I have been running this configuration for some time and it worked until I did HA system updates yesterday.
Now: my Android phone HA app refuses to connect to HA, it times out, but only when going through WireGuard. I just tried a lot of things so rewriting to collect
Everything worked until yesterday’s update. Wireguard still works fine for other systems/apps.
Summary:
- the HA app works from my phone directly on the same LAN as HA with no WG
- the HA app does not work through wireguard, even though all other WG apps work.
- it all worked until the update yesterday
- I confirmed using tcpdump on the WG machine that packets are being routed and hitting the HA machine. looks like no response is ever sent.
- Even with debugging logging on, the request does not show in the logs.
- I tried adding the following to my config but it didn’t fix it.
http:
use_x_forwarded_for: false #also tried true, but shouldn't be true for WG
trusted_proxies:
- 10.253.0.1
- 10.253.0.2
So it seems that packets from my 10.253 subnet (wireguard) are being filtered by HA. How do I fix this?
Other details:
The HA itself is on a VM (proxmox) on my LAN.
- Access from my local machine to HA works just fine using the standard web portal.
- I noticed that the android app generates the following url:
http://192.168.x.x:8123/?external_auth=1 - if I try that URL on my desktop it doesn’t work either. If I change external_auth=0 in the url it works on the desktop as well as the phone browser (when VPN enabled). - Under Settings, “Home” (my server config), it says
– “Home Network” - “Connected to VPN”
– “Internal URL” - “” (also identical to external)
– I have no WiFi network set as my local network
– I have “connected to VPN” set.
– At the bottom it says: “When connecting unknown if connected to local network: using internal URL”
No matter what I do I cannot see where the packet is ignored or dropped.
