watson524 Posted October 1, 2018 Share Posted October 1, 2018 Have a few newbie questions now that I have 2 houses going with two ISYs. For both houses, I have a dyndns.org account setup and then applied on the respective routers. I have set both ISYs to static IPs so that I can forward the 443 port through the router to the static IPs of the ISY. I have Agave installed on my phone and I can flip between the two houses by changing the password and the XXXX.dyndns.org address in the Primary URL part and that works just fine. What I'd like to be able to do is use the admin console across the internet vs being at the house I want to "talk" to. Like say if I want to change up some programs or something, as far as I know, I can't do that from Agave. I had thought putting XXXX.dyndns.org:443 into a web browser would have worked but no dice. Is what I'm trying to do possible at no cost? Link to comment
dbuss Posted October 1, 2018 Share Posted October 1, 2018 @watson524 , I too have two houses with ISYs. I let the router assign IP addresses to the ISYs and then reserve those IP addresses in the routers. This method allows me to log into either ISY from anywhere using the UDI portal. You can have both locations in the ISY Launcher. In Agave, you just have a profile for each location. Link to comment
watson524 Posted October 1, 2018 Author Share Posted October 1, 2018 That's where I'm struggling. When you say UDI portal, is that a URL somewhere? I can only do it in the admin console software local to my laptop and only when I'm standing in the house I want to access. In Agave, I was making it harder than need be, I see your profile option you mentioned so I'll set that up. Tho I can't edit programs in Agave so it sounds like I need to explore this "UDI portal" more Link to comment
dbuss Posted October 1, 2018 Share Posted October 1, 2018 @watson524 Here's the Wiki link to the portal information. https://wiki.universal-devices.com/index.php?title=Main_Page#ISY_Portal_Installation_Instructions Link to comment
watson524 Posted October 1, 2018 Author Share Posted October 1, 2018 I had run across that before but it looks like the ISY Portal has a cost associated with it? (I did just do a 30 day trial to see what's what). I was hoping for a free option. Link to comment
MWareman Posted October 1, 2018 Share Posted October 1, 2018 I had run across that before but it looks like the ISY Portal has a cost associated with it? (I did just do a 30 day trial to see what's what). I was hoping for a free option. You can do this directly... Do your ISYs have a paid SSL certificate issued in the name of XXXX.dyndns.org? That’s what’s needed for secure remote connections directly to the ISY.The ISY Portal is a much simpler, lower cost option. Link to comment
watson524 Posted October 1, 2018 Author Share Posted October 1, 2018 Um... I do have paid dyndns accounts of that is what you mean to I've only used it via port forwarding on the router and not any kind of ssl certificate. I'd have to look into how to do that. Are you saying if I did I could then do what I thought I should be able to as far as a url of xxx.Dyndns.org:443? So far the portal software doesn't look like I can write programs like I can on the admin console tho I need to do more digging there Link to comment
DennisC Posted October 1, 2018 Share Posted October 1, 2018 What application are you looking to write programs from? I don't believe any of the "apps" (Agave or Mobilinc) allow you to create programs. They are only for remote control or to check status. Link to comment
MWareman Posted October 1, 2018 Share Posted October 1, 2018 To work using port 443, a certificate that is trusted by the machine you are connecting from is required. Some apps allow the use of self-signed and allow you to save a local trust anchor. Others do not (and require a publicly trusted likely for-cost certificate). It’s quite a complex field. One of the reasons the ISY Portal exists is to make this much easier. Here is a link to the ISY Security guide with all the needed information.... https://www.universal-devices.com/docs/ISY994%20Series%20Network%20Security%20Guide.pdf On the ISY Portal, if you look up the Admin Console URL you can plug that into the ISY Finder as the URL. You then authenticate using your Portal credentials and can use the full admin console. Easy. Link to comment
watson524 Posted October 1, 2018 Author Share Posted October 1, 2018 1 hour ago, DennisC said: What application are you looking to write programs from? I don't believe any of the "apps" (Agave or Mobilinc) allow you to create programs. They are only for remote control or to check status. I was hoping to do it all in the admin console since that's all I know LOL! Unfortunately, right now, I don't have time to learn in depth on new stuff so I think I'll go ahead and just go between the two houses to write what I need to. They are only a few hundred yards apart so it's not like folks that have vacation houses and involve travel time Link to comment
