I am just attempting to get MQTT to work, and connect one MQTT client to the Venus MQTT broker.
The client I want to add does NOT support TLS/encryption.
On older Venus versions, it seemed that one could activate plaintext for MQTT, and on the current firmware I have to set the “Local Network Security Profile” to unsecured to get MQTT port 1833 open? Why not allow us users to activate unsecured MQTT, while all other security measures remain in place? I don’t like that, and hope that I am missing something here.
I really would like to have secured (tls and password) access to Cerbo and the services in general, but require unencrypted MQTT.
So please, Victron developers: Either tell me what I am doing wrong, and how I can enable security/password for everything but have an open and unencrypted MQTT port.
If this is not possible: Please make a quick fix to the firmware and provide this option.
Im not sure if you feel comfortable using ssh or the terminal or if thats at all in the ball park of how you want to do this.
If you are comfortable with the command line, you could manually edit the flashmq configuration file to force port 1883 to stay open regardless of the GUI setting.
I think the dev team is still transitioning fror mosquito to flashmq to improve performance, andI think they are still refining how the “Security Profiles” interact with specific ports.
Doing if in the Terminal (ssh) would we an option, if there is nothing else.
I’d rather have Victron developers bring the option back, because I assume, if I change config manual, it might potentially cause issues with Victron configs itself, and it most likely will break whenever I perform an update…
Im not one of the developers, Im an enthusiast. On Linux systems you have two options, either leave the iptables the way they are per default, or modify them to achieve what you need.
That would look something like:
iptables -A INPUT -p tcp --dport 1883 -j ACCEPT
Usually when the option is removed, it doesnt come back and is the Linux users responsibility to put it back so that their systems work.
The documentation shows how to save the command to /data/rc.local to allow the change to be persistent across updates.
If you “Disable Modifications” in the UI turns it off, the system will actually rename this file to rc.local.disabled to stop it from running.
On Linux systems you have two options, either leave the iptables the way they are per default, or modify them to achieve what you need.