Connecting DIY IoT Devices to the Internet With PfodApp

by drmpf in Circuits > Arduino

3755 Views, 12 Favorites, 0 Comments

Connecting DIY IoT Devices to the Internet With PfodApp

PortForward_1.jpg

How to connect at home and away using the same Connection

This instructabe covers how to get your WiFi pfodDevice, IoT, connected to the Internet. It also shows how the pfodApp solves the problem of not being able to connect to your local device via the Internet while you are still at home. This tutorial is also available at http://www.forward.com.au/pfod/HomeAutomation/ConnectingIoT/index.html)

With the arrival of inexpensive ESP8266 based WiFi boards which can be programmed via Arduino IDE, it is now very easy to build a WiFi controlled switch. The pfodDesigner lets you design Android menus and generates the Arduino code while the pfodApp handles all the Android side, no Android programming required. The Garage Door Remote with Position is a more advanced example.

If you are allowing connection from the Internet you need to consider security. pfodApp supports a 128bit security which will work with Mega based boards or higher, this includes ESP8266 boards. Again Garage Door Remote with Position is an example of using this security.

As will be described below you can configure your router to allow access to your IoT device from the Internet using a public IP or web address. However when you are connected to your local WiFi, your router will not allow you to connect using that Internet address. This usually means you need to set up two connections, one for use at home and one for use when way. This does not work well when you are backing down the drive and want to close the garage door. Because you are just on the edge of your home WiFi, your mobile is dropping in and out of WiFi range and neither the local or Internet connection works well.

pfodApp V1.2.91+ solves this problem by allowing you to set up just one connection, using the Internet address, and then when you connect, pfodApp automatically turns off the mobile's WiFi connection so forcing the connection to go via Mobile Data out to the Internet and back in through your router. When you close the connection the mobile's WiFi is turned back on. If you are away and connected to some other WiFi network, you can force pfodApp to use that WiFi connection by turning off the Mobile Data connection in your phone's settings.

Having solved that problem here are the three steps to getting your DIY IoT device on the Internet

  1. Give your device an unchanging local IP address on your network
  2. Punch a hole through your Internet Router so you can reach your local device's IP from the outside world
  3. Set up a Dynamic IP Client so you can find your Internet Router from outside world, or, as an alternative, pay for a static IP to be assigned to your home router so it global IP does not change.

Finally if you make your device accessible from the outside world you need to think about security. How to protect against hackers gaining access to your device.

Before You Start

routerLogin.jpg

Before you start you need to make sure you can log on to your Internet Router, because you will need to make some changes there. In this instructable, I am using an iiNet router, but most Internet routers will provide similar settings, but on different screens. To login to your router

a) Run Fing app to see what your router's address is.
b) Open a web browser and type http:// and the router's IP address. e.g. http://10.1.1.1 or http://192.168.1.1 or http://172.16.1.1 and whatever the IP address of your router is.
c) The router will prompt you to login. You need the username and password for your router. A common username is admin and common passwords are admin and password.

Give Your Device an Unchanging Local IP

DHCPrangeSettings.jpg
lockingAllocatedIP.jpg

Your Internet or ADSL Router is the gateway from the outside world into your local network. Each device and computer and phone on your local WiFi network has a unique IP address that is not visible to the outside world. These address are of the form 10.xx.xx.xx or 192.168.xx.xx or less commonly 172.16.xx.xx to 172.31.xx.xx They are usually allocated dynamically by your router using DHCP.

This instructable assumes you already have your local device connected to your local network and that you can connect to it locally. In this example by using pfodApp. The Garage Door Remote with Position provides a web page configuration to connect it to your local network. Once your device is connected it will have its own local IP address. Unless you allocated it a static IP, your router will have allocated an IP address for you. You will have already found out what this is in order to connect to your device. You can use an app called Fing to scan the local network for the IP addresses of all the currently connected devices.

To consistently connect to your device, you need to make sure that this local IP does not change. You can do that in two ways.

1) Allocate a static IP to your device. (preferred)

2) Lock the DHCP allocated IP address given to your device so it will not change and will not be allocated to another device.

Allocate a static IP to your device

The Garage Door Remote with Position sets a static IP as part of its configuration. Choose an IP in the range of your local network and choose a high value for the last number, say .100 up to .254. e.g. 10.1.1.101 The DHCP on your router allocates IP numbers starting with a last number of .2 (the number .1 e.g. 10.1.1.1 is usually reserved for the router itself) and as new devices appear on the network higher numbers are allocated to them.

By choosing static IP's from 100 up you will avoid having two devices with the same address. You can also change the DHCP configuration in your router to limit the range of IP addresses that will be automatically allocated. Here is what they look like on my router. See point 4. in the screen shot. I have set the DHCP finish IP to 10.1.1.99 so the DHCP will not allocate any IPs higher than that.

Lock the DHCP allocated IP address

If you cannot allocate a static IP to your device, some WiFi chips and libraries do not offer that option, then you can set your router to lock the IP it has automatically allocated to your device. Here is the settings screen on my router with IP 10.1.1.7 locked to an ESP8266 device.

Punch a Hole Through Your Internet Router

PortForward_1.jpg

Now that you have an unchanging local

IP address for your device, you can set up your router to 'port forward' particular requests from the outside world, the Internet, to your device on your local network.

Note: If this port forwarding does not seem to work, first check the settings, then try turning off the router's firewall. If it still does not seem to work contact your Internet provider and see if they are blocking some ports on your router Once you have the port forwarding working, turn the router's firewall back on.

