First of all, my setup is a RPi 3b+ with HA container.
So I’ve had HA working fine for a couple months now, and I have DuckDNS set up to access HA externally. Even when I’m at home, I usually use that URL to access HA, because I have SSL set up, so the local IP would show an error. No problems till there.
Yesterday, I changed my ISP and my router, opened all the necessary ports I had opened before in my previous router (attached image), and disabled CG-NAT so I could reach my HA from the outside, and today I tried to check if it’s working by using the HA app on my phone, through 4G, and it does work.
However, when I try to access it in my PC, which is connected to the same wifi as my RPi, it does work when using the local IP, if I skip the error, but not when using the external URL. If I connect my phone to wifi, the app doesn’t work either.
I cannot figure out what’s happening, doesn’t make sense to me. I have restarted the router, my RPi, HA container… And nothing seems to solve it. Pinging my duckdns URL works from my PC.
Pinging your duck-dns is going to resolve to your public IP address which is your Router’s WAN Interface IP address, so in effect you are pinging your Router’s WAN IP Address.
In a NAT hairpin, your https:8123 request to your duck-dns will resolve to the WAN IP Address as well, but when hairpinning is supported, the router will treat it like it came from the outside world and go through the NAT rules you set up for public 8123 and forward it to your HA. So I kinda agree that the router is not doing hairpinning.
Okay, I think I understand. Thank you for the explanation. So I would either need a firmware update that supports hairpinning, a router change, or adding some other device that would provide hairpinning to my router, right?
Would NGINX be a better solution then? I’ve seen many people using NGINX to be able to access HA from the outside, but keep using local IP at home. That would kinda solve my problem, right?
My biggest annoyance now is that the phone app won’t work at home because I always use my duckdns URL as my only address, and it won’t work at home. Maybe using NGINX I would still keep my external URL for when I’m out, and use the internal IP for the phone app to work at home? This is the only use case I have for reaching my LAN devices through public IPs, so I wouldn’t mind not having NAT hairpinning if I can solve it this way (unless hairpinning NAT is useful for something else I’m not considering).
The official HASS app specifically allows you to specify different server addresses for external and internal use, when to use the latter being determined by WiFi SSID.
Yes, but my internal IP currently won’t work in the app because I have SSL set up and local http connection triggers an error that the app is not able to skip. That’s why I was always using the external URL.
One solution to consider is putting a DNS Server inside your home and have it resolve your DuckDNS to your HA’s internal IP. You can google around the community forum for something like DNSMasq AddOn. Here is an example.
