Home Automation eHouse can by connected externally from the internet.
Home Automation which can be fully controlled from the outside (the Internet) .
Full support of the system (send commands and receive status of the controllers using TCP) with dynamic authentication.
In addition, it is possible to receive the status via the UDP .
To eHouse system was reachable from the Internet must be fulfilled several conditions .
1 . Internet access provider must be able to move data from outside the local network (no firewall – at least one TCP port) .
2 . Internet connection must have a fixed IP address .
3 . Alternatively router must support the use DDNS or similar allowing for unambiguous identification of the network without a fixed IP address .
Router connects a local network to the Internet must support DDNS service or similar (if there is no static IP address) .
You must create a DDNS account and correct configuration of the router (enter address , username and password) and all broadcasting equipment (enter web address) .
4 . It is available on the local firewall ports (services) used by the system eHouse allow data transfer output on the outside and input on the inside .
5 . It is necessary to set the NAT (Network Address Translation) assigning external internet ports , internal ports and the destination IP address of the device (eg . CommManager or PC computer eHouse system management ) .
6 . If you wish to receive UDP broadcast status of the controllers also need to configure a VPN (virtual private network) to form a tunneled connection through the available internet link . Due to the low quality of Internet connections and the lack of confirmation , error handling and UDP security, may prove to be a futile effort .
AD 1 . Select the internet access provider does not block where the TCP/IP ports on your side, or allows you to create firewall rules to handle the passing ports eHouse system over TCP/IP and connectivity to the outside .
AD 2 . Fixed IP address is reachable only from the providers and have to pay extra for the annual subscription of about 30Euro.
This is the best and safest solution is guaranteed because , that all services will be available.
Unlike , some ISPs offer dynamically allocated shared web address. In addition, we have direct connectivity P2P (Peer To Peer) Host to Host .
AD 3 . In some cases it is possible to communicate with the eHouse system using DDNS or similar service.
It is based on the fact that the access to the Internet router on the LAN running DDNS client informs the DDNS server , address what is at the moment an external interface connection and works on the principle of proxy – server using DDNS “turning” connection direction toward the DDNS server (kinda like an internal router are connected to the server, DDNS, and it remained , station and not from the outside would try to connect with the station on the LAN.
The use of the combination “proxy” can significantly slow down the transmission of data in such a case , as the data pass through the server , which may be for example, in U.S. .
Please select a server lying as close to your location in order to reduce response times for devices .
DDNS serves as “Bridge of software” on the existing web link. From the point of view of the customer network , It connects to the primary server DDNS and not the second ” end of the link ” the LAN .
AD 4 . EHouse system to operate over TCP from the outside requires a port facing outwards (by default 9876) or adding a firewall exception rule (for TCP) . To provide controllers status by default UDP port 6789 to the status of a binary (eHouse application or commmanager ) and 6788 for the text of the application status (eHouse.exe) . It is used to add firewall ports (for UDP) .
AD 5 . NAT address translation is required to the data coming from the outside of the port , redirect to a specific port within a LAN device . Must be at least redirect TCP port for two-way communication with the outside (the default TCP port 9876) .
AD 6 . Properly configured VPN generally requires a fixed IP address . Some ISPs despite charges a fixed IP address VPN treated as additional VIP service and expect additional compensation for its activation mostly in the form of subscription .
Due to the principle of the UDP protocol that may be receiving data via the Internet will be not to functional or data will be lost, status as a result of poorly functioning link or transmission errors .
In the case of the Internet, you can actually opt out of this step, leaving a much more reliable TCP connection.
In fact, the use of UDP broadcasts can be implemented outside the LAN to DMZ or Intranet within a distributed network of objects and the building.
The decision of leaving active service status of the UDP broadcast over the Internet or intranet to support the practical tests.
Initial Setup Router.
Present a sample configuration on the basis of a well-known WiFi router Linksys_WRT-54GL.
It is a WiFi router based on Linux allows third-party firmware upload to the functions that we need (VPN , VoIP, etc.) .
Due to the full service, it was necessary to install VPN firmware dd-wrt considered to be good in the world of routers and installed on WiFi router devices.
Set the Internet connection in our case, a fixed IP address . Important here is the DNS address and gateway output .
Enable DHCP for the local network 10 devices . work for basic Internet and LAN .
Choice DDNS service or similar – if you do not have a fixed IP address, or if we want to address our network by name instead of IP address . These services are generally free .
In the case of a fixed IP address configuration better than the IP address of the DDNS service name due to several – several seconds faster response equipment .
Setting up DDNS or similar – When registering, we select a unique address in the domain DDNS .
This address is associated with your user name and password, and is registered to the DDNS .
Next we move to integrate firewall that will protect our network from the outside, and block out information from the inside .
If we use a VPN to unlock special rules for the VPN firewall .
Then go to Settings NAT (Network Address Translation) or assign ports on the external interface ports for LAN devices .
It is necessary to activate the service-nat eHouse (default port 9876) TCP .
VPN2 vpn services and may be required on some routers to VPN to work properly and the other should be removed .
Services ” UDP eHouse xx” can be turned on or off as required for our router – are generally not necessary since data is sent only to the outside.
If you use data services on the outside yet here are VPN configuration for this purpose .
We use for this purpose PPTP (Peer-to-peer transfer protocol) , which is the easiest and most available on the number of mobile devices without any additional installation and configuration .
Just turn on the PPTP server with broadcast .
Perform Air Test , as in some versions of the mobile operating system platforms , link may be very stable and fast .
Enter server address (a virtual LAN) .
In addition, in the CHAP – Secrets Enter your username and password, as shown in the picture as .
By the way the router settings for the system eHouse worth looking into WiFi settings .
Very good protection against burglary WiFi network from the outside is only unlocked their MAC addresses of network cards that have WiFi .
This means blocking all the cards , and to exclude adding mac addresses of all devices with WiFi cards .
External devices are not allowed at all to our network , even if the key is made public WiFi access .
Wireless network security is best to choose WPA2Personal+TKIP key and very long, eg 64 characters making it impossible to scan every combination of scanners WiFi networks in the vicinity.
This key can be stored in a text file and does not need to remember .
In addition, lock the remote possibility of configuring the router (with the WiFi and the Internet) . Home Automation