Network blocked VPN now can't flash code

Our school just blocked all students ability to use a VPN, for obvious educational reasons. My class set of Photons can reach the network as usual, breathing cyan, but now we can’t flash code. Kind of strange.

When I use my cell phone to setup a hotspot we can flash code fine. Any idea what port I can tell the district techs to open to allow flashing code but not to allow VPN’s.

Can someone also explain what might be happening. It would help if I knew what the tech’s did, but I assume they shutdown all extra port access.

1 Like

Port 5683. Here is more info. What technologies used in accessing spark core from cloud

1 Like

That’s a little strange. If the CoAP port 5683 TCP outbound was blocked, the Photons would not get to breathing cyan.

I’d try a few other things to help narrow down what’s happening:

  • Can you flash using the CLI? For example:
particle flash DEVICE_NAME tinker
  • Can you flash using the Particle mobile app (not on Wi-Fi). For example: Select a device, use the … button in the upper right corner, and Reflash Tinker.

This will help determine if the problem is on the device side (less likely) or something like api.particle.io is blocked.

1 Like

Thanks @jstobaugh I will ask the techs if they can unblock that port. If that works no more issue. If that doesn’t work I will have to look into @rickkas7 suggestions, however I have never really liked using the client at school. Way to many hoops to jump through to get everything working.

I can not flash from the mobile App, unless I was using a hotspot.

The full set of instructions for whilelisting Photons is:

The Particle device cloud is comprised of many servers running in different places around the world. We routinely start and stop servers automatically to meet demand, and during routine maintenance, and it would be difficult to commit to a range of stable IP addresses. Our domain device.spark.io is dynamically updated and regenerated to reflect what local servers are available for devices, and is the best way to get a list of local servers to approve, but it is subject to routine change.

One alternative is to whitelist all Photon devices by MAC address, allowing them to make outgoing TCP connections to port 5683 on any host.

If this is not possible, as of the time of writing this is the list of IP addresses. It is subject to change.

  • 34.228.24.195
  • 52.90.98.3
  • 34.224.22.50
  • 52.90.147.116
  • 107.22.28.43
  • 52.91.51.61
  • 54.90.239.114
  • 107.22.156.56
  • 34.207.234.253
  • 52.204.226.242

If a new server is added, and is blocked by your firewall, it will time out and try again using a different server, but this will increase the time it takes to connect to the cloud.

3 Likes

You could flash code over USB using dfu-util or serial. You would likely have to modify the students’ coding environment a bit though.

At my workplace, all our internet access goes through a proxy server. When I browse a web page, my computer doesn’t talk directly to the hostname on the webpage, but instead goes through a company proxy server as an intermediary. I found that the particle CLI would only work if I make it operate through the proxy server. To do this, set two environment variables first:

set HTTP_PROXY=http://proxyserver:80
set HTTPS_PROXY=http://proxyserver:80

Here, the proxy server is called proxyserver. Obviously, for your school, it might be named something different, or be an IP address.

Allowing the port did the trick, looks like we have lots of other options if needed