Tesla App tech details

ceo

Member
Joined
May 13, 2017
Messages
20
Location
Calgary Alberta
Tesla Owner
Model 3
Country
Country
#1
Hey all,

Been doing some research on this one and my google-fu has been failing me, so I'd figure someone on here may know.

Short version is I've been asked if we could allow the Tesla app to work on the network by someone with an S. Figured since I'll probably be asking that question myself in a bit, I'd look into it. Except that I can't find explicit network requirements for the app, and as I lack a Tesla product to link to my account on my phone and do some testing it makes it difficult to find out the specifics.

Does anyone know what ports (TCP\UDP) that need to be opened on a firewall to allow the app to talk to the car?

The best references I can find are that it uses openVPN. I can make some educated guesses on that, but I can't actually guarantee that Tesla is using the same ports. The more specific I can be on what needs to be opened, the more likely that I'll actually get an approval to get the ports opened. Otherwise people will have to turn off wireless on their phones, go to mobile to talk to the car, then hopefully remember to re-enable wireless.
 
Joined
Aug 31, 2017
Messages
5
Location
Waterloo, ON
Country
Country
#2
The phone app speaks to Tesla's servers, not directly to the car, and it appears to just be a bunch of RESTful API calls. 3rd party devs have reverse-engineered the API enough to create other apps. I don't know the ports as I don't have a car yet either, but a quick packet capture should reveal where it's connecting to, or take a look at some unofficial API docs like https://timdorr.docs.apiary.io/#reference/authentication to see how you'd interact with it. It looks like it should just be standard HTTPS on 443.
 

ceo

Member
Joined
May 13, 2017
Messages
20
Location
Calgary Alberta
Tesla Owner
Model 3
Country
Country
#3
Did some digging and found this via another owners club if anyone else is curious:

Tesla uses openVPN to establish a connection to its servers (vpn.vn.teslamotors.com) on UDP port 1194.
IP Ranges: 209.11.133.0/26, 209.10.208.0/26, 205.234.27.192/26
May require longer UDP timeouts than 10 seconds.

The Tesla server ranges may not be accurate as the best I could find was from 2 years ago. They probably added more since then.
 

TirianW

Active Member
TOO Supporting Member
Joined
Oct 31, 2017
Messages
43
Location
Lynchburg, VA
Tesla Owner
Model 3
Country
Country
#4
Those two IP ranges are registered to Tesla according to ARIN, and they are part of a larger space handled by QTS for their Santa Clara colo data center (AS40913). So it looks like the servers that handle the backend for at least the US is in that datacenter. A /26 is a pretty large subnet and since they have two, that would be up to 122 public IPv4 addresses. More than enough to handle their worldwide operations if they wanted to - but given some of the data privacy laws (like those in the EU) they might not be able to legally handle everything from that datacenter. I would not expect them to have any more IPv4 ranges (at least for the US), but I would expect them to have a IPv6 space - however, I was not able to find an ASN record for them. Since all the cellular carriers are going IPv6 only, I would expect them to at least be looking at full IPv6 support for the LTE side of the connection.
 

teslaliving

Top-Contributor
Joined
Apr 2, 2016
Messages
556
Location
Boston
Tesla Owner
Model S
Country
Country
#5
The app (mobile app from the phone) is just HTTPS outbound traffic which almost nobody blocks on networks.

The car itself talks to Tesla over a bunch of stuff. I can easily see a work network not liking traffic for that passing through. Usually, those kinds of companies have locked down MAC addresses and such though.

The question asked about the Tesla app and the only thing considered the Tesla app by owners is the one on the phones so thats the first answer.