Block ewelink/sonoff servers

javi_fly · September 25, 2024, 10:06am

Hi, I have several sonoff devices with the original firmoriginal which connects to the ewelink cloud to control them via cloud. This equipment also has local control.

Thanks to the integration GitHub - AlexxIT/SonoffLAN: Control Sonoff Devices with eWeLink (original) firmware over LAN and/or Cloud from Home Assistant I can control them from HA directly without using your cloud.

I have tried to configure a rule in my firewall so that a sonoff equipment can not communicate with the internet but if you have local network and I can manage it from HA without any problem (with local control).

To avoid having to configure a rule in my firewall to remove the internet connection of each device I was wondering if anyone knows of a general rule that prevents my devices from sending data to ewelink servers.

I mean blocking a range of IPs from ewelink servers or blocking with my DNS some url from ewelink servers.

I have tried blocking domains like itead.cn but I have not managed to stop my devices from communicating with the ewelink cloud. Does anyone know the IP or URL of these servers?

Thanks

javi_fly · September 25, 2024, 10:01pm

I have tested that by blocking these sites:

coolkit.cc
coolkit.cn
ewelink.cc
ewelink.cn

the ewelink application no longer works from my local network. But if I go on 4G the sonoff relays are still controllable, so they still send data to the ewelink servers. I can’t figure out what to block so that the relays don’t contact the ewelink servers.

javi_fly · October 3, 2024, 10:37am

nobody knows how to do it?

javi_fly · October 4, 2024, 1:21am

New developments.

I have tried to put in my network some DNS that do not exist 10.12.12.12 and 10.13.13.13 and all the devices in my network have stopped surfing web pages.

But the sonoff relays still connect to the ewelink cloud and are perfectly controllable from their cloud.

So I understand that they do not connect to the cloud by url but by IP.

Sir_Goodenough · October 19, 2024, 2:59am

That isn’t a valid IP4 address.

That is a local user address as defined by the internet and will not make it out of your router to the internet. that goes for all 10.x.x.x

javi_fly · October 19, 2024, 3:50pm

I put the ips 10.12.12.12 and 10.13.13.13 as DNS but do not exist in my network. I only did it so that the computers on my network do not know how to resolve url to not have dns. to see if not having dns computers stopped connecting to the cloud ewelink.

javi_fly · October 25, 2024, 9:11am

I have controlled my house with several ewelink relays and I would like to block the access to the ewelink servers of these equipments so that nobody from outside my house can give them orders. That is, they would only be controllable in local network with the ewelink app in local mode or with HA.

javi_fly · October 28, 2024, 12:41am

maybe someone with opnsense and a computer using the ewelink app could check these connections? does anyone have it?

javi_fly · November 6, 2024, 2:29am

I think I have it, make DNS query to:
eu-disp.coolkit.cc
eu-dispd.coolkit.cc
eu-dispa.coolkit.cc

and if those DNS queries fail it uses a list of IPs it has set by code:
3.122.175.228
52.57.6.180
3.126.179.44
18.197.22.118
18.195.70.186
52.59.160.228

I will do some tests for several days and I will confirm!