Skip to content

Instantly share code, notes, and snippets.

@jasonacox

jasonacox/powerwall-3-lan-access-bridge.md

Last active March 15, 2026 04:17
Show Gist options

  • Select an option

    Learn more about clone URLs
  • Save jasonacox/1cdfd0202a50158e21fc6f5430ad69c6 to your computer and use it in GitHub Desktop.

Select an option

Learn more about clone URLs
Save jasonacox/1cdfd0202a50158e21fc6f5430ad69c6 to your computer and use it in GitHub Desktop.
Download ZIP
Set up a Powerwall 3 LAN Access Bridge
Raw
powerwall-3-lan-access-bridge.md

Accessing Powerwall 3 via LAN API using a Bridge (10.42.1.x Network)

This document describes how to access the Powerwall LAN API using the pypowerwall PR that enables TEDAPI access from LAN.

Direct LAN access to the Powerwall Gateway currently appears to be restricted. In testing, API access only worked when the request originated from a routed subnet behind the Gateway rather than directly from the home LAN.

To work around this, we create a small bridge/router that places the Powerwall on its own subnet.

This guide shows how to do that using a Linux system with two network interfaces (in this case a ZimaBoard).

Overview

Installer WiFi (Traditional Method)

When connecting to the Gateway installer WiFi:

TEG_xxxxx network

The Gateway runs a DHCP server and assigns:

Client: 192.168.91.x
Gateway: 192.168.91.1

This is how the Tesla One installer app communicates with the Powerwall.

The existing pypowerwall TEDAPI mode emulates this behavior.

Goal

Allow LAN access to TEDAPI without connecting to the installer WiFi.

Network Architecture

Home LAN (10.0.1.x)
        |
   Router (10.0.1.1)
        |
   Linux Bridge Device
   ├─ enp2s0 → 10.0.1.94 (LAN)
   └─ enp3s0 → 10.42.1.1/24 (Powerwall subnet)
        |
   Powerwall Gateway
        |
   DHCP → 10.42.1.40

The Linux device performs:

  • DHCP for the Powerwall
  • NAT to allow Powerwall internet access
  • routing between networks

Step 1 – Configure Secondary Interface

Create the Powerwall subnet.

sudo nmcli connection add \
  type ethernet \
  ifname enp3s0 \
  con-name powerwall \
  ipv4.method manual \
  ipv4.addresses 10.42.1.1/24 \
  ipv4.never-default yes \
  ipv6.method ignore \
  autoconnect yes

sudo nmcli connection up powerwall

Step 2 – Install DHCP Server

Install dnsmasq:

sudo apt install dnsmasq

Backup the default config:

sudo mv /etc/dnsmasq.conf /etc/dnsmasq.conf.orig

Create a minimal config:

sudo nano /etc/dnsmasq.conf
interface=enp3s0
bind-interfaces

dhcp-range=10.42.1.10,10.42.1.50,255.255.255.0,12h

dhcp-option=3,10.42.1.1
dhcp-option=6,8.8.8.8,1.1.1.1

Start the DHCP server:

sudo systemctl restart dnsmasq
sudo systemctl enable dnsmasq

Step 3 – Enable Routing

Enable IP forwarding:

sudo sysctl -w net.ipv4.ip_forward=1

Persist after reboot:

sudo nano /etc/sysctl.conf

Ensure this line exists:

net.ipv4.ip_forward=1

Apply:

sudo sysctl -p

Step 4 – Configure NAT

This allows the Powerwall to reach the internet through the bridge device.

sudo iptables -t nat -A POSTROUTING -s 10.42.1.0/24 -o enp2s0 -j MASQUERADE

Allow forwarding:

sudo iptables -A FORWARD -i enp3s0 -o enp2s0 -s 10.42.1.0/24 -j ACCEPT

sudo iptables -A FORWARD -i enp2s0 -o enp3s0 -d 10.42.1.0/24 \
  -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT

(Optional persistence)

sudo apt install iptables-persistent
sudo netfilter-persistent save

Step 5 – Configure Powerwall Networking

Using the Tesla One installer app:

  1. Navigate to Gateway networking
  2. Set network mode to DHCP
  3. Save

The Powerwall should obtain an address from the bridge device.

Example:

10.42.1.40

Verify connectivity:

ping 10.42.1.40

Step 6 – Test the PR

Clone the repository and switch to the PR branch:

git clone https://github.com/jasonacox/pypowerwall.git
cd pypowerwall

git fetch origin pull/265/head:pr-265
git checkout pr-265

Install requirements:

pip install -r requirements.txt

Example Test Script

import pypowerwall

pypowerwall.set_debug()

pw = pypowerwall.Powerwall(
    host="10.42.1.40",
    gw_pwd="ABCDEFGHIJ",
    email="your@email.com",
    rsa_key_path="tedapi_rsa_private.pem",
    timeout=60
)

print(pw.power())

Expected output includes:

v1r login successful
Tesla tedapi mode enabled

Example response:

{'site': -1807, 'solar': 2938, 'battery': 1, 'load': 1132}

Optional – DHCP Reservation

To keep the Powerwall address stable, reserve it in dnsmasq.

Find the MAC:

ip neigh

Example:

54:f8:f0:e3:21:0f

Add to dnsmasq.conf:

dhcp-host=54:f8:f0:e3:21:0f,10.42.1.40,powerwall

Restart:

sudo systemctl restart dnsmasq

Friction Points

Current setup complexity includes:

  • Cloud or FleetAPI registration
  • RSA key generation
  • network segmentation
  • NAT routing setup

This is manageable for advanced users but may be challenging for typical home users.

Summary

This approach allows:

  • LAN access to Powerwall TEDAPI
  • Powerwall internet connectivity
  • Stable network routing

Credits

Huge thanks to @nalditopr for the work enabling this capability in pypowerwall.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment