Quick background. I have the Rachio locked down via a firewall with only the required outbound ports opened. I also go one step more, I only allow Rachio to open a connection to a specific IP(s) address.
When I setup the Gen 3 this spring, only a single IP address was required in the router/firewall rules. It ran trouble free until I had to do some WIFI updates and my WIFI was up/down multiple times over a weekend/week. Now the Gen 3 is now wanting to talk to multiple IPs (port 8883) at initial connection establish. When it cannot reach an IP, it will timeout and go to the next IP to try. The problem is the Gen 3 won’t default on boot up to a consistent IP. I find that every reboot I have to add another IP to the “whitelist”. Perhaps, there is now a list of IPs for the Gen 3 to try in the initial connection process?
Has something changed in the last month? Is there a list of IPs that the Gen3 wants to connect to? Any way I can limit the IPs to 1 or 2? Or default it to a consistent IP on boot up?
Like @robnielsen said, it todays world of the cloud, I’m not sure it is feasible to really lock devices down like that. Rachio, and MANY other cloud based products utilize AWS, and I suppose there is a chance things change on occasion.
So, a bit more digging at the packet level. Rachio has a static host name that it queries which is hosted in AWS. DNS responses from AWS does return different IPs, but it would seem to currently rotate among a few. However, with AWS that could certainly change, which is probably what I ran into. Transitioned the firewall rules to that host name and all is good. I do have a timing race condition since my firewall/router caches DNS and updates only every 5 minutes, but so far the Rachio connects first time every time.
Perhaps I am being a bit paranoid with my lock down, but it is what it is.
I am very surprised Rachio does not do this. I guess I will have to return mine and look for another product that will do this. Anyone have any recommendations?
