How to connect to SUN2000 from DD-WRT

Intro

The Huawei SUN2000 inverter has a build-in/internal WiFi interface (SSID beggining with SUN2000-<serialnumber>) which is exposing a Modbus TCP port (502). Using this connection you can obtain inverter data in the realtime and eg. collect it for your own purposes.

Huawei Smart Dongle-WLAN-FE is also able to expose this Modbus TCP connection but for the time of writing this post – the firmware with this capability is only available upon e-mail request from the Huawei’s support.

If you for some reason want to connect to the Huawei SUN2000 inverter “the old/classic” way using the internal WiFi, and moreover you want to do it using DD-WRT then this article may be useful to you.

The hardware

For my testing purposes I have a spare TP-LINK TL-WR740N wireless router which I was planing to use to connect to the inverter…

It has the ability to setup a port forwarding:

The SUN2000 internal WiFi act as a separate network with it’s own DHCP server. It was probably planned for initial configuration from the smartphone in mind. You cannot just bridge the WiFi into your home network. Moreover only one WiFi client is able to use the inverter at the same time.

I thought that it will be sufficient to connect to the inverter and setup a TCP port 502 forwarding to be able to connect to the inverter from my LAN using this TP-LINK router.

It was not so easy!

First of all the inverter seems to talk only to a client which was asking for a DHCP address, and furthermore it is not answering to other routed host addresses, it probably also has a TTL detection.

So even when I was successfully connected to the inverter (and ping from the router to inverter was working fine) the port forwarding method from the official software was not working.

I decided to search for some alternative software and DD-WRT comes to my mind first as the quick and easy solution. Fortunately the router is supported and has a the following wiki page:
https://wiki.dd-wrt.com/wiki/index.php/TP-LINK_TL-WR740N

According to the above it should work with mine, which has the following hardware and software revisions:

Few moments later I have a working DD-WRT in my TP-LINK 🙂
Tip: I had to disable the DHCP server on the LAN interface because it is enabled by default.

Initial configuration

I needed to connect to the inverter as a WiFi client and obtain an address from a DHCP, so I set a WAN port to the wlan0:

In the Wireless/Basic menu I set the Wireless Mode to Client and entered the SSID of the inverter:

In the Wireless/Security menu I set the following security options:

Default password is Changeme as you can see in the above image, but I strong urge you to change it for the security reasons.

Then in Setup/Basic Setup I selected ‘Automatic configuration – DHCP’ for the WAN Connection Type.

After this config the router was able to connect to the inverter which was visible here in the Status/Wireless:

And also in the Status/WAN, where I can see an address obtained from SUN2000 internal DHCP server:

I also set the Operating Mode as Router in the Setup/Advanced Routing:

The next step was to configure NAT for the 502 TCP port to be able to connect from the LAN to the inverter. The DD-WRT web interface also has the port forwarding setup similar as the original software:

But it was not working for the same reasons as described above…

Final configuration

Fortunately the router can be accessed from SSH or Telnet and the iptables command is available 🙂

With this in mind it was very easy to create a two NAT rules from the CLI:

So I’ve typed:

iptables -I PREROUTING -t nat -p tcp -d 10.0.0.250 --dport 502 -j DNAT --to-destination 192.168.200.1:502
iptables -I POSTROUTING -t nat -d 192.168.200.1 -s 10/8 -p tcp --dport 502 -j SNAT --to 192.168.200.100

The POSTROUTING/SNAT rule is the most important as it “fools” inverter that the routed packets comes from the DD-WRT’s IP address.

Of course the above is assuming that the router is configured with 10.0.0.250 address in the LAN and the WAN address of the inverter is 192.168.200.1.

Now my connection to the inverter is working perfectly fine from my linux host which is collecting inverter data via hard:

Comments

    1. Hmmm… I have all interfaces available in this list. Maybe you can check if you don’t have those interfaces added in some bridge? I would also check the ‘Operating Mode’ in the ‘Setup/Advanced Routing’. I have a ‘Router’ for this use-case.
      You can also try to reset settings to default and then do all this step-by-step again.

