Cannot connect with local address

Mobile Apps Home Assistant Companion for Android
29

Hello, thanks for the thread. I’m having the same issue.

I’m now just using the app for accessing remotely using the DuckDNS url but I can’t seem to access locally on my browser. May I ask what address you found to work, thanks

30

Hello from me too.
I have similar problem, i cannot access my HA from HA companion app localy, but can access when on mobile data only.
But weird thing is that i can access localy from browser on my phone and from Ariela app.
What can i do to get it rigt?

31

Oh drats. I added this to my yaml and now can’t access at all. I have three ports forwarded now 8123, 443, and 80. Now I can’t get in at all.

http://xxxx.ducksdns.org/
ERR_CONNECTION_TIMED_OUT

https://192.xxx.xxxx:8123/
ERR_CONNECTION_REFUSED

http://192.xxx.x.xxx:8123/
ERR_CONNECTION_REFUSED

32

Hi, hope some one can help please,

On my Android Fire 8 and the official app I could view a live stream of a camera using a Webpage Card with url of http://192.168.1.109:8765/picture/3/frame/ (its from Motioneye)

I removed the Home Assistant app to go through onboarding again as I wanted to change the tablet name.

I set the url up as http://192.168.1.109:8123 and logged in fine but I just have a blank white box with no camera stream now. Checking the App Configuration the url has changed to my Nabu Casa HTTPS address and not my HTTP local address. The “Internal Connection URL” is grayed out so I cannot set it

On the same tablet using Silk, my internal address shows the Webpage card camera fine but the Nabu Casa url does the same white box. (i’m guessing some HTTP / HTTPS issue ?)

But I only need to connect locally on this tablet, any suggestions please?

Ignore this please, i finally got it to work by editing the address, after about 4 goes it took my changes. Cache issue maybe???

33

Most home routers don’t work with NAT loopback or Hairpin NAT. So I think the app should work with the local address too by default.

34

it does work with local address, just not with an invalid cert

35

Ok so I have to pick one? Either I can make it work locally or remotely but not both? Isn’t really a solution for me. Or is there a workaround to make the cert valid for both addresses ?

1 Like
36

Here are some tips if you haven’t already checked them out: https://companion.home-assistant.io/docs/troubleshooting/networking

Honestly IMO best solution is to get a router that does NAT loopback and call it a day. Then you only need to use the external URL and the router handles the rest. A good router can fix many other issues as well.

Some users also use a reverse proxy to handle the certificate.

1 Like
37

there’s definitely something not happy here
here’s my scenario, and i have tried nearly everything I’m running out of ideas.

setup.
HA running on Debian/docker ip statically assigned from my pfsense dhcp server 192.168.2.59
before i setup Duckdns was fine to connect with the app both external ( well kinda, via vpn but over 4g) and internally either via ip or hostname
Setup duckdns, myinstance.duckdns.org
pfsense has a NAT rule to allow 443 to 8123 192.168.2.59
that works fine. ( and is like that as amazon developer doesn’t like have https account linking on anything other that 443)
moment that was up an running internally (via wifi) i could no longer talk with the app to the ip or hostname
externally now it works fine to myinstance.duckdns.org

So in my DNS resolver i setup a host override ( which as i understand it is pretty much split DNS)
so now from a laptop when i ping “myinstance.duckdns.org” it resolves to the internal IP of my HA instance.
and from a webpage if I goto https://myinstance.duckdns.org:8123 I get to my HA

In the app, my external address is https://myinstance.duckdns.org ( which my nat resolves from 443>8123
my internal url set to https://myinstance.duckdns.org:8123 and it goes nowhere
i’ve tried ip/localhostname/https://myinstance.duckdns.org none work

In my confi.yaml i setup

homeassistant:
external_url: https://myinstance.duckdns.org

http:
base_url: https://myinstance.duckdns.org
ssl_certificate: /ssl/fullchain.pem
ssl_key: /ssl/privkey.pem

so i am running out of ideas…

EDIT, fixed… very much a blonde moment, i have setup selective VPN routing on my pfsense. and well my phone was one of the devices vpn’ing out. and as such has a kill switch to prevent DNS leaks ( which in this instance would have helped me) removed the device from VPN and i’m working again…

38

Hi all,

I refused using AdGuard because all devices connected to my network depended on it and if Home assistant goes down, I lost access in all devices.

I have another solution that worked for me:

1) Install Duck DNS + SSL as usually.