apostolakisl Posted October 1, 2018 Share Posted October 1, 2018 5 hours ago, watson524 said: I was hoping to do it all in the admin console since that's all I know LOL! Unfortunately, right now, I don't have time to learn in depth on new stuff so I think I'll go ahead and just go between the two houses to write what I need to. They are only a few hundred yards apart so it's not like folks that have vacation houses and involve travel time 1) Portal is $1/month. I wouldn't concern myself with the cost. I did a self-signed certificate for years prior to portal being developed. A year or so after portal came out, I gave it a try. Trust me, I would never do SSL again given the portal option. Portal is so easy and makes integration with google home/Alexa a breeze plus there is two way integration with them that can not be done with port forwarding/ssl. Also, you don't even have to bother with static IP's for your ISY, the portal maintains a connection to ISY so your router will always automatically route the traffic to the correct LAN address even if it changes. 2) I set up an ISY at my church. We have two structures about 150 feet apart. We had several conduits between the buildings. I ran what basically amounts to a long extension cord through the conduit and put a single dual band device on the end of that extension cord at the entry to building two. This devices communicates with the dual band devices plugged into that building's power system. That synchronizes the Insteon networks between the two buildings just like you use dual ban devices to synchronize the split phases of a house. It is much nicer to control the two buildings as a single entity rather than two separate systems since the two buildings are part of the same entity. Perhaps in your case the two buildings are separate homes lived in by different families, in which case I would not do that. 3) Finally, if you really don't want portal, then the easiest (and most secure) thing to do is get two VPN routers and create a VPN tunnel between the two buildings. Then you access either ISY from either building using your LAN ip address. However, the cost of two VPN routers would pay for a whole lot of years of portal. If you needed new routers anyway, that is a different story. Personally, I have that situation setup between my home and my office. However, it was done for reason of work, not for ISY. 4) And one more option. Run fiber between your two buildings and put both buldings on the same LAN. That will have the extra bonus of saving you the cost of two ISP's. I set this up at my church as well. You get two trendnet fiber to IP converters (one at each end). It cost about $200 for all the stuff and it went into one of those conduits. I suppose you could also use a radio bridge between the buildings to connect he LAN's. I have never done this and it is more expensive but avoids trenching. You need line of sight and the high powered directional antenna/transmitters. EDIT: Actually I have tp-link model, not trendnet. But trendnet has there own models that at a glance look pretty similar. Word of caution with the tp-link model, you MUST have a gigabit router/switch at each end. The ethernet jack on these only links at gigabit speed. I use two of these: https://www.newegg.com/Product/Product.aspx?Item=N82E16833704115&nm_mc=KNC-MSNSearch-PC&cm_mmc=KNC-MSNSearch-PC-_-pla-_-Network+-+Transceivers-_-TP-Link-_-33704115&msclkid=7b31d930dfd219e1ff948282b62d6b91&gclid=CKjAvI_y5d0CFYv0swodAlIKbA&gclsrc=ds Link to comment
watson524 Posted October 2, 2018 Author Share Posted October 2, 2018 Connecting the two buildings isn't really an option. When I say a few hundred yards, I mean 6 or 800 lol! It's at two ends of a 110 acre property and we likely will not be keeping both. It's between our house and my mom's house. She passed away in February and tho we are in an out up there all the time, I still need some eyes on it. The most likely situation is that we would sell our house and the 10 acres it sits on and go there with the barn across the street and build a new garage in the back (so your tips for getting things out to the new garage are useful). So I'm not clear, with the portal, you can create programs like I can in the admin console? That's what I can't figure out. Link to comment
dbuss Posted October 2, 2018 Share Posted October 2, 2018 @watson524 , The portal is not for creating programs. You will still create your programs in the admin console as you do now. The portal allows easy access to your ISY from outside your LAN either through the admin console or Agave. Another way to put it is, the portal is your connection between the outside world and you ISY. It also allows you to connect Amazon Echo products or Google Home products to your ISY. I'm pretty sure you would like it. Link to comment
