Sync smart inverter LG

blabullet · June 17, 2025, 8:33am

Hi, I have a hEX rb750gr3 as my main router at home, along with two APs (CAP AX and AX2). Everything generally works fine, but I can’t seem to sync devices like an irrigation system or an LG air conditioner. I’m not very knowledgeable; I’ve tried a few things, but I don’t know what else to look for. I welcome any suggestions for improving the configuration.

The hEX configuration is as follows:

# 2025-06-17 10:34:03 by RouterOS 7.19.1
# software id = 6B5U-98RN
#
# model = RB750Gr3
# serial number = <removed>
/interface bridge
add admin-mac=48:A9:8A:40:36:93 auto-mac=no comment=defconf name=bridge
/interface vlan
add interface=ether1 name=vlan20 vlan-id=20
/interface pppoe-client
add add-default-route=yes disabled=no interface=vlan20 name=pppoe-out1 user=286301565@digi
/interface list
add comment=defconf name=WAN
add comment=defconf name=LAN
/interface wifi security
add authentication-types=wpa2-psk disabled=no name=sec1
/interface wifi configuration
add channel.band=2ghz-ax .frequency=2412,2437,2462 country=Spain datapath.bridge=bridge disabled=no name=cfg2.4G security=sec1 ssid=myrouter
add channel.band=5ghz-ax .frequency=5180-5320,5500-5700 .skip-dfs-channels=disabled comment=cfg5g country=Spain disabled=no name=cfg5g security=sec1 ssid=myrouter-5G
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip pool
add name=default-dhcp ranges=192.168.0.128-192.168.0.254
/ip dhcp-server
add address-pool=default-dhcp interface=bridge name=defconf
/disk settings
set auto-media-interface=bridge auto-media-sharing=yes auto-smb-sharing=yes
/interface bridge port
add bridge=bridge comment=defconf interface=ether2
add bridge=bridge comment=defconf interface=ether3
add bridge=bridge comment=defconf interface=ether4
add bridge=bridge comment=defconf interface=ether5
/ip neighbor discovery-settings
set discover-interface-list=LAN
/interface list member
add comment=defconf interface=bridge list=LAN
add comment=defconf interface=ether1 list=WAN
/interface wifi capsman
set enabled=yes package-path="" require-peer-certificate=no upgrade-policy=none
/interface wifi provisioning
add action=create-dynamic-enabled comment=2.4G disabled=no master-configuration=cfg2.4G supported-bands=2ghz-ax
add action=create-dynamic-enabled comment=5G disabled=no master-configuration=cfg5g supported-bands=5ghz-ax
/ip address
add address=192.168.0.1/24 comment=defconf interface=bridge network=192.168.0.0
/ip dhcp-client
add comment=defconf interface=ether1
/ip dhcp-server lease
add address=192.168.0.253 client-id=1:d4:1:c3:f0:18:25 mac-address=D4:01:C3:F0:18:25 server=defconf
add address=192.168.0.252 client-id=1:d4:1:c3:de:81:cc mac-address=D4:01:C3:DE:81:CC server=defconf
add address=192.168.0.236 mac-address=D4:F5:47:93:EE:D0 server=defconf
/ip dhcp-server network
add address=192.168.0.0/24 comment=defconf dns-server=192.168.0.150 gateway=192.168.0.1
/ip dns
set allow-remote-requests=yes servers=192.168.0.150
/ip dns static
add address=192.168.0.150 comment=defconf name=router.lan type=A
/ip firewall filter
add action=accept chain=input comment="defconf: accept established,related,untracked" connection-state=established,related,untracked
add action=drop chain=input comment="defconf: drop invalid" connection-state=invalid
add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
add action=accept chain=input comment="defconf: accept to local loopback (for CAPsMAN)" dst-address=127.0.0.1
add action=drop chain=input comment="defconf: drop all not coming from LAN" in-interface-list=!LAN
add action=accept chain=forward comment="defconf: accept in ipsec policy" ipsec-policy=in,ipsec
add action=accept chain=forward comment="defconf: accept out ipsec policy" ipsec-policy=out,ipsec