I added these lines to my configuration.yaml:

http:
  ssl_certificate: /ssl/fullchain.pem
  ssl_key: /ssl/privkey.pem

Router port forwarding:

  • IP: IP of Home Assistant
  • External port: 8123
  • Internal port: 8123

2) Check the access:

External: https://mydomain.duckdns.org:8123
Internal: https://myip:8123

Note that both are httpS.

Once everything works, go to step 3:

3) Comment the lines added before:

#http:
#  ssl_certificate: /ssl/fullchain.pem
#  ssl_key: /ssl/privkey.pem

4) Restart Home Assistant and access by http://yourip:8123 (no httpS)

5) Install NGINX addon:

On the addon configuration, set as follows:

domain: mydomain.duckdns.org

Notice that I didn’t addedd “https://”

6) Start the NGINX addon.

7) Router configuration:

  • IP: IP of Home Assistant
  • External port: 443
  • Internal port: 443

8) Check the access:

External: https://yourdomain.duckdns.org
Internal: http://yourip:8123

9) Set the IPs above in your Android APP.

If local access does not work, activate GPS option. The app needs the Location to be able to connect (it doesn’t make sense…)

10) General configuration

I recommend to set the internal and external URL of the Home Assistant configuation (Configuration -> General)
I had some problems when reproducing media and it was solved by this way.

Following these steps, I got access with the Android APP locally and externally. Hope this solve your problems as well.

5 Likes
39

It works for me !! Thank you very much.

40

The issues here revolve around the certificate needs Subject Alternative Names (SANs) that match both the external (xxx.duckdns.org) and internal IP Address and DNS Address. Port forwarding should be all that is needed.

While “most” browsers will allow the insecure connections with warnings, mobile devices are much less forgiving.

These having to install this and install that, which seems to be the home assistants way, is way beyond the expertise or patience of most users.

1 Like
41

So this hairpin/loopback NAT usually works for me, but what about when the internet goes out?
Mine goes out right after the power goes out (comcast/xfinity doesn’t keep the batteries up)
I live in an area of overhead utilities and lots of trees so it happens whenever the wind picks up.

Is the reverse proxy the only way to have the HA android app still work with no internet if you have duckdns configured?

42

Facing this issue also and am not seeing why there isn’t a setting for the mobile app to ignore cert errors when on local. My Wall Panel (app) tablet does.
My asuswrt merlin doesn’t appear to have Nat loopback functionality.
This not working makes it a pain when the internet goes out. So while HA may not be cloud based, this makes it less than seamless with connectivity issues.

2 Likes
43

Thank you Domaray. Your instruction works perfectly! And also solved an issue I had with “Unable to login” issue on the Android app.

Fyi, for anyone who has a “400 Bad Request” in step 8 when using the external URL. You can follow this solution to solve it: Home assistant (400 Bad Request) Docker + Proxy - Solution

44

In newer HA versions the following lines in Configuration.yaml are needed:

http:
  use_x_forwarded_for: true
  trusted_proxies:
    - 127.0.0.1
    - 172.30.33.6

If you get the error “400 Bad request” when trying to connect from external, check the logs in Configuration → Logs. There you will see an error and an IP like “172.30.x.x”. Add that IP in trusted_proxies on the code above.
Maybe one day the access fails again, so check the log and you will probably find another IP to be added. It happened to my right now.

45

I thought I might reopen this thread, has anyone figured out a method when you have duckdns setup to also access the local URL?

I’ve got my https://mycustomname.duckdns.org:3333/ which works perfectly at home (when I have internet access)

My internal address (way back 3 years ago) was http://192.168.0.10:8123/ however I needed to update it to go SSL for a few things.

I’ve setup port forward etc, never been an issue but home home internet has been down for 16hrs now and really want a local access method in desperate times.

Any method of running both?

47

in order to go back to what you had you need to let a reverse proxy handle the SSL certificate. You’ll need to find a guide to do that. In terms of mobile apps we have this page to help:

May not provide the info you are looking for so try looking at community guides.

1 Like
48

Amazing thanks! I’ll roll this out for my next internet blackout!

49

Yup this occurred to me as well.

My issue: I’m running in a python VENV on a Mac and add-ons aren’t available. Has anyone managed to manually install Adguard (or something similar) and get split-brain working?

Edit: looks like Adguard can be installed w/ Homebrew. I’ll report back if I get it working
Edit 2: complete, works great