    2. I the same problem. Did you ever found out why you couldn’t select wlan0 on the WAN-port? I believe that it may be a problem related to Broadcom chipset (which my Asus RT-AC68 has) that does have limitations for bridges, and why custom roms such as Merlin or OpenWRT does not have support for bridging on these devices.
      https://www.snbforums.com/threads/wireless-client-mode-in-asuswrt-merlin.34130/

      It is also not possible to select “Client” but instead I believe it is now called “Station”?
      https://wiki.dd-wrt.com/wiki/index.php/Linking_Routers

      1. I can select “eth1 SUN2000” on WAN and it seems to connect to 192.168.200.1.

        The AP ip gets 192.168.200.2. My main router has IP 192.168.1.1 and therefore I use:

        iptables -I PREROUTING -t nat -p tcp -d 192.168.1.1 –dport 502 -j DNAT –to-destination 192.168.200.1:502
        iptables -I POSTROUTING -t nat -d 192.168.200.1 -s 10/8 -p tcp –dport 502 -j SNAT –to 192.168.200.2

        Is this correct?

        1. Yeah I also sometimes got slightly different end-byte of the IP address. If it is working for you than it is correct 🙂
          Just try to telnet from your LAN and check…

  1. Hi there!

    Thank you so much for this guide. I’m really struggling to connect my Raspberry 4 to my Huawei Sun 2000 inverter. I have connected the Raspberry to my Wlan using a cable and I connect the Raspberry to the inverter vía Wifi using the app VNC.
    I’m using a script in Python. There is no way to connect to the inverter this way but I can do it using my computer
    Would you be so kind to guide me with any idea?

    1. VNC? What does it have in common with Sun2000. Sorry I don’t have any details to help you. With what software on the RPI you want to monitor the inverter?

  2. Hi Manio,

    How are you connecting the TP-Link router to your existing network? I got a Netgear R7800 all set up like yours, but I can’t get it to get an IP address on my existing network setup. I’m connecting it through a cable to my switch.

  3. Hi Manio,
    thanks a lot for your guide.
    I use the TP-LINK TL-WR741ND v1 router. But if I enter the iptables just in the command line via SSH or Telnet, then after a reboot the rules are lost.
    The solution: Enter the rules in the Command Shell of the GUI (Administration – Commands) and press ‚Save Firewall‘, then the rule will survive a reboot.

    If this behavior does not only occur with my router, then it would perhaps make sense, to include it in your instructions for all those who are further looking for help.

  4. Hello,

    Thanks for the Guide.

    Can the device at the Same time act as the Modbus Bridge, you describe here AND as an Access Point?

  5. Hi Manio, thank you very much for the detailed guide.
    Probably I’m doing something wrong on the latest steps (Huawei Solar integration gives always “Failed to connect”).
    Good points:
    I’ve followed all the guide, and the TP link that I’m using as bridge seems working well: WAN has IP: 192.168.200.2 and it is connected to S2000 (which has IP 192.168.200.1): and LAN has static IP 192.168.1.50 and is connected to the main network router 192.168.1.1.

    Now, the issue/doubts:
    Via telnet I’ve run the commands:
    iptables -I PREROUTING -t nat -p tcp -d 192.168.1.1 –dport 6607 -j DNAT –to-destination 192.168.200.1:6607
    iptables -I POSTROUTING -t nat -d 192.168.200.1 -s 10/8 -p tcp –dport 6607 -j SNAT –to 192.168.200.2

    Considering the above description, the commands are wrote properly?

    What should I write in the Huawei Solar integration page in HA? The following doesn’t work:
    Host: 192.168.1.50
    Port: 6607
    Slave IDs: 0

    1. Yeah, looks correct (but the second rule is for 10/8 which seems is not your network, just omit this), but don’t ask me about HA (I am not using it).

Leave a Reply

Your email address will not be published. Required fields are marked *