The X-Guard Alarm app connects to a number of APIs to make the app work. The easiest way to ensure that our app works (and continues to work in the future) is to whitelist x-guard.nl en *.x-guard.nl (all subdomains).
The following (sub)domains are currently in use:
All connections from the app, except for audio connections, are TCP-based.
websockets
The following two hostnames are capable of upgrading to the Websocket protocol:
These hostnames may also be communicated with via normal HTTP traffic.
HTTP+TLS
All connections are encrypted via TLS. This is guaranteed by Apple and Google, they do not allow unsecured connections in the Google Play Store and Apple App Store.
At the time of writing, X-Guard BV does not guarantee that these IPs will remain unchanged. This list can also be expanded.
To receive Push Notifications, we refer to the official documentation:
FCM / Android / Google: https://firebase.google.com/docs/cloud-messaging/concept-options#messaging-ports-and-your-firewall
Apple/iOS: https://support.apple.com/en-us/HT203609
The following dashboards are currently available:
X-Guard uses Twilio Programmable Voice for calling out to control rooms. The application automatically chooses the best and fastest servers based on an intelligent circuit. It is plausible, but not certain, that in the Netherlands the telephone with ireland of Frankfurt connects. X-Guard is working on a solution to lock in connecting to a fixed region.
| Component | Address | Server side port used | Protocol |
|---|---|---|---|
| Signaling – GLL (Global Low Latency) | chunderm.gll.twilio.com (Dynamic IPs) | 443 | TCP |
| Signaling – Regional | chunderm.{region}.twilio.com (Dynamic IPs) {Regions: au1, br1, de1, ie1, jp1, sg1, us1} | 443 | TCP |
| RTP | Static IP range (see regions below) | 10000 – 20000 | UDP |
| Insights | eventgw.twilio.com | 443 | HTTPS |
| Registration | ers.twilio.com | 443 | HTTPS |
| AppleAudio Real-Time Transport Protocol (RTP), Real-Time Control Protocol (RTCP) Messages (Audio RTP, RTCP; Video RTP, RTCP) | Apple has not specified which IP addresses are involved. It's alright at least to the following IP addresses:
| 16384 – 16403 Feet | UDP |
The initial GLL and Regional chunderm.x.twilio.com signaling addresses are only used in the initial connection; these connections will be redirected to a dynamic IP using port 443.
| Secure Media (ICE/STUN/SRTP) Edge Locations | Protocol | Source IP | Source Port † | Destination IP Ranges | Destination Port Range |
sydney (au1)
| UDP | ANY | ANY | 168.86.128.0/18 | 10,000 – 60,000 |
| Region ID | Lease | Media Server IP Address Range | CIDR notation |
|---|---|---|---|
| au1 | Australia | 54.252.254.64 – 54.252.254.127 3.104.90.0 – 3.104.90.255 | 54.252.254.64/26 3.104.90.0/24 |
| br1 | Brazil | 177.71.206.192 – 177.71.206.255 18.228.249.0 – 18.228.249.255 | 177.71.206.192/26 18.228.249.0/24 |
| ie1 | ireland | 54.171.127.192 – 54.171.127.255 52.215.127.0 – 52.215.127.255 | 54.171.127.192/26 52.215.127.0/24 |
| 1 | Frankfurt Preferably the app connects to Frankfurt | 35.156.191.128 – 35.156.191.255 3.122.181.0 – 3.122.181.255 | 35.156.191.128/25 3.122.181.0/24 |
| jp1 | Japan | 54.65.63.192 – 54.65.63.255 3.112.80.0 – 3.112.80.255 | 54.65.63.192/26 3.112.80.0/24 |
| sg1 | Singapore | 54.169.127.128 – 54.169.127.191 3.1.77.0 – 3.1.77.255 | 54.169.127.128/26 3.1.77.0/24 |
| us1 | US East Coast (Virginia) | 54.172.60.0 – 54.172.61.255 34.203.250.0 – 34.203.251.255 | 54.172.60.0/23 34.203.250.0/23 |
There are three ways:
Note: Steps 2 and 3 are similar but test a different IP range. Run both tests!
Webhooks will arrive from February 2023 from the following IP addresses:
34.77.72.90
34.91.168.231
Webhooks are currently not yet sent via IPv6.
In the long term, when we decide to add a new region, more IP addresses can be added. If you allow webhooks based on IP, you must notify info@x-guard.nl in writing so that this can be administered.