Issues with Hydros equipment and standard networks

[Treefer32]

I'm hoping there's someone here that knows more about Hydros communication methods? I've worked with Coralvue support and they stopped troubleshooting or being willing to help me once they proved that there's a problem with my home network.

We proved that by setting up my phone as a hotspot with the wifi turned off in the house, setting the phone to the same SSID and password as my wifi, and then using the Hydros app to change my wave engine settings. the updates went through immediately.

However, when I have my network on, using the Hydros app, anytime I make a change, it says upload failed. However, if I close and restart the app and check my 4 gyres, the change was actually implemented. Down the road I was planning to go with a Hydros controller, however, given the network issues with my out of box network configuration, I am forced to go with some other controller system.

My 10 year old apex classic works fine with my network settings, My 3 AI Hydra LEDs work without a hitch, and my Reefmat 1200, as well as Mobius connected MP40s.

With that said, anytime I make a change with the Hydros app on my network, it says in bright red "Upload failed". But like I said, if I close the app and go back in the change is implemented. If I switch from normal operation in the hydros app to feed mode, it takes effect immediately. I'm even able to do Firmware updates from the Hydros app to the wave engine. It's only when I hit upload to make changes to the speed percentages or change the running mode that it says "upload failed".

I'm happy to make changes to my router, but Coralvue is not willing to tell me what standard network settings are needed. What IP ranges, what Port (other than http port, which if that were true, then the upload button would work just fine).

Any network gurus know how the hydros app works and what network settings it uses to communicate with the upload button?

Like I said, I have all standard settings in place. The only thing is Asus routers use trend micro to keep the network secure. I don't know if it's one of those settings that it sees the Hydros app as being malicious on the network?

 

[nbooks]

disclaimer: not a networking guru, but my father was...and im running hydros flawlessly on a ubiquiti unifi network and hate trend micro

the thing standing out to me is that the information is going OUT with no issue and you are not able to receive the RETURN confirmation from hydros cloud which absolutely points to trend micro...which is a known it support pain in the butt. watch the hydros colors when you push the update and you can see if it confirms it visually.

afaik trend micro works by blacklisting URL's which you have no control over, also has a ton of features that track you and your personal info fyi. I would suggest finding a way to completely disable trend micro and run behind a seperate firewall on each computer if you want to stick with that router.

Furthermore - it makes total sense that Hydros/coralvue are not willing to support on another companies equipment...they went far enough to prove their product worked.

 

[Treefer32]

Thank you! That's exactly what I needed to know. I turned the Trend Micro AI protections all off and suddenly the hydros app stopped erroring out. Funny that Hydros is blocked by Trend Micro, but not AI Hydra, Neptune Apex, or Red Sea Reef Mat, nor the Mobius app. Of all my reefing devices the wave engine is the only one blocked... Is there a way to get sites white listed by trend micro? or it's a black hole?

 

[Lbrdsoxfan]

IDK what model of Asus router you have, but I had a heck of a time with white listing ports, mac addresses and port forwarding with an older Asus rapture gaming router.

It's now in the pile of excess 'puter junk. The aiProtection software was trash. If your not willing to get away from it as said above, checkout what port the hydros needs white listed to get it to work. I had mainly issues with remote access of NAT storage and stable port forwarding based on ip. Just wasn't worth the hassle to reinvent the wheel. Went back to Netgear routers.

 

[TokenReefer]

Oh boy I switched from netgear to asus for the configurability... you can add a whitelist url to the firewall. I'm running asuswrt-merlin fwiw. If that doesn't work you can take it up with asus at least

 

[Treefer32]

I'm running the Assus RT - AC88U router. I loved it for the configurability of denying devices on the network, timed blocking of devices, and scheduling of device abilities to be on the network. It has the cability to do if logic too so at some point, I could do notifications when certain phones and devices are "home" / On the network. With a teen in the house on the network with numerous devices, the ability to lock devices without shutting down the whole network is a useful teen management tool. The only problem is the Trend Micro blocking 1 reef device. Lol.