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" connection-state=established,related hw-offload=yes
add action=accept chain=forward comment="defconf: accept established,related, untracked" connection-state=established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" connection-state=invalid
add action=drop chain=forward comment="defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat connection-state=new in-interface-list=WAN
/ip firewall nat
add action=masquerade chain=srcnat comment="defconf: masquerade" ipsec-policy=out,none out-interface=pppoe-out1
/ip upnp
set allow-disable-external-interface=yes enabled=yes
/ip upnp interfaces
add interface=bridge type=internal
add interface=ether1 type=external
/ipv6 firewall address-list
add address=::/128 comment="defconf: unspecified address" list=bad_ipv6
add address=::1/128 comment="defconf: lo" list=bad_ipv6
add address=fec0::/10 comment="defconf: site-local" list=bad_ipv6
add address=::ffff:0.0.0.0/96 comment="defconf: ipv4-mapped" list=bad_ipv6
add address=::/96 comment="defconf: ipv4 compat" list=bad_ipv6
add address=100::/64 comment="defconf: discard only " list=bad_ipv6
add address=2001:db8::/32 comment="defconf: documentation" list=bad_ipv6
add address=2001:10::/28 comment="defconf: ORCHID" list=bad_ipv6
add address=3ffe::/16 comment="defconf: 6bone" list=bad_ipv6
/ipv6 firewall filter
add action=accept chain=input comment="defconf: accept established,related,untracked" connection-state=established,related,untracked
add action=drop chain=input comment="defconf: drop invalid" connection-state=invalid
add action=accept chain=input comment="defconf: accept ICMPv6" protocol=icmpv6
add action=accept chain=input comment="defconf: accept UDP traceroute" dst-port=33434-33534 protocol=udp
add action=accept chain=input comment="defconf: accept DHCPv6-Client prefix delegation." dst-port=546 protocol=udp src-address=fe80::/10
add action=accept chain=input comment="defconf: accept IKE" dst-port=500,4500 protocol=udp
add action=accept chain=input comment="defconf: accept ipsec AH" protocol=ipsec-ah
add action=accept chain=input comment="defconf: accept ipsec ESP" protocol=ipsec-esp
add action=accept chain=input comment="defconf: accept all that matches ipsec policy" ipsec-policy=in,ipsec
add action=drop chain=input comment="defconf: drop everything else not coming from LAN" in-interface-list=!LAN
add action=fasttrack-connection chain=forward comment="defconf: fasttrack6" connection-state=established,related
add action=accept chain=forward comment="defconf: accept established,related,untracked" connection-state=established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" connection-state=invalid
add action=drop chain=forward comment="defconf: drop packets with bad src ipv6" src-address-list=bad_ipv6
add action=drop chain=forward comment="defconf: drop packets with bad dst ipv6" dst-address-list=bad_ipv6
add action=drop chain=forward comment="defconf: rfc4890 drop hop-limit=1" hop-limit=equal:1 protocol=icmpv6
add action=accept chain=forward comment="defconf: accept ICMPv6" protocol=icmpv6
add action=accept chain=forward comment="defconf: accept HIP" protocol=139
add action=accept chain=forward comment="defconf: accept IKE" dst-port=500,4500 protocol=udp
add action=accept chain=forward comment="defconf: accept ipsec AH" protocol=ipsec-ah
add action=accept chain=forward comment="defconf: accept ipsec ESP" protocol=ipsec-esp
add action=accept chain=forward comment="defconf: accept all that matches ipsec policy" ipsec-policy=in,ipsec
add action=drop chain=forward comment="defconf: drop everything else not coming from LAN" in-interface-list=!LAN
/system clock
set time-zone-name=Europe/Madrid
/tool mac-server
set allowed-interface-list=LAN
/tool mac-server mac-winbox
set allowed-interface-list=LAN

