WiFi FAQ
What if my NarcBox is not connecting or syncing as expected?
Our NarcBoxes connect and communicate much differently than your everyday WiFi compatible devices. The NarcBoxes will only connect and communicate as needed which means they won't stay connected for very long. Most of the time they are only connected for 15-30 seconds. With this behavior and current modems/routers/ap devices/etc., this can be marked as abnormal or similar to spamming behavior which sometimes will block the connection or communication. In order to ensure your NarcBoxes always connects and communicates please follow the below whitelisting recommendations.
We highly recommend whitelisting the following to ensure the NarcBoxes are sending requests to the server and back again, even if your network does not have any firewalls set up. Please whitelist and allow all traffic to and from http://www.narcbox.com//* (port 80) AND https://narcbox.com//* (port 443). And/or whitelist IP addresses 52.36.89.163 and 54.188.196.209.
AND
We have also found it very beneficial to whitelist the Mac Address of each device too. This ensures your network connection will allow the device to connect every time it needs to. You can find the Mac Address on the NarcBox by going into 'Settings' (gear icon, top right), 'Wifi' and then select 'Advanced'.
The Mac Address on the HQ on firmware 1.60.03 (WiFi or ethernet cable) can be found by going into 'Settings' then 'WiFi Settings' and it will be listed on the right side of that screen. If your HQ is on an older firmware version we discovered that the Mac Address on the HQ might not be correct. Please double check on your network backend device connection list for the correct Mac Address. The HQ will appear as connected as a raspberry pi. Whatever the Mac Address is that's connected to the raspberry pi is the one to use, not the one on the HQ.
If you have done the whitelisting as listed above and still have connection issues with your NarcBox, do the following:
First:
- Unlock and Open door, leave door open during the entire troubleshooting process
- Press and hold the internal reset button for 10 seconds (10 seconds is the sweet spot)
- Wait 60 seconds to allow the NarcBox to fully reload (Very important to wait so it can reload without interruption)
- Go to Settings, Wifi, Scan Networks, Select the Network to connect to, enter password, Join/Connect
- Press Back and press the Sync Button. Once a green checkmark or "Sync OK" appears you are good to go
If that didn't work try this:
- Restart your modem / router / hotspot (some can take 5-10 minutes or longer to reload)
- Unlock and Open door, leave door open during the entire troubleshooting process
- Press and hold the internal reset button for 10 seconds (10 seconds is the sweet spot)
- Go to Settings, WiFi, Saved Networks, Select each Network and Forget. Do this for all of them until your list is empty
- Press and hold the internal reset button for 10 seconds
- Wait 60 seconds to allow the NarcBox to fully reload. (Very important to wait so it can reload without interruption)
- Go to Settings, Wifi, Scan Networks, Select the Network to connect to, enter password, Join/Connect
- Press Back and press the Sync Button. Once a green checkmark or "Sync OK" appears you are good to go
You can go here for more step by step instructions.
If you have done the whitelisting as listed above and still have connection issues with your HQ Panel, do the following:
First:
- Press and hold the reset button on the right side of your panel for ten seconds
- When it comes back on, wait ten seconds
- Then go into the Settings and Wifi and select Saved Networks, then remove all of the saved networks
- Go to Settings, Wifi, Scan Networks, Select the Network to connect to, enter password, Join/Connect
- Go back to the Settings and then select Maintenance and then try Syncing, if it says Sync Ok then you are good to go
If that didn't work try this:
- Restart your modem / router / hotspot (some can take 5-10 minutes or longer to reload)
- Then go into the Settings and Wifi and select Saved Networks, then remove all of the saved networks
- Then press and hold the reset button on the right side of your panel for ten seconds
- Once the panel has booted back up, wait a full minute before doing anything
-Then go into the Settings and Wifi and try connecting to a phone hotspot
- Go back to the Settings and then select Maintenance and then try Syncing, if it says Sync Ok then you are good to go
What kind of WiFi connections can I connect to?
You can connect to any WiFi that runs with 2.4GHz bandwidth, that doesn't require a 3rd party login or the need of a browser to enter credentials or accepts terms. Most WiFi routers will work as long as the 2.4GHz bandwidth is on and most hotspots work great as long as the firewall settings above are completed if required. If you are using an iPhone hotspot, you will want to make sure that the setting "Maximize Compatibility" is turned on. Our NarcBoxes are not compatible with 5Ghz bandwidth connections.
