I recently configured a new OPNsense router here and since then, my MyQ garage door gateway is no longer calling home to the mother ship, so I’ve lost the ability to remotely control the garage door or use any of the automation rules that address it.
I’ve done some research but can’t definitively find what the gateway is trying to connect to and on what ports or whether it’s TCP or UDP? I’ve found various answers that are contradictory from talking about UDP port 80 timeouts to other endpoints on port 8083 but there’s nothing that’s really giving me a clue.
I don’t see where anything is being blocked outright in the firewall logs, but I also am getting nothing but the flashing green light on the garage gateway device. I’ve tried a soft reset on the MyQ gateway, had it pull a new DHCP address etc. but it’s just stuck there mocking me.
Is there any information out there about destination, ports, protocols and perhaps timing that’s been vetted and that I could try to craft rules for?
Unfortunately we dont have any information on this. In this case you will want to reach out to Chamberlain (myQ), they are going to be the best source of information here. Its unlikely that they have what you are looking for documented but their support staff may be able to point you in the right direction here.
I was casting a line out to see if maybe anyone has had the same experience but I’ll reach out to Chamberlain and see what gives. If I get anything useful from them, I’ll post it here so others can find it in the future.
Verify inbound and outbound TCP port 8883 is open. Verify the port is not being blocked by your router or a firewall product. Not having this port open will cause the myQ Wi-Fi product to not connect to the server.
If you’re really willing to dig in, you could try using a sniffer like Wireshark to watch what ports and protocols are being used. But that would take some elbow grease and patience.
I have seen that, but I’m not seeing the IP of the gateway try to establish that stateful connection on UDP port 80. I’m not sure how old that documentation is but it might be deprecated.
Wireshark is a good idea but unless I’m mistaken, that typically needs to be run on the endpoint experiencing issues. Pretty sure I can’t just sniff up all the traffic on my managed switch from one of my connected pcs. I’ll look into that further too.
If the MyQ device is WiFi you would need to put a laptop or something into promiscuous mode to get all the traffic in the air. If it’s Ethernet you would need a hub or a tap of some sort. You wouldn’t see the data because it’s encrypted but you would see the port numbers I think.
It’s a masochistic rabbit hole that I’m always tempted to go down and always takes longer than I expect but it could at least show you the network and transport layer stuff.
Does the router allow you to whitelist everything from specific IP or MAC addresses?
The gateway is wired ethernet. I could potentially mirror the switch port traffic to another port and take a look at it that way.
The good news is though that I seem to have solved it. I gave the MyQ gateway a static IP, and also changed some DNS rules to internally forward queries to a pair of on prem servers I’m running. Don’t know which one “fixed” it, but it’s back online.
For the record, the gateway attempts to establish a connection to 172.190.172.148 on port 8883. That appears to be a Microsoft IP, so I’m assuming something in the Azure cloud. That IP is no doubt subject to the whims of load balancing but the port is probably a pretty reliable way to try to find that traffic for anyone looking.
As always, I appreciate the team’s willingness to help
