Hello,
I have a very annoying problem that I can not reach home assistant from companion app while being on LAN. I have a myhome.duckdns.org adress and use LetsEncrypt to generate a certificate for this domain.
This certificate is not valid for the IP adress so in chrome I get a worning. The myhome.duckdns.org does not work from laptop either unless I connect to a VPN.
So is there a way to let my IOS companion app work while on LAN?
If i turn of wifi the app works fine (cellular data)
Why using the IP adress? That indeed wonāt work unless you manage your own certificates.
Doesnāt āmyhome.duckdns.orgā work from lan?
1 Like
No, if I type āhttps://myhome.duckdns.org:8123ā it does not work on my LAN, If i connect to a VPN service it works. If I am on LAN without VPN service I need to use https://my-IP:8123 and accept the security warning in chrome. I dont understand this at all.
Sounds like your router doesnāt support Hairpin (loopback DNS) what kind of router is it.
Itās a EdgeRouter X
EdgeRouter-X-5-Port 3.0.1
Yep thatās exactly it the edgerouter does not do NAT hairpin by default. Youāll need to either
- donāt use SSL. (yeah right)
- split DNS (ew.)
- enable hairpin NAT on the edgerouter for your HA install. I donāt have the exact procedures but itāsā¦ Finicky on the edgerouter. Youāll have to look it up.
- use a VPN (also ew)
Hairpin NAT is the routers ability tk redirect an internal call to the external ip address of the router. (itās why you canāt hit the external ip without the VPN)
Thanks a lot.
I have tried to enable it but I and also all these chatbots fails. Maybe I need to by another routerā¦
Any suggestions on a good wired router that supports this ootb is appreciated 
Thereās nothing āwrongā with the edgerouter itās just older and requires manual config. Some people would prefer to have the manual setup.
Iām a ubiquity person too but I have a UDM-Se and it does hairpin by default (if not slowly - itās not perfect)
Back when that device came out UI was way more āSpartanā with thier setupā¦ Personally Iād avoid the llm For this problem (said LLM guy) and go to the ubiquity message board and try there for a working edgerouter nat hairpin setup. Fix that this entire issue goes away. This is the UI article https://help.uisp.com/hc/en-us/articles/22591184776983-EdgeRouter-Hairpin-NAT
Barring that Iād have to ask you twenty questions about how you use your network to find the right stuff. But most prosumer gear today should just do it? (me, if keep the edgerouter and fight through it. Itās very doable)
Thanks for the information