watson524 Posted October 2, 2018 Author Share Posted October 2, 2018 Hmm.... I don't have anything Echo or Google Home (and no near future plans to) so I guess I don't have to worry about that and I already use Agave without this ISY Portal so it sounds like since I can't write programs with it, I can just stick with Agave that I already have - unless I'm being dense? Link to comment
larryllix Posted October 2, 2018 Share Posted October 2, 2018 BTW: Two wireless routers with antennas using focused antennae can talk quite well back and forth also. Cities use WiFi with special antennae that can be used within 5-10 miles. Link to comment
Scottmichaelj Posted October 2, 2018 Share Posted October 2, 2018 BTW: Two wireless routers with antennas using focused antennae can talk quite well back and forth also. Cities use WiFi with special antennae that can be used within 5-10 miles. I agree. Something like a Ubiquity setup. Then you could have access “local” on the same network. Not a cheap solution but a solution nonetheless. Depends on the insurance deductible I would guess. Link to comment
apostolakisl Posted October 2, 2018 Share Posted October 2, 2018 2 hours ago, watson524 said: Hmm.... I don't have anything Echo or Google Home (and no near future plans to) so I guess I don't have to worry about that and I already use Agave without this ISY Portal so it sounds like since I can't write programs with it, I can just stick with Agave that I already have - unless I'm being dense? The portal is a secure and stable internet i/o route between you and your ISY. It takes care of all the security and keeps your isy available without having to open any ports or use any security certs. You still use your computer and the standard admin console to program ISY from anywhere in the world, you just use the portal as the route to your ISY. It is also the route you use for everything else, like Agave, Alex, Google, IFTTT, Tasker, etc. Again, portal is $1/month. You have a $300 ISY and God knows how many hundreds (or thousands) of dollars of home automation stuff, you really should be able to handle the $1/mo. It would seem to me that you are not using even a self-signed cert. Did you ever create a self-singed cert? You say you are using port 443, but that doesn't mean you are using a secure connection. I can't say for certain if Agave lets you use port 443 as a non-secure connection, but your web-browser will not (at least not without purposefully bypassing a bunch of warnings), which explains why you say you can't use your browser to access isy. Though just opening a web browser and browsing to your ISY url doesn't open the admin console, it opens the isy's web server, and if you don't have a website configured on the isy, it won't give you much of anything. It sounds to me like you are exposing your credentials across the internet every time you login with Agave. Link to comment
watson524 Posted October 2, 2018 Author Share Posted October 2, 2018 3 minutes ago, apostolakisl said: You still use your computer and the standard admin console to program ISY from anywhere in the world, you just use the portal as the route to your ISY. It is also the route you use for everything else, like Agave, Alex, Google, IFTTT, Tasker, etc. Again, portal is $1/month. You have a $300 ISY and God knows how many hundreds (or thousands) of dollars of home automation stuff, you really should be able to handle the $1/mo. It would seem to me that you are not using even a self-signed cert. Did you ever create a self-singed cert? You say you are using port 443, but that doesn't mean you are using a secure connection. I can't say for certain if Agave lets you use port 443 as a non-secure connection, but your web-browser will not (at least not without purposefully bypassing a bunch of warnings), which explains why you say you can't use your browser to access isy. Though just opening a web browser and browsing to your ISY url doesn't open the admin console, it opens the isy's web server, and if you don't have a website configured on the isy, it won't give you much of anything. It sounds to me like you are exposing your credentials across the internet every time you login with Agave. So I think that's the part I'm not getting. That the portal just let's me use the admin console from anywhere. I thought it was portal OR admin console, not portal on top of admin console. Nope, no self signed cert. Agave must let me use port 443 as non-secure because that's the port I'm using (vs 80) and I have no cert and "use SSL" is checked off on agave. If what you're saying is that if I get the portal I can access the admin console (and thus create/edit programs) from anywhere, then I will investigate it further. Link to comment
