I have a pfsense router with an NTP server that is advertised with DHCP and also NAT rules setup to redirect any outbound traffic on UDP port 123 to the router instead of whatever NTP server on the internet it was going to. When doing the setup process on the WyzeCam v3 (v18.104.22.168) I keep getting a ‘Connection timed out’ message from the camera. It did pull an IP and was pingable for 10-20 seconds up until it voiced the message. I checked the DNS logs and noticed that it did lookups on 5-10 different domains that seemed to be various NTP servers. As soon as I disable the NTP redirect rule, the setup process works normally. After setup, if I re-enable the redirect rule the camera will still work until it is restarted as it fails to connect to the network afterward. I have Wyze cam v2 (v22.214.171.124) that works normally whether the rule is enabled or not. Anyone know what might be going on?
My routers are set to get time (udp123) from a registered NTP server on the public network. Any NTP requests are redirected to that server. After inital setup of 1st Wyze product it continues to work for other Wyze products. I haven’t had to resync. V2:126.96.36.199 V3:188.8.131.52
Speculation: Could AWS restrict permissible NTP services to a lookup table?
I have encountered a similar, if not the same, issue.
Some of my routers need to run their own NTP and DNS servers. Any outgoing NTP or DNS traffic is intercepted and responded to by the router.
Anyone concerned with time precision, or secure/reliable DNS, may be doing the same.
The camera says something like “could not connect” but that is not really the case. It does connect, it gets an IP, and then it sends two DNS requests (port 53), and NTP request (port 123), then another DNS and another NTP, before it quits.
This is the only device or software that I’ve ever had any problem like this with.
Router configurations should have as few special-case modifications as possible, and for something as generic/universal as NTP, it makes no sense to configure NTP exceptions just for Wyze cams - this is a fundamental mechanism that should not be messed with.
As it is, I have already had to make other uncomfortable firewall rule exceptions for Wyze cams because their MAC addresses cannot be counted on to be static.
I’m not familiar with #wishlist items. Please let me know if there is anything I can do to encourage expediting this - I’m not looking forward to supporting separate routers and increasing wifi signal competition just for Wyze cams.