morpheus17pro

Last week bought a Nuki Smart Lock Pro 5 to be able to open the door remotely in case it is needed.

As I don't want any IoT device to have access to internet and send telemetry, I (tried) to add it to my isolated vlan where all my sensors are connected, but I had some issues trying to set up the local MQTT (I'm not alone on this). DISCLAIMER: you need their mobile app to set up the device, but I was able to do it mostly without internet connection, only Bluetooth and GPS enabled.

After some digging, found this troubleshooting FAQ, which mentioned to either disabling DNS port or blocking just HTTPS port in firewall.

In my case, as I do provide DNS to some local services within that isolated network I cannot simply block DNS on firewall, indeed my DNS querying is restricted to my local zone, anything else is refused. Internet forwarding is blocked, too. Under this conditions, MQTT setup was still refusing to connect to my server, although I was seeing some attempts in the mosquitto server logs.

My solution was just forcing the nuki.io to return 127.0.0.1 for any record (i.e. set up *.nuki.io IN A 127.0.0.1 in my DNS server for that network), as it seems the device use DNS as LAN connectivity healthcheck, so when it was unable to resolve some nuki.io records, it was disconnected from the WLAN.

With that set up I was able to make it work without internet connectivity. Note that even with this I received an error (8E) within the app, but if you return back, the MQTT connectivity data gets stored and it connects after a few seconds.

Hope this helps anyone facing the same issue.