 

[TokenReefer]

I'm running the Assus RT - AC88U router. I loved it for the configurability of denying devices on the network, timed blocking of devices, and scheduling of device abilities to be on the network. It has the cability to do if logic too so at some point, I could do notifications when certain phones and devices are "home" / On the network. With a teen in the house on the network with numerous devices, the ability to lock devices without shutting down the whole network is a useful teen management tool. The only problem is the Trend Micro blocking 1 reef device. Lol.

yeah they're leaps and bounds ahead of netgear imo as far as options and I run both in different locations; but not everything is perfect lol
Edit: i have the RT-AX86U

 

[Lbrdsoxfan]

yeah they're leaps and bounds ahead of netgear imo as far as options and I run both in different locations; but not everything is perfect lol

Not denying that @ all, but my experience wasn't pleasant. Thus I got away from it. This was maybe 4 years ago, so it's prolly gotten better since then, but for the price, I'm good.

The fairly stupid proof of a nighthawk mesh setup is doing fine for me. Don't get me wrong, it has its issues too, but versus the cringing and late night fighting with settings the Asus ROG router was giving me, I'm good.

 

[Treefer32]

Thanks, I agree on them being ahead, but not perfect. For the longest time it kept saying there's firmware updates and I did them everytime it said there was one, it just wouldn't register for 3 months that it had been updated. Then finally another update came out, I did that one and it finally registered there's no other updates. Definitely buggy at times, but it's pretty reliable and the configuration options are huge.

I'm not tied into the Trend micro automation crap. It was nice to know that things were protected without me having to think through what things to block, allow etc. I like the AI technology allowing the software to figure out what's hazardous and what's not. However, this points out the very issue of AI... It's not perfect at figuring out what is friend or foe. . . My Wave engine is not a foe to my network. I wish it allowed me to say continue monitoring except for this device. And maybe it does, I'm just not a good router programmer. The days of doing that are long gone.

 

[TokenReefer]

Netgear is great. I was all netgear for a long time but as my nework got more complicated I kept running into shorcomings and so far I just haven't run into those with asus. Definitely both quality products, don't want to debate that

 

[TokenReefer]

Wish I had a hydros to play around with it for ya

 

[nbooks]

Thank you! That's exactly what I needed to know. I turned the Trend Micro AI protections all off and suddenly the hydros app stopped erroring out. Funny that Hydros is blocked by Trend Micro, but not AI Hydra, Neptune Apex, or Red Sea Reef Mat, nor the Mobius app. Of all my reefing devices the wave engine is the only one blocked... Is there a way to get sites white listed by trend micro? or it's a black hole?

to further complicate things - hydros uses AWS cloud, they may not actually be able to tell you exactly what to open up on your end because they likely don't know what AWS is doing, they just pay for service.

As i saw mentioned, the aiProtection is what is (likely) causing the issue and if you skim through some reddit gaming/network posts you'll see it can actually lag out games and toss packets etc. Flashing it to Merlin MAY help but isnt guranteed.

 

[TokenReefer]

to further complicate things - hydros uses AWS cloud

this is good info! thanks

 

[nbooks]

this is good info! thanks

well a quick look shows apex does too...which im wiling to bet means AI/mobius too and well basically the whole world does...so who knows.

could be AWS trickery or solely trend micro BS

the one thing i know from lurking in the hydros facebook group is that a ton of people find out how crappy the "awesome" router best buy sold them is when they get hydros since its a little finnicky with 2.4ghz and equipment that can do both 2.4 and 5

 

[Treefer32]

well a quick look shows apex does too...which im wiling to bet means AI/mobius too and well basically the whole world does...so who knows.

could be AWS trickery or solely trend micro BS

the one thing i know from lurking in the hydros facebook group is that a ton of people find out how crappy the "awesome" router best buy sold them is when they get hydros since its a little finnicky with 2.4ghz and equipment that can do both 2.4 and 5

Yeah support tried telling me that too. I have smart Wifi turned on meaning router is using both 2.4 and 5ghz at the same time. Thankfully with the Asus, I'm not having any issues with it staying connected to the wifi, despite it being merged signals.

I just expect more when it comes to technology, advanced networking and the internet has been available to consumers for close to 30 years now. I would expect connected devices to be more than reskinned plug 'n play. Especially for what we pay for in the technology. But that's more of the amorphous why can't everyone just play nice together and less about reefing equipment.

 

[TokenReefer]

I've yet to get a controller so was just trying to help (as little as I could) but this is good to know.

