Yesterday I tried using OTA programming for the first time and the only way for that to work at the moment is disabling the firewall which is not very convenient.
I’ve seen here there is the note:
For windows users. To manage OTA check the ESP wifi network profile isn’t checked on public be sure it’s on private mode.
The network I am using for OTA is on private profile and when I disable the firewall for the private profile OTA works well.
I enabled firewall logging trying to find out to which program firewall blocked the access and pfirewall.log looked like this:
#Version: 1.5
#Software: Microsoft Windows Firewall
#Time Format: Local
#Fields: date time action protocol src-ip dst-ip src-port dst-port size tcpflags tcpsyn tcpack tcpwin icmptype icmpcode info path
2021-06-25 02:50:11 DROP TCP 192.168.1.81 192.168.1.105 57196 46067 44 S 1848201026 0 5744 - - - RECEIVE
2021-06-25 02:50:14 DROP TCP 192.168.1.81 192.168.1.105 57196 46067 44 S 1848201026 0 5744 - - - RECEIVE
2021-06-25 02:50:17 DROP TCP 192.168.1.81 192.168.1.105 57196 46067 44 S 1848201026 0 5744 - - - RECEIVE
2021-06-25 02:50:20 DROP TCP 192.168.1.81 192.168.1.105 57196 46067 44 S 1848201026 0 5744 - - - RECEIVE
192.168.1.81 is ESP32 and 192.168.1.105 is computer. I thougth there would be some information about the program (destination) towards which the blocked traffic was going but the log doesn’t show such an information.
Then I tried to make an exception in the firewall. There are espota.exe and espota.py in C:\Users\xxxxxxxx\.platformio\packages\framework-arduinoespressif32\tools but seems as the .py version is used by the PlatformIO and not the .exe!? I figured that out when I made a mistake in platformio.ini - I wrote:
upload_flags =
--host_port = 45678
instead of:
upload_flags =
--host_port=45678
and the error was:
Usage: espota.py [options]
espota.py: error: no such option: --host_port
so it was useles to make an exception for espota.exe
Then I saw here someone said:
I SOLVED
Problem with Firewall. I have given permisions to Visual Studio Code to use ports.
But my Visual Studio Code already is allowed in the firewall :-/
Then I saw this article and configured fixed host port:
upload_flags =
--host_port=45678
and then I opened TCP 45678 port in the firewall’s inbound rules for private network and OTA still didn’t work.
I tried to open even UDP port, then I tried to open even any protocol and finally I tried to open any protocol on any network (even on public one) but OTA still worked if and only if I disabled the firewall on the private network.
At that point I’ve run out of ideas what to try next and I would really like to know why opening ports didn’t work.
BTW, as a side note - it took me a few hours to realize OTA can work only after adding:
board_build.partitions = default.csv
to platformio.ini. There really should be a note in OTA documentation similar to:
NOTE:
For OTA to work the lineboard_build.partitions = default.csvshould be added toplatformio.ini
And some additional explanations would be helpful as well. For example, I am aware that line changed the way SPIFFS is partitioned but I am not sure what are the consequences on maximum program size and/or some other aspects of firmwares (maybe maximum image resolution to work with in the case of ESP32 CAM?) after changing that option.