When you connected to your device locally, you used both an IP address and a portNo. If you connected using a web browser e.g. by typing http://10.1.1.7 , the default http port number of 80 was used. Devices that are controlled via web pages usually use port 80, but you are free to set any port number you like in your device's code. For the Garage Door Remote with Position , the device's code listens on port 4989 for connections from pfodApp and does not use web pages but rather very short command strings.

Port numbers can range from 1 to 65535. On your computer, and your device, port numbers identify which program is to handle this connection. The program that has been set up to 'listen' on the port will receive the connection and process the messages and send the responses.

While you can use any port number for your device's program to listen on, some port numbers are 'well known'. For example if your device serves web pages to it would normally use port 80 (or 8080 is using secure http). But these are only guidelines and you can use any port number you like on your device. Port numbers in the range 49125 to 65535 are not associated with any particular service/program.

When you try to connect to your device from the outside world via the Internet, you first connect to your routers global IP address (more on this later) and to a particular port on your router. The 'port forwarding' table in the router tells the router which local IP address and portNo to send this connection to. In other words the 'port forwarding' table maps a router's global port onto a particular local IP address and portNo.

Above is a simple example of a port forwarding

In this example, if the router gets a connection on port 50200 from the Internet, the router will send that connection to 10.1.1.200 port 4989 (usually written as 10.1.1.200:4989). If the router gets a connection on port 80 from the Internet, the router will send that connection to 10.1.1.3:80. If the router gets a connection on port 50210 it will send that connection to 10.1.1.201:4989.

A few of things to note:-

  • The Private Port does not have to be the same as the Inbound port. Here Private means IP and portNo on your local (internal) network.
  • Here I am just setting the Inbound Port number to the last number of the IP address + 50000. Since each device has a unique IP number this gives me a unique inbound portNo for each device.
  • The connection type is almost always TCP. For IoT devices you will probably never use the other connection type, UDP

Set Up a Dynamic IP Client

So far you have set up your router to forward connections from the Internet to your IoT device, depending on the incoming portNo. However you need to know the global IP address of your router on the Internet in order to connect to it. Often your internet service provider will change the global IP address of your router as other users leave and join. For an extra fee, most service providers will arrange to fix Internet address of your router so that is does not change. Then when you are away from home you can connect to your IoT device using your router's Internet IP address and the portNo set up in the port forwarding table.

For example if your router's Internet address was fixed at 124.149.166.144, then connecting to 124.149.166.144:50201 , via the Internet, would connect to your router and be forwarded to your IoT on your local network at 10.1.1.201:4989

If you don't want to pay the extra fee to get a fixed Internet address for your router, you can set up a free Dynamic IP client which will update a remote server on the Internet periodically with your router's current IP address. That server then can map a web domain name to your router's current IP address so you can connect to your IoT devices.

For example if your Dynamic IP account has a domain name of fred.freeddns.org then connecting to fred.freeddns.org:50201 , via the Internet, will send the connection to your routers current Internet address and port 50201. The router will then forward the connection to your IoT at 10.1.1.201:4989 and let you control it.

There are a number of Dynamic IP services. Some of them are free. I used the free service from www.dynu.com running on a Mac. You need to have a computer running the dynamic IP client all the time so that it can send updates of your changing router's Internet address. i.e. If you go away for holidays you need to leave that computer running (as well as the router and the IoT device).

Setting up a free Dynamic IP Client from www.dynu.com requires to you create a login account and then choose a name for your router and add it to one of the available domains. For example choosing the name fred and adding it to the domain freeddns.org gives the complete web name for your router as fred.freeddns.org.

Then download the client to suit your operating system. On Mac, you download the .zip file and unzip it and then click on the .dmg file and then when prompted drag the Dynu icon into the Applications directory. Then start the Dynu client application and fill in your login details.

Finally right click on the Dynu client in the task bar, and under Options, tick Open at Login so that the client starts up each time you log on to the machine. As mentioned above you need to keep this computer and the client running so any changes in the Internet IP address of your router can be sent as updates to Dynu's central server.

Connecting Via the Internet and Security

To connect via the Internet, you first need to turn off the WiFi connection on your phone to make sure your phone is NOT connected to your local WiFi network, but is instead using it own 3G connection. This is because the router will not port forward connections coming from within your own network. The connection needs to come from outside, via you phone network provider. If you are using pfodApp, then this is done for you automatically when you try to connect to a non-local IP.

In pfodApp , set up new connection with a host name of fred.freeddns.org and the Inbound port number that your router will map to your IoT device. In this example, set portNo 50201, if you want to connect to the IoT at 10.1.1.201:4989 on your local network.

If you are not using pfodApp to connect to your IoT device, you may want to set up two connections, one for use when you are at home which connects directly to 10.1.1.201:4989, and one to use when you are away and not connected to your home WiFi network which connects to fred.freeddns.org:50201. However as noted above this does not always work very well.

Finally, now that you have set up your Internet connection to your local IoT device, unless you add some security, anyone who finds your router's IP address and the port that is mapped to your device will be able to connect to it. Hackers regularly just scan the internet looking for IP and ports that they can connect to.

If you are using pfodApp, then you can add 128 bit security to your connection by using a secret password. The page, “Challenge and Response Security for Internet connected pfodDevices” discusses how this password can be generated and how it is used to provide security for your device. The Garage Door With Position project uses this security.

If you are connecting to your IoT device by some other means, you need to consider what security features are available.