question

jonasiq avatar image
jonasiq asked

VRM Portal IP address?

Hi


We are doing some installations with Venus GX in a closed network. We need to make an opening in the customer firewall, to be able to connect to the VRM.


We are not able to do a DNS lookup on the http://ccgxlogging.victronenergy.com/


Cabn you guys provide us with the correct IP adress and port numbers.


Thanks in advance.


BR. Jonas

remote console
2 |3000

Up to 8 attachments (including images) can be used with a maximum of 190.8 MiB each and 286.6 MiB total.

4 Answers
mvader (Victron Energy) avatar image
mvader (Victron Energy) answered ·

Hi @JonasIQ herewith the full and official answer:


That earlier this week announced IP change is about the Remote Console on VRM relay server. Which is not the server to which a Venus-device sends its VRM data.


A full overview of all used network connectivity is here:
https://www.victronenergy.com/live/ccgx:ccgx_faq#q15what_type_of_networking_is_used_by_the_color_control_gx_tcp_and_udp_ports


So, its more than just one (!)


With regards to the one you asked for: I've looked it up and it is:

H:\>ping ccgxlogging.victronenergy.com
Pinging ccgxlogging.victronenergy.com [52.28.98.25] with 32 bytes of data:

Reply from 52.28.98.25: bytes=32 time=128ms TTL=50

I fail to understand though why you couldn't do that ping yourself? I'm just curious :-).


Then lastly: we might ofcourse one day change that IP address behind ccgxlogging.victronenergy.com. If that happens, we will just like last time I'll send out an email again about that.


1 comment
2 |3000

Up to 8 attachments (including images) can be used with a maximum of 190.8 MiB each and 286.6 MiB total.

mvader (Victron Energy) avatar image mvader (Victron Energy) ♦♦ commented ·

ps I'll accept my own answer to make sure its on the top :).

0 Likes 0 ·
jonasiq avatar image
jonasiq answered ·

Hi

Thanks for the quick reply. Can you confirm that the new IP adress is open from today. Since this is a new installation, we will like only to open to the new Ip and not the old one also?


Thanks in advance.


Br. Jonas

2 |3000

Up to 8 attachments (including images) can be used with a maximum of 190.8 MiB each and 286.6 MiB total.

markus avatar image
markus answered ·

Sorry for being unclear. So if you want to configure your firewall outbound rules:

ccgxlogging.victronenergy.com IP: 52.28.98.25 Ports: 80, 443 # Logging Data

supporthost.victronenergy.com IP: 84.22.107.120 Ports: 22, 80, 443 # Remote Console on VRM

mqtt-rpc.victronenergy.com IP: 84.22.105.209 Port: 443 # Remote VEconfig / FW Update

updates.victronenergy.com IP: 46.19.36.138 Port: 443 # Venus Firmware Update

Essentially needed for logging data to VRM is only the first one. The other ones are optional, if the functions are used.

Keep in mind, that the IP addresses could change in future.


I deleted my other misleading posts.


Regards,


Markus

1 comment
2 |3000

Up to 8 attachments (including images) can be used with a maximum of 190.8 MiB each and 286.6 MiB total.

mvader (Victron Energy) avatar image mvader (Victron Energy) ♦♦ commented ·

Ok; and one bit of further info: just now someone who replied to me on the IP Address change email learned me that his firewall can whitelist on DNS name; rather than IP address.


So for anyone reading this looking to whitelist; try that first.

UPDATE: but make sure to know what you're doing. DNS can be hacked. And I don't know enough about that to say anything authorative on it.

1 Like 1 ·
paulcooper avatar image
paulcooper answered ·

I have been monitoring my firewall for the past two days and have found numerous outgoing connections to many different IP addresses on port 123. Here is a sample of the addresses:

91.236.251.129

81.94.123.17

128.0.142.251

45.87.77.15

185.242.112.53

188.125.64.7

213.209.109.45

193.252.223.86

194.54.80.27

62.116.130.3

80.74.64.1

185.51.192.34

185.117.82.70

185.229.201.12

There are many more than this. Additionally there was one access to 163.171.130.131 on port 443.

I am very concerned that there is a trojan operating within my MultiPlus II GX running v2.70 large-18. Please can @mvader (Victron Energy) confirm whether this behaviour is normal. It certainly doesn't look that way to me! Maybe it has something to do with Node-Red but that also seems unlikely.

Needless to say I have blocked all outbound traffic from the Multi other than the victronenergy.com addresses @Markus specified above.


UPDATE - when I blocked all other traffic my live vrm stopped working. I've added 3.125.86.187 in to the allowable IPs and it seems to be working again. It would be helpful if there was a definitive list of IPs to be enabled in the firewall.


Regards, Paul


8 comments
2 |3000

Up to 8 attachments (including images) can be used with a maximum of 190.8 MiB each and 286.6 MiB total.

mrhappy avatar image mrhappy commented ·

3.125.86.187 is an Amazon cloud computing server, seems likely that victron is hiring such services for VRM.

0 Likes 0 ·
Show more comments

Related Resources

Additional resources still need to be added for this topic