Can’t reach HA from local Lan network

Psykas · June 23, 2024, 3:54pm

Hello Everyone!

Currently Home Assistant Installed on raspberry Pi 4 machine. This Pi4 is on lan cable connection. Always there was not any problem to connect. One day I released that when I trying to connect HA from my Iphone via HA app from my home wifi was blocked. I tried from different devices(windows PC android phone and 3 other iPhone) to connect to my HA, but unfortunately I can’t connect from my home local Lan network to HA.

What I’ve tried so far from local network:

Http://homeassistant.local:8123 not working
http://192.168.xxx.xxx:8123 not working
https://domain.duckdns.org:8123 not working
Http://homeassistant.local:4357 working
http://192.168.xxx.xxx:4357 working

From outside network I can reach https://domain.duckdns.org:8123/ without any problem.

I dont make any changes with my network or HA and more than two years it was working and I don’t know why it’s stopped working. It looks like it’s came with one of HA updates.

OS Version: Home Assistant OS 12.4

Home Assistant Core: 2024.6.4

Cake1468 · June 23, 2024, 4:01pm

I just double checked and I can access my HA locally via IP:8123 or FQDN (which is local only via reverse proxy). I’m running current versions of HA.

Edit -
It sounds like you don’t know exactly when this change happened. Is there any possibility that something else with your network changed? There are so many things with networking that could be off that it’s going to be tough to offer much for troubleshooting based on what you included in the post.

As far as I can tell, nothing has changed with current releasesto make HA unavailable.

koying · June 23, 2024, 4:27pm

You don’t say what “not working” is for you.
Did you try https, i.e https://192.168.xxx.xxx:8123?

Psykas · June 23, 2024, 4:36pm

Negative, not working https://192.168.x.x:8123.

koying · June 23, 2024, 4:38pm

403? Strange.
Would you have IP ban enabled?

Cake1468 · June 23, 2024, 4:41pm

Now where getting somewhere.

Is there anything configured in the configuration.yaml about IP restrictions, reverse proxies, authentication, etc.

(Note - I know only enough about this to muddle through and ask questions, but maybe we’ll get to a solution).

Edit - what errors do you get without https? (Just http://)

Psykas · June 23, 2024, 4:41pm

Yes I don’t know when it’s happened because most of my time I used HA app when I’m far away from my home and my phone use mobile data.
I don’t make any changes on my router since two years or more but it’s happened with HA two or three months ago.

boheme61 · June 23, 2024, 4:51pm

From your Windows-Device, try " homeassistant:8123 "

Psykas · June 23, 2024, 4:52pm

there is configured in the configuration.yaml only HTTP.
http:
ssl_certificate: /ssl/fullchain.pem
ssl_key: /ssl/privkey.pem
ip_ban_enabled: true
login_attempts_threshold: 5

Results of trying to connect to http://192.168.x.x:8123 is in picture.

boheme61 · June 23, 2024, 4:55pm

LOL, so you are “redacting” the IP, and show a picture of … An IP , does this happends to be the same which are closing it’s connection, or some other machine closing the HA-Device Connection ?

randomsnack · June 23, 2024, 4:58pm

You have ipban enable , you need to removed it or commented/disable it.

http:
ssl_certificate: /ssl/fullchain.pem
ssl_key: /ssl/privkey.pem
#ip_ban_enabled: true   <-remove or disable this
#login_attempts_threshold: 5 <-remove or disable this

Cake1468 · June 23, 2024, 5:04pm

Are you getting a persistent notification and or entry in your logs as the documentation mentions for ipban?

IP filtering and banning
If you want to apply additional IP filtering, and automatically ban brute force attempts, set ip_ban_enabled to true and the maximum number of attempts. After the first ban, an ip_bans.yaml file will be created in the root configuration folder. It will have the banned IP address and time in UTC when it was added:

127.0.0.1:
banned_at: “2016-11-16T19:20:03”
YAML
After a ban is added a Persistent Notification is populated to the Home Assistant frontend.

Cake1468 · June 23, 2024, 5:16pm

I’m also wondering if maybe the SSL entries are messing you up. Maybe someone else can speak to whether or not their presence or misconfiguration could prevent non-ssl access.

I don’t have those two lines under http as my SSL is handled by reverse proxy.

Edit - you could comment those lines out to see if that restores access, although that might break your only current access if it doesn’t fix it, so maybe someone else can confirm or correct my speculation.

Psykas · June 23, 2024, 5:37pm

You were right. My router ip address was in ipban list. I just removed it from there and know everything working as before.

My question is how its happen in configuration file there always was line
ip_ban_enabled: true

But my router IP address was blocked only month ago

192.168.0.1:
banned_at: ‘2024-05-2716:20:33.049402+00:00’

I never had this connection issue for two years.

randomsnack · June 23, 2024, 5:44pm

One of the reason, is that someone try to log in locally and did not get the username/password correctly after 5 time, it then banned your IP.

Cake1468 · June 23, 2024, 5:49pm

Glad to hear you got it sorted out. I haven’t used IP ban as I don’t expose HA to the internet. Personally I use Tailscale for remote access.