Yeah. So many people with issues connecting a 2.4 only dev on a dual band network... I always set up a guest 2.4 anyway for iot devs. They only need to talk to the cloud and shouldn't need access to you lan...seems safer this way. I got ransomwared a few years back (open nas device) and I've been paranoid ever since

Quick search, seems aws uses standard 443 connection ports and 4149...wonder what route it's taking to authenticate. You can view your active connections right after you initiate the hydros app maybe and see where it's connecting to. Honestly tho if it works without trendmicro ai enabled they'd have to add an exception for it if you want that back on going forward. They've obviously cast too big of a net for protection....it happens

 

[Treefer32]

I've yet to get a controller so was just trying to help (as little as I could) but this is good to know.

Yeah. So many people with issues connecting a 2.4 only dev on a dual band network... I always set up a guest 2.4 anyway for iot devs. They only need to talk to the cloud and shouldn't need access to you lan...seems safer this way. I got ransomwared a few years back (open nas device) and I've been paranoid ever since

Quick search, seems aws uses standard 443 connection ports and 4149...wonder what route it's taking to authenticate. You can view your active connections right after you initiate the hydros app maybe and see where it's connecting to. Honestly tho if it works without trendmicro ai enabled they'd have to add an exception for it if you want that back on going forward. They've obviously cast too big of a net for protection....it happens

I agree. I appreciate the help, pointing out ai protection was a good call. It's disabled now.

 

[Treefer32]

well, two days after disabling ai protection (Trend micro) I canno longer communicate with the Hydros wave engine via my network nor through my phone's hotspot. I can get status updates, it flashes the blue heartbeat on the device, and I can change cycles (e.g. from normal operations to feed mode).

But, if I try changing a specific schedule like changing it from a max of 85% to 90% and click upload changes, it says upload failed again. I tried it with the wifi turned off, and used my phone's hotspot with the same SSID and password. I made sure 1 device was connected on my phone, and then tried upload changes, and it still gave the upload failed again (this guaranteed worked 2 days ago.)

I've restarted the router, the ai mesh node, and the hydros all multiple times since. Now it doesn't work at all.

I'm to a point of deleting the wave engine from the cloud. I created a guest 2.4 ghz secure network that I want to try connecting the hydros to. But I haven't figured out how to switch which network it is on. I'm thinking I have to delete it from the cloud and reset it up. I'm scared to do that though, given the possibility of not reconnecting... I don't want to end up bricking it.

 

[JeffB418]

well, two days after disabling ai protection (Trend micro) I canno longer communicate with the Hydros wave engine via my network nor through my phone's hotspot. I can get status updates, it flashes the blue heartbeat on the device, and I can change cycles (e.g. from normal operations to feed mode).

But, if I try changing a specific schedule like changing it from a max of 85% to 90% and click upload changes, it says upload failed again. I tried it with the wifi turned off, and used my phone's hotspot with the same SSID and password. I made sure 1 device was connected on my phone, and then tried upload changes, and it still gave the upload failed again (this guaranteed worked 2 days ago.)

I've restarted the router, the ai mesh node, and the hydros all multiple times since. Now it doesn't work at all.

I'm to a point of deleting the wave engine from the cloud. I created a guest 2.4 ghz secure network that I want to try connecting the hydros to. But I haven't figured out how to switch which network it is on. I'm thinking I have to delete it from the cloud and reset it up. I'm scared to do that though, given the possibility of not reconnecting... I don't want to end up bricking it.

To change what network your hydros is connecting to, just use the + option in the top left menu and readd it as if it was a new device. This process will let you reassign a new Wi-Fi network/password. Once that is done, the device should connect to the new network.

 

[Treefer32]

Thanks! I figured that out, I setup a dedicated guest 2.4ghz wireless network, was able to connect it to that, put my phone on the same network. And was still unable to upload changes. I may be stuck with these settings forever. Support told me at this point I need to send it in. I can't shut down 30k gph of circulation for a week or two. My 340 gallons would turn into a pile of bacterial sludge. So frustrating. I wish I had another one to see if the same problems occur. Not much else I can check for. I even white listed amazonaws and Hydros to make sure there's explicit permissions.

From what I can tell inspecting the communications over the router is that the URL string is getting truncated. At least it is in the logs:

hydros-prod-filestoragebucket-18rdd3br5xn9v.s3.us-west-2.amazo