Can't access HASSIO from outside anymore, hack?

Hi, I had a working configuration for months now.

Hassio on HassOS on proxmox.
Duckdns plug in
Caddy as proxy manager
Router forwarding port 80 and 443 to the static IP of Hassio machine.
Asus router with merlin firmware

Locally and externally would access Hassio with

https://xxx. duckdns.org

and everything worked perfectly.

Now from the outside the LAN , instead of HASSIO I am presenterd with AICLOUD ASUS login page

Only way to reach my Hassio is
htyps://192.168.1.13:8123

Did not find anything particular in the log

What can be the issue?

Looks like the Merlin firmware won’t let you forward the admin port.

There may be an option to change that in the settings, or you may just have to either change the port for the admin interface, or use that port (or any other port) for HA.

Same thing happened to me. I double checked everything, ports, ips, etc… and no luck. I was able to roll back my VM to a copy made 4 days ago on proxmox and everything works now. Not sure what caused it.

I too, had the same problem, but on a RPi3. After changing keys, downloading certificates, changing everything, I decided to nuke it all and go with Nabu Casa. So far, so good

You mean 443 to not 8123 but other port?

Please note that everything was working fine, and I did nothing on the router: one day was working fine, the next day in the morning the problem

Unfortunately I do not have any copy. What can I do, just make a new VM and transfer there the configuration files?

Not sure what your options are. I saw a few other topics that had issues similar to this and I think it ended up having to do with the lets encrypt cert. and NGINX. They removed and reinstalled the NGINX add on and I guess that fixed it. Might be worth a shot before creating a new VM. If you do decide to create new VM make sure you save you latest snapshots and maybe make a backup of your current VM prior to doing it.

Has your router updated its firmware?

Has your certificate expired?

I updated manually the firmware a month ago. Will check if it did update itself the other day (but I think not.

Did not think of the expiration since I use the duckdns addon since ages and it always updated them automatically.

BTW I am not home now, unable to connect to my lan (Wireguard addon also not working), where do you check expiration of certificate, on duckdns.org website?

Yes I think it is the “created date” on the page after you login.

I don’t think it is this though.

The page you do get, which you describe as the AICLOUD ASUS login page, does that run on the router, or somewhere on the wider internet?

token generated
3 years ago
created date
Dec 3, 2016 9:34:21 PM

Above what I have, no mention on expiration date.

AICLOUD I don’t know where it is. I can login with router user and password, and it shows a list of Samba shares in my LAN

Yes, just done a bit of research on aicloud. Did you enable it recently on your asus machine? If you it possibly over-rode your port forwarding as it’ll want to run aicloud and it’ll need to have access to the port 443 for that.

I think the expiry thing is irrelevant, ignore that bit.

No I have not touch it, didn’t even know it existed this AICLOUD

Once home will try to see its settings and see if took over 443…

Classis Port forwarding was fine when I checked

I think I found the mistery: I went to my router firmware upgrade page and it showed an upgraded firmware the date I started having problem: WTF I never asked that update …

For whoever visit this thread, I had

Asus RT86U with Asusmerlin firmware 384.3, and it updated itself to the original firmware from Asus (I think) AUTOMATICALLY!!! And on top of that a FAULTY firmware that did not take into consideration the port forward of 443

Now I am trying to update the firmware with 384.4 from Asusmerlin (first time it failed)

YES, that was it … well that was a weird one … I got automatically updated with a faulty firmware the day I went on holiday … LOL