now. I have the SA console, HA integration and that console and my external grafana interface to build my own reports and alerting. (and, Appdaemon can see HA/MQTT data to build scripts should I want to control loads based on Inverter state).
My concern still is that Wifi and BT are NOT needed (never worked for me really), and I do NOT want the RasPi offering up BT and wifi networks to anyone in range. I see no way to disable them however. I have an email in to the SA support folks.. waiting on an answer.
Worst case, I'll remove the RasPi antenna, or look for a chip enable pin I can lift and disable hardware-wise on the RasPi.
Good luck - I like the product, no hints any anything hinky going on yet (was a bit concerned they are located in Africa.. but..) and I'll be watching for sure.
Just a thought regarding not being able to communicate across networks...
Default Gateway on the RasPi?
We have an older digital sign at work that I could not get to communicate across networks. Turns out that even though I could configure a default gateway(route), it seemingly ignored it. Packet captures showed that it would not send any traffic via the default gateway.
Could be a bad gateway on the RasPi, but with their image you have no control or insight to it. Other devices on my IoT network can certainly cross networks (some are allowed to the net) but the IP/DHCP settings are the same for all IoT devices.. its the firewall rules that control how far they can reach. If I allow it to the net, it will certainly talk to the Internet proxies, and I see it "alive" on their website.
Just another note - and this is completely not confirmed but it "feels like" the SA software may be connecting to the Wi-Fi you specify, doing some connectivity tests to their proxies, and when they fail (they would in my case) it gives up and switches to its own network.
This allows you to connect to it and config it.. I guess. BUT if you run remote with no Internet, I would still want it to use MY Wi-Fi at that site, not its own. I want control over my Wi-Fi Security, versus relying on it's settings, which I don't know what is setup, and the default password is readily available for..
SO my only concern right now for the SA option, is, it feels like its less secure.
As far as the not being able to reach its web server (port80), ping it, or MQTT outside the network local to it.. it feels maybe like some playing around with the network stack (like settings to only allow incoming web/mqtt/icmp traffic from local networks, which is pretty restrictive, but i've seen it before). Still waitin on a reply from them, maybe they will clear up all my concerns.
@Rb42 do you enable IGMP Proxy for your IoT VLAN? I have a similar network setup (additional VLANS for entertainment, CCTV, and management), and between that and setting static host names I could keep most of the IoT stuff off my server VLAN.
Can't you disable the WiFi and Bluetooth on a Pi with a text file in the FAT partition on the SD card?
Can't you disable the WiFi and Bluetooth on a Pi with a text file in the FAT partition on the SD card?
IGMP is mostly for multicast efficiency I thought, and its not enabled. Most of my streaming is via Roku's which sit on a different network than the TV. TVs are in my IoT network because they (by default) constantly send metrics data to the manufacturer sites (Nielsen, etc) and I'm not interested in supporting that. (and I block Roku's default metrics by a DNS blackhole)
The image from SA does indeed have a FAT partition you can set things on - you'd have to do that before first initialization I think, as once the SA device has initialized it looks like the FAT partition is gone from the SD card. At least there are no recognizable partitions on the SD card now that its been registered and running. (but good to know before you start up the system). SSH is enabled but its on port 2222 and requires client certs (which of course we don't have).
Its just odd, that of all the IoT devices I have on that network, the RasPi running SA wont allow external networks (or it doesn't respond to them). There's no rules affecting traffic IN to IoT, just rules preventing it OUT. Or maybe I should say I run blacklist rules, not whitelist. If you jump on the IoT network with a phone or laptop, there's no issues at all with the SA website or MQTT.
Oh! got a response from SA and they stated that BT disable will be an option in future versions. They wondered if my IP range conflicted - SA uses 10.0.0.5, but I run all 10.10.3x.z network ranges. (so, no.) Nice to see a quick response from them!
I thought maybe if they hardcoded the dfgw as 10.0.0.1, and used a huge network (/16 or something bigger) maybe they'd overlap my 10.10.3x. but then.. if they broke the DFGW, how would they get out to the internet proxies when i allow the firewall to pass their traffic? They shouldnt even be getting to the firewall(router) with a bad dfgw.
I thought maybe if they hardcoded the dfgw as 10.0.0.1, and used a huge network (/16 or something bigger) maybe they'd overlap my 10.10.3x. but then.. if they broke the DFGW, how would they get out to the internet proxies when i allow the firewall to pass their traffic? They shouldnt even be getting to the firewall(router) with a bad dfgw.
Last edited:
In school, I penned a few research papers on the cons of our digital age and how much revenue is generated through data wrangling. Has anyone ever read a EULA before tapping the ok button? Wish I had half the smarts you guys have when dealing with things of computer.
Yeah, I scanned everything I saw before I purchased, but honestly I used this forum for some more 'background checks'.
The solar-assistant terms are fairly clear, although it is interesting that you are not allowed to post any copies, screenshots, or material from their website publicly. There's no clear privacy or GDPR documentation. I don't know if staying offline prevents uploading all your metrics when/if you ever connect occasionally to check for uploads. I don't know what South African laws are either..
That said.. I like the software. They have been open with me, and even posted some of the proxy server information in my conversation with their support team. I understand completely that to offer access from the Internet you have to offer your data to their proxy servers. I don't need it and I appreciate that they will still support me offline.
My push for offline is mainly because I really want to protect my home servers and server network. Having anything calling back to a device on my server network is not an option. Solar Assistant's proxy allows you to send commands to your inverter right? I'm sure they are fully ssl secured, use filtered and sanitized web calls, etc. But its still a way in, and if they lose control of their systems I have to minimize risk. I also have an issue with bluetooth tethering.
To hedge my bets, I have soldered a blob on my RasPi's antenna effectively shorting BT and Wifi out. This may eventually kill the wifi chip (oh well). I also deny all outbound traffic from the RasPi device to other networks. Its not perfect. But it seems to work. If I ever update my software I'll have to watch it again for misbehavior. I would really really prefer it worked on my IoT network, but I've never been able to isolate it and get web and mqtt to work properly (which is the entire reason to run it).
These concerns are not strictly for Solar Assistant. Its a problem all software companies have. I don't fault them, cybersecurity is a real PITA. I mean, India couldn't keep hackers from getting their citizen DNA data. Solarwinds couldn't keep the hackers out and they used it to launch attacks inside hundreds of companies. If a nation-state and a corp 500 company can't prevent it.. you see where I'm going.
These same problems exist for the Growatt ShineWifi device, BTW. Thats why I was working on open source (arduino/esp8266) over in the other thread, but.. I'm out of time and needed a solution. Solar Assistant fit that best, after I considered the stuff above.
(good lord this sounds like an advertisement for them.. sorry, didn't mean that. I reserve the right to change my mind at any time too! hahah)
FYI - From what I can tell, the solar-assistant Bluetooth tethering feature creates a 10.0.0.0/8 route that interferes with my home 10.10.y.z based home networks. For me specifically, this means I can only reach the solar-assistant device on its local network. Trying to reach the device from an external network fails because it can't get return traffic back to you. (more or less). This probably isn't an issue for most home networks using just one 192.168 network. I suspect they're working on a fix for this, but you may want to confirm with them if you're running into this issue. (oddly enough, this does not present an issue with the device reaching the Internet? not sure why...)
Just FYI everyone. S.A. Wi-Fi connection works great with T-Mobile 5G home internet. I’m by no means tech savvy. Stumbling through the setup it took me between 10 to 15 minutes and was stunned I did it virtually the first try ( not my normal M.O.). When in doubt fake it till it works (lucky) or so messed up it’s got to be removed (looser) and reloaded technique is how things usually go. I added SA to my Home Screen on my iPhone (it looks and works like an app) and it’s on my laptop too. The only problem I get is periodically is when I edit a setting (like grid charge current for a cloudy day), the pull down amp choices won’t appear. Restarting the phone solves it till next time. My phone was replaced and it’s exactly the same on the new iPhone 12 model. No big deal. It’s so nice to see what’s going on from anywhere and tweak things.
Last edited:
houseofancients
Solar Wizard
i can confirm this..
i can only use eth for my home 10.253.0.0/16 home networks and vlans
have asked SA to remove the 10.0.0.0/8 static from their wifi config and change it to 172.16.253.0/24 as it much less likely to interfere, just never got a response
as for data gathering, sa , just like other iot devices are on a segregated vlan with no route to internet unless i open it
Did you get it connected to your JBD?
I need to do that too
SniperX
Solar Enthusiast
- Joined
- Apr 1, 2021
- Messages
- 347
Ian at Watts247 just uploaded this video on it... Hope it helps.
tigerhill99
New Member
- Joined
- Jul 29, 2022
- Messages
- 13
Hi , I got a new card , how do I transfer my data from old card , SA guy mailed me “ After flashing the SD card, you can copy /var/lib/influxdb from the old card to the new one to transfer historic data.”
But I can’t find the this file when I acces the card library , am I missing something ? Need help thanks
But I can’t find the this file when I acces the card library , am I missing something ? Need help thanks
Bigblockcutlass123
12k DMV Growatt inverter
I really don't think you can transfer the data. In fact if you get too much data can cause problems.
leondavibe
New Member
SMH system from centurionsolar is also focused on pi they use a subscription model that is focused on raspberry pi , they have a 7 day trial
could always try that and see if it runs on your hardware if you don't come right with SA
leondavibe
New Member
you would have to access the card on a linux system or install ext4 explorer on windows to be able to browse the partition on windows (assuming they use ext4 file system naturally or boot from a live linux cd/usb )
fopoku2k2
New Member
- Joined
- Aug 20, 2020
- Messages
- 84
Were you able to connect your jbd BMSto solar assistant???
TomC4306
Solar Obsessive
Yes. Using the rs 485 (Bluetooth port) with this converter.
USB Module for BMS – Overkill Solar
overkillsolar.com
Attachments
Similar threads