MWareman Posted October 2, 2018 Share Posted October 2, 2018 on the VPN solution... Personally, I have that situation setup between my home and my office. However, it was done for reason of work, not for ISY. From an InfoSec perspective, site to site VPN is a bad idea between a home network and an office network. Very different security needs. You should only connect two networks together where the security controls are consistent. You wouldn’t want a vulnerability in a device you have at home to affect your office.... Link to comment
MWareman Posted October 2, 2018 Share Posted October 2, 2018 Nope, no self signed cert. Agave must let me use port 443 as non-secure because that's the port I'm using (vs 80) and I have no cert and "use SSL" is checked off on agave. That means to not at all secure. You are sending your ISY username and password in plain text across the Internet... If you go ahead with the Portal, configure Agave to use it. And shut down the insecure port. Link to comment
apostolakisl Posted October 2, 2018 Share Posted October 2, 2018 18 minutes ago, MWareman said: on the VPN solution... From an InfoSec perspective, site to site VPN is a bad idea between a home network and an office network. Very different security needs. You should only connect two networks together where the security controls are consistent. You wouldn’t want a vulnerability in a device you have at home to affect your office.... I have multiple LANs at home. I only have my work computers at home on the office vpn LAN. I also have multiple LAN's at the office and only have the work computers at the office on that LAN also. All IoT things, guest wifi, etc are on separate LAN. Link to comment
watson524 Posted October 2, 2018 Author Share Posted October 2, 2018 I think this is finally sinking in. I'm at my own house so it's not a great internet test from the laptop but on my phone, when I switch the url to the very length one the ISY finder has, it says invalid. So then I found these instructions: https://www.agaveha.com/docs/connect-to-udi-portal/ and it looks like I need to purchase portal access for Agave But what I'm missing is once you put the portal info into agave, how does it know which UUID you want to log into? Do you still switch profiles like I'm doing now? Link to comment
larryllix Posted October 2, 2018 Share Posted October 2, 2018 2 hours ago, watson524 said: I think this is finally sinking in. I'm at my own house so it's not a great internet test from the laptop but on my phone, when I switch the url to the very length one the ISY finder has, it says invalid. So then I found these instructions: https://www.agaveha.com/docs/connect-to-udi-portal/ and it looks like I need to purchase portal access for Agave But what I'm missing is once you put the portal info into agave, how does it know which UUID you want to log into? Do you still switch profiles like I'm doing now? Don't forget the https (note 's') has to be used for a secure port like 443. Link to comment
watson524 Posted October 2, 2018 Author Share Posted October 2, 2018 Didn't get to the agave part yet but I'm at house 2 and via the ISY Portal, I'm in admin console on house 1. This is brilliant! I can set the ISY back to DHCP instead of reserving an address out and then on the router, I can shut off the port forwarding to 443 AND then I guess I really don't need the dyndns.org anymore. Link to comment
apostolakisl Posted October 2, 2018 Share Posted October 2, 2018 28 minutes ago, watson524 said: Didn't get to the agave part yet but I'm at house 2 and via the ISY Portal, I'm in admin console on house 1. This is brilliant! I can set the ISY back to DHCP instead of reserving an address out and then on the router, I can shut off the port forwarding to 443 AND then I guess I really don't need the dyndns.org anymore. correct. If you need to communicate with ISY from outside the LAN, the portal generates a url for you to plug into whatever it is. You will use one of these url's for your Agave. Please note, you will need portal on both ISY's to access both of them from outside the LAN, and you will need two usernames for Agave. The portal allows you to have a single account with both ISY's registered to that account and also have two (or more) users on that account. But Agave requires that the username you are using has the target ISY listed as its primary. Obviously, only one primary can be assigned to any given username, so you need to create two of them and assign one username as ISY 1 primary and the other username as ISY 2 primary. As far as logging into ISY admin console, any username associated with the account will let you log in. Link to comment
Recommended Posts
Archived
This topic is now archived and is closed to further replies.