TMC is an independent, primarily volunteer organization that relies on ad revenue to cover its operating costs. Please consider whitelisting TMC on your ad blocker or making a Paypal contribution here: paypal.me/SupportTMC

Can't Access Private Websites on WiFi?

Discussion in 'Model S: User Interface' started by 1NJ85D, Mar 10, 2015.

  1. 1NJ85D

    1NJ85D Member

    Joined:
    Feb 26, 2015
    Messages:
    83
    Location:
    Scotch Plains, NJ
    With my Model S connected to my home WiFi, why is that I can't access/browse websites / webservers on my home/private network?
     
  2. jgs

    jgs Member

    Joined:
    Oct 28, 2014
    Messages:
    951
    Location:
    Ann Arbor, Michigan
    Is it possible that all of the car's Internet access is mediated through the VPN connection back to Tesla? You might give http://www.whatismyip.com a try from the car browser and see what you get.
     
  3. 1NJ85D

    1NJ85D Member

    Joined:
    Feb 26, 2015
    Messages:
    83
    Location:
    Scotch Plains, NJ
    Good point! I read it somewhere, it uses Open VPN. That would explain it. Thanks much.
     
  4. scaesare

    scaesare Active Member

    Joined:
    Mar 14, 2013
    Messages:
    3,937
    Location:
    NoVA
    They do tunnel back to the Tesla mothership (the actual DNS name, lol) via VPN. I suspect they use their own DNS servers to try and avoid folks mounting MitM attacks...
     
  5. wk057

    wk057 Senior Tinkerer

    Joined:
    Feb 23, 2014
    Messages:
    4,722
    Location:
    Hickory, NC, USA
    The Model S does not route internet traffic via the Tesla VPN. The web browser won't connect to IPs in any of the private IP ranges specified in RFC1918. I'd assume because some of these IPs are in use on their VPN and they don't want people poking around.
     
  6. jerry33

    jerry33 S85 - VIN:P05130 - 3/2/13

    Joined:
    Mar 8, 2012
    Messages:
    12,753
    Location:
    Texas
    The private IP ranges are non-routeable. You'd have to manually route them, probably through NAT, to the car to make it work.
     
  7. scottm

    scottm Active Member

    Joined:
    Jun 13, 2014
    Messages:
    1,277
    Location:
    Canada
    Maybe people need to be reminded what a private IP is....

    A ten-dot or 10.x.x.x

    These are "not routed on the Internet" by definition (of the RFC rules).
     
  8. jgs

    jgs Member

    Joined:
    Oct 28, 2014
    Messages:
    951
    Location:
    Ann Arbor, Michigan
    Well, those plus 192.168.x.x and 172.16.x.x through 172.31.x.x. The relevant RFC is https://tools.ietf.org/html/rfc1918. There's no standards-related reason 1NJ85D shouldn't be able to reach these since after all, 1NJ85D's browser isn't trying to "route anything on the Internet" in this case, it's within the private address scope (the local network). But wk057's guess that Tesla is using RFC 1918 space for their own nefarious purposes seems very likely. It's messy of them to stomp on the entire RFC 1918 space when they're surely only using a small portion of it, but then again everything about RFC 1918 is a kludge.
     
  9. Eseell

    Eseell Member

    Joined:
    Aug 23, 2014
    Messages:
    51
    Location:
    Phoenix, AZ
    Not really, that's a pretty standard security policy. I wonder if it allows connections to RFC 6598 space.
     
  10. jgs

    jgs Member

    Joined:
    Oct 28, 2014
    Messages:
    951
    Location:
    Ann Arbor, Michigan
    Depends on what you think is being secured from whom. If you consider the browser to be inside Tesla's security perimeter and they're letting you out to the Internet as a special case, then I guess you could call this "standard security policy". OTOH if you consider the browser to belong to you, and Tesla is allowing certain traffic into their perimeter via the VPN, then good practice would be for them to VPN the minimum set of what they need and leave the rest of it alone. I suppose maybe they grab all the 1918 stuff and VPN it because it lets them change their internal addressing scheme without having to push new configs out to the fleet, but really? They need to reserve *all* of 10/8, 172.16/12 *and* 192.168/16 just in case they need a few million extra addresses in the future? It seems sloppy. They could've taken (say) net ten for themselves and left the rest alone. Oh well, whatever.

    Good question, someone could try. Not me, I don't even have my car yet much less the stomach for tinkering with my home infrastructure.
     
  11. schneiderjohn

    schneiderjohn Member

    Joined:
    Aug 10, 2014
    Messages:
    61
    Location:
    Atlanta, GA
    Out of curiosity, has anyone tried to SSL VPN via the Tesla browser? Mine doesn't come until Monday, so I haven't had an opportunity to try.
     

Share This Page