holvoetn · June 17, 2025, 8:38am

You might want to create a separate VLAN and SSID for ONLY those IoT things.
Adjust your firewall so it can not reach the rest of your network. Only router services like DHCP and DNS, network out and that’s it.
On that separate SSID, only use 2GHz since most will not accept 5GHz anyway.
As for security, most IoT devices I have at home will not accept an SSID which offers WPA3.
You don’t use it so that’s not the problem here.
But maybe you need to go even lower and only use WPA for that network.
It’s worth to test.

infabo · June 17, 2025, 9:29am

Whats means “can’t seem to sync”? These devices are not able to connect to the APs?

tangent · June 17, 2025, 9:51am

You can get the desired effect without VLANs.

blabullet · June 17, 2025, 10:40am

Exactly, the process to add the device to the app fails due to a timeout.

BrateloSlava · June 17, 2025, 10:51am

As far as I can see - it is desirable to add pppoe-out1 to the WAN list.
Show what settings are made on the access points.

infabo · June 17, 2025, 11:21am

app? this might be a very different issue.

Kentzo · June 17, 2025, 5:12pm

Locate MAC addresses of the devices (should be printed somewhere either on the devices themselves or in the accompanying documentation). Then check wifi registration table / logs to see if they connect successfully.

vingjfg · June 17, 2025, 5:41pm

Try changing the channel.band of your 2.4GHz to 2ghz-n. I have a few IOT devices, not that old, that do not support 2ghz-ax.

Kentzo · June 17, 2025, 10:05pm

2ghz-ax AP should be backward compatible up to 2ghz-n.

vingjfg · June 18, 2025, 3:42am

“Should”. Famous last words.

@blabullet , can you walk us through what you do to sync? That starts with pushing 2 buttons on the device remote.

Kentzo · June 18, 2025, 5:25am

Works well for me with AX^3 AP and smart plugs as WiFi-4 clients.

blabullet · June 18, 2025, 7:02am

Configuring the micro with only WPA, the irrigation system synchronized without any problem. I don’t understand why setting WPA2 and WPA doesn’t work.
However, the LG AM09BP air conditioner still doesn’t synchronize through the LG ThinQ app.

holvoetn · June 18, 2025, 7:10am

Is the device connected to wifi or not ?
Do log entries show anything for that device ?

blabullet · June 18, 2025, 7:17am

No, the air conditioner does not connect to the AP.

holvoetn · June 18, 2025, 7:23am

And the second part of my question ?
What does the log show when it tries to connect ?

If it does not connect, then it’s a bit logical the app can’t see it, yes ?
So focus on the connection. Forget about that app for now.

infabo · June 18, 2025, 7:26am

/interface wifi security
add authentication-types=wpa2-psk disabled=no name=sec1

Setting this to wpa-psk/wpa2-psk might be more compatible.

blabullet · June 18, 2025, 7:34am

What log are you referring to?

blabullet · June 18, 2025, 7:34am

When configuring wpa-psk/wpa2-psk, the automatic irrigation system did not connect. I don’t understand why.

holvoetn · June 18, 2025, 7:38am

Most likely because it has such old wifi drivers that it ONLY recognizes WPA and crashes when it sees anything else it does not understand. Those things are not UPwards compatible, you see …
Can happen with IoT stuff.
Leave it at only WPA for now.

You should look in the log files of the controller of that Access Point where the LG tries to connect to.
If it’s capsman controlled, look on the controller.
If the AP is standalone, look on the AP.

AS A TEST:
try to set NO security on the SSID where that LG needs to connect to.
What happens then ?

Also, are you 200% sure the used frequency of your wifi channel is accepted by that LG ?
Check documentation for that device.
I’ve seen it in the past devices only using a limited number of channels of 2GHz, not even up to channel 11.