search

AlexxIT / SonoffLAN

Control Sonoff Devices with eWeLink (original) firmware over LAN and/or Cloud from Home Assistant
https://github.com/AlexxIT/Blog
MIT License
2.58k stars 407 forks source link

eWeLink Coolkit SSL issue #1222

Open n-vodenicharski opened 10 months ago

n-vodenicharski commented 10 months ago

Looks like there is issue with the SSL validation of the CoolKit servers, thus the cloud managed devices are not working.

A solution will be to add configurable ssl_verify parameter when creating the session: async_get_clientsession(hass, False) in custom_components/sonoff/init.py and custom_components/sonoff/config_flow.py

AlexxIT commented 8 months ago

What exact coolkit domain you talking about? I haven't seen any problems

n-vodenicharski commented 8 months ago

It is either the China or the EU once - I have put a local fix to the issue and don't have the errors anymore.

azharkov78 commented 8 months ago

I have same problem, I think [custom_components.sonoff.core.ewelink.cloud] Cloud WS Connection error: Cannot connect to host eu-pconnect8.coolkit.cc:8080 ssl:default [None] [custom_components.sonoff.core.ewelink.cloud] Cloud WS Connection error: Cannot connect to host eu-pconnect5.coolkit.cc:8080 ssl:default [None] and other servers upd. My mistake in Router DNAT rule.

porkytin commented 8 months ago

@azharkov78 can you share what was your mistake and what changes did you make to solve it?

azharkov78 commented 8 months ago

@azharkov78 can you share what was your mistake and what changes did you make to solve it?

Mistake was in DNAT rules in Mikrotik router. I forget select IN interface. And all traffic to port 8080 (local and from wan) go dnat local ip

mlnzigzag commented 6 months ago

I had a very similar issue on my network, where all Sonoff devices were working properly on ewelink app but I was unable to use them through HA. I've enabled debugging and found multiple rows like this: [custom_components.sonoff.core.ewelink.cloud] Cloud WS Connection error: Cannot connect to host eu-pconnect8.coolkit.cc:8080 ssl:default [None] I've found that my firewall's outbound policy was blocking the outside connection to port 8080. After creating a proper allow rule all devices are back in HA.

There is one thing I wasn't able to understand tho, I always had this firewall and I've never reconfigured the IoT VLAN outbound policy, the Sonoff devices have been working for two years, then they suddenly stopped working. I'm wondering if coolkit.cc was working on standard 80/443 ports, and then they changed it to 8080? And why, by the way, use a non-standard 8080 port for an SSL connection in 2024?

I'm using the master branch version of the SonoffLAN, not a Release, should this help troubleshoot the issue.

n-vodenicharski commented 6 months ago

The cause of the issue are the coolkit servers. The SonoffLAN starts the comunication with GET call "https://eu-dispa.coolkit.cc/dispatch/app" The server response is: { "domain": "eu-pconnect5.coolkit.cc", "reason": "ok", "error": 0, "IP": "52.57.51.171", "port": 8080 } Then the web socket communication continues with: wss://eu-pconnect5.coolkit.cc:8080/api/ws. And this sometimes fails sometimes not. Using wss://eu-pconnect5.coolkit.cc:443/api/ws seems to be working fine.

n-vodenicharski commented 6 months ago

Implementation reference: custom_components/sonoff/core/ewelink/cloud.py:297

mlnzigzag commented 6 months ago

The cause of the issue are the coolkit servers. The SonoffLAN starts the comunication with GET call "https://eu-dispa.coolkit.cc/dispatch/app" The server response is: { "domain": "eu-pconnect5.coolkit.cc", "reason": "ok", "error": 0, "IP": "52.57.51.171", "port": 8080 } Then the web socket communication continues with: wss://eu-pconnect5.coolkit.cc:8080/api/ws. And this sometimes fails sometimes not. Using wss://eu-pconnect5.coolkit.cc:443/api/ws seems to be working fine.

Thanks a lot, I knew it was something weird at their side!