Skip to main content

Network connectivity requirements

Klaes Vangsgaard
Updated

Internet Connection
A wired Ethernet connection is recommended for reliable data transfer.

Wi-Fi configuration is also available, but performance may depend on your environment.

A minimum connection speed of 3 Mb/s upload and download per device is required.

 

Our device supports DHCP by default and will accept IP address and DNS settings from the router. If your network requires the device to use a static IP address and DNS settings instead, you can configure these using the network configuration tool.

 

Networks with a firewall

Required Network Configuration

  • Essential Operation

    • Allow all outgoing TCP connections on port 443 (HTTPS) to any destination.
    • Necessary for backend connections, security updates, and remote troubleshooting.
    • If an internal DNS server is not provided via DHCP or manual configuration, allow all outgoing TCP/UDP connections on port 53 for DNS queries.

  • Remote Troubleshooting

    • Allow outgoing UDP connections from local port 41641 to any remote address and port (*:41641 to :).
      • Used for direct WireGuard tunnels, with flexibility needed due to the dynamic nature of our provider's infrastructure.
    • Allow outgoing UDP connections to any destination on port 3478 (*:3478).
      • Used for the STUN protocol, enabling devices behind NAT to determine their public IP and port mappings.

Note:

  • The device does not use a fixed set of outbound IP addresses, so broad rules are necessary to maintain connectivity. We apologize for any inconvenience and are working to reduce this requirement. If strictly required, we can provide a list of domains that need to be accessible, but the list will change and will need updating.

Isolation of device

  • Isolating the device on its own VLAN or similar port isolation is suggested.

  • The device does not require internal connectivity within your network.

  • TLS/HTTPS interception is not supported.

Custom configuration

The device has a network configuration tool that supports setting up WiFi SSID/password, EAP authentication and static IP/DNS.

If your network requires other custom configuration, such as a proxy connection, it needs to be done before the device is shipped.

We do not install arbitrary software on our devices.

 

Additional information

  • Images are sent and securely stored on Amazon S3 servers and are only accessible by your configured users.
  • Device is a Linux-based machine running Debian.
  • Automatic security updates are regularly applied.
  • Ethernet socket connects directly to the machine.
  • There is no USB port accessible on the device.
  • Device does not have backup power. In case of a power outage, the device will not automatically recover.

Network block diagram can be found below:

Reshape Cloud (AWS).png

Related articles

Comments

0 comments

Please sign in to leave a comment.