Can I connect the NarcBox to multiple WiFi's?
Yes, you can connect to multiple WiFi's. To connect to WiFi, select the Settings (gear icon) - > WiFi -> Scan for Networks -> Select WiFi network you wish to use -> Enter password (if needed) - > Connect. The box will keep all WiFi Connections that were entered until they are manually deleted from the Saved Network list. The NarcBox will connect to the last WiFi it was connected to if available. If it isn't available, then it will connect to the strongest WiFi in your saved network list that is in range.
What protocol does the NarcBox use?
The box currently runs 802.11B/G.
We require any device that accesses our network to use some type of authentication. What authentication protocols are supported by the NarcBox?
The NarcBox is configured for standard WEP/WPA/WPA2 that does not require a 3rd party browser login or key/cert.
We use the device’s MAC address to authenticate some products, is there a way to determine the NarcBoxes MAC address?
For the NarcBox- go into 'Settings' (gear icon, top right), 'Wifi' and then select 'Advanced' and the Mac Address will be listed on the top of the screen.
For the HQ- go into 'Settings' then 'WiFi Settings' and it will be listed on the right side of that screen.
Can I connect the NarcBox or HQ to a Hidden Network?
Yes, both HQ and NarcBoxes have the capability of connecting to Hidden Networks.
- NarcBox: go into Settings (gear icon), WiFi, Advanced. Enter the SSID, enter the password, press Done. Select Security Mode, (most common is WPA2), press Select. NarcBox will attempt to join to the Hidden Network if everything is entered correctly. Keep in mind both the SSID and Password are case sensitive.
- HQ: go into Settings, WiFi Settings, select Hidden Networks (left side of screen). Enter the Hidden SSID Name and Password, change the Secuirty Type if needed (most common is WPA/WPA2 PSK). Press Connect. HQ will attempt to join to the Hidden Network if everything is entered correctly. Keep in mind both the SSID and Password are case sensitive.
Can I connect the NarcBox via Ethernet?
The only product that will have the capability of connecting via Ethernet is the HQ Panel. It also has Power over Ethernet ability. If you want to switch from WiFi to using an Ethernet cord, please do a 10 second reset on your HQ panel, wait for the HQ to load completely, then plug in the Ethernet cord. For switching from an Ethernet cord to WiFi do the same thing with a 10 second reset.
The NarcBoxes do not have this capability.
Box will not connect to WiFi, Open Error, Receiving Baud Rate Error, Failure Bad MD5, Time Out, or Sync Fails:
Open Error simply means the box can't 'open a connection to the network to get to the website. This can be caused by a variety of factors and is commonly a temporary condition.
If this is a new network connection, it is possible there is a firewall or some other network setting that is not allowing the box to communicate through that connection. See Firewall/whitelisting info above.
If this is a connection you have used before, typically what happens is the router "dropped" the communication port while leaving the connection alive. This is usually temporary as routers reset ports frequently.
Some cases, the network connection is just taking too long to get a response through, and the box "times out" while waiting for a response.
If you see Time Out and have a Cradlepoint or AP the below may apply to you.
On some Cradlepoint routers — where the TCP connection stays open despite both client and server sending Connection: close — which is a well-known and extremely common problem with Cradlepoint cellular routers (IBR series, IBR900/1100/1700, AER, etc.).
Root Cause
Cradlepoint devices run a feature called TCP Connection Proxy / TCP Proxy / Connection Keep-Alive Optimization (the exact name varies by firmware).
Even when both ends of the connection send Connection: close, the Cradlepoint NAT engine intercepts the FIN packets and keeps the TCP session in its state table for an additional 30–300 seconds (configurable, but usually 120–180 s by default).
It does this for two reasons:
1. Cellular links are expensive and high-latency → re-using an existing TCP session is much faster than doing a new 3-way handshake on every request.
2. Many cheap IoT devices and phone apps use short-lived connections poorly, so Cradlepoint “helps” them by transparently persisting the connection.
When this proxy is active:
• Your IoT device thinks the connection is closed (it sent FIN and received FIN+ACK).
• The server thinks the connection is closed.
• But the Cradlepoint still has the socket in ESTABLISHED state on both sides.
• If your device immediately tries to reuse the same local port (or the 5-tuple collides), the Cradlepoint delivers the new request on the still-open upstream socket.
• The server (nginx in your case) sees garbage in the middle of a closed request → returns HTTP 400 Bad Request (exactly what you are seeing).
This behavior is by design in Cradlepoint NetCloud OS (NCOS) and has bitten hundreds of IoT developers.How to Confirm This Is Happening
From the device, run a packet capture or just watch the TCP state with netstat / ESP logs. You will see something like:
TCP 192.168.0.x:54321 → server:443 ESTABLISHED (even minutes after both sides sent FIN)
and the Cradlepoint’s connection table (in the router UI under Status → Internet → Connections) will still show the session as active.
Fixes and Workarounds (ranked from best to worst)
Fixes and Workarounds (ranked from best to worst)
1. Disable Cradlepoint’s TCP Connection Proxy (best fix)
◦ Log into the Cradlepoint admin UI (usually 192.168.0.1)
◦ Go to Networking → Local Networks → [your LAN] → Advanced → NAT Settings
◦ Or: Connection → Internet → [WAN interface] → Advanced → TCP Connection Timeout
◦ Set “TCP Established Timeout” or “TCP Connection Idle Timeout” to 5–10 seconds (default is often 1800 or 3600 seconds).
◦ Some firmware versions have a specific checkbox “Enable TCP Proxy” or “Aggressive TCP Keepalive” — turn it off.
2. Force a different source port on every request (works 99% of the time) Your ESP32 / RN171 probably re-uses the same local ephemeral port. Force it to pick a new one: // ESP-IDF example
esp_wifi_set_protocol(WIFI_IF_STA, WIFI_PROTOCOL_11B|WIFI_PROTOCOL_11G|WIFI_PROTOCOL_11N);
// Or just close and re-open the socket completely, or bind to port 0 so OS picks a new one every time
Or on RN171: issue close then open again — do NOT reuse the same connection ID.
3. Add a short delay (ugly but works) Wait 2–3 seconds after receiving the response before issuing the next request. Gives Cradlepoint time to finally tear down the session.
3. Add a short delay (ugly but works) Wait 2–3 seconds after receiving the response before issuing the next request. Gives Cradlepoint time to finally tear down the session.
4. Use HTTP/1.1 Keep-Alive intentionally instead of fighting it Remove Connection: close and just reuse the same TCP socket for multiple requests. Cradlepoint loves this and stops interfering.
5. Switch to HTTPS + TLS Session Resumption or HTTP/2 Cradlepoint is much less aggressive when it sees TLS because it can’t snoop as easily.
Summary
Summary
You are not doing anything wrong with your headers.
This is Cradlepoint deliberately ignoring Connection: close to “optimize” cellular performance.
The real fix is to go into the Cradlepoint admin GUI and reduce the TCP session timeouts (or disable the proxy), or make your device use a new source port every time.
Related Articles
Error Messages
Why am I getting a “NarcBox door is not secured” Message? There are optical sensors that watch the door to see if/when it opens. Sometimes, the limits on the sensors are not forgiving enough; and due to install location, orientation, and a speed bump ...Connecting to and Managing WiFi Networks
Connecting your NarcBox to a WiFi connection is as simple as connecting any other modern internet enabled device. The NarcBox supports all 2.4 GHz WEP/WPA/WPA2 type connections as well as enterprise security. Open networks, 5 GHz bandwidth or ...WiFi Connection Troubleshooting Steps
Make sure to have read up and implemented the information found here WiFi FAQ to ensure your network is set up for an ideal connection. Here are some troubleshooting steps if your NarcBox is having trouble connecting to WiFi, you're getting a ...Why won’t my NarcBox Sync?
The NarcBox was unable to "open" the connection to the server. When this happens, the cause can be one of a few things: The WiFi router kicked the connection for some reason - Resetting the box can re-initiate the connection. See How do I reset my ...NarcBox Firmware Update Changelog
3.42.39 - 6/10/2025 New - Expired/Expiring tagged meds on sleep screen Alert/Beep if door remains unlocked after going into sleep mode WiFi reconnection rework - cleanup in connection failure cases Updated/Improved Pouch code. More robust. ...