Block ewelink/sonoff servers #1499
Comments
|
nobody knows how to do it? |
|
New developments. I have tried to put in my network some DNS that do not exist 10.12.12.12.12 and 10.13.13.13 and all the devices in my network have stopped surfing web pages. But the sonoff relays still connect to the ewelink cloud and are perfectly controllable from their cloud. So I understand that they do not connect to the cloud by url but by IP. |
|
Few options: Put them in their own VLAN. Block access to WAN. Broadcast mDNS across VLANs to ensure local control works. Alternatively, create an IP group of all Sonoff devices and block that IP group to WAN. The Sonoff devices probably have their own hard coded DNS. You can look into DNS redirection if you want to go this route. |
|
It is possible that they have an internal DNS set if, in that case they will not use the dhcp dns. And they will be calling their urls and resolving them with another dns. |
|
I have controlled my house with several ewelink relays and I would like to block the access to the ewelink servers of these equipments so that nobody from outside my house can give them orders. That is, they would only be controllable in local network with the ewelink app in local mode or with HA. |
|
maybe someone with opnsense and a computer using the ewelink app could check these connections? does anyone have it? |
|
I think I have it, make DNS query to: and if those DNS queries fail it uses a list of IPs it has set by code: I will do some tests for several days and I will confirm! :-) |
Hi, I have several sonoff devices with the original firmoriginal which connects to the ewelink cloud to control them via cloud. This equipment also has local control.
Thanks to the integration GitHub - AlexxIT/SonoffLAN: Control Sonoff Devices with eWeLink (original) firmware over LAN and/or Cloud from Home Assistant 2 I can control them from HA directly without using your cloud.
I have tried to configure a rule in my firewall so that a sonoff equipment can not communicate with the internet but if you have local network and I can manage it from HA without any problem (with local control).
To avoid having to configure a rule in my firewall to remove the internet connection of each device I was wondering if anyone knows of a general rule that prevents my devices from sending data to ewelink servers.
I mean blocking a range of IPs from ewelink servers or blocking with my DNS some url from ewelink servers.
I have tried blocking domains like itead.cn but I have not managed to stop my devices from communicating with the ewelink cloud. Does anyone know the IP or URL of these servers?
I have tested that by blocking these sites:
coolkit.cc
coolkit.cn
ewelink.cc
ewelink.cn
the ewelink application no longer works from my local network. But if I go on 4G the sonoff relays are still controllable, so they still send data to the ewelink servers. I can’t figure out what to block so that the relays don’t contact the ewelink servers.
The text was updated successfully, but these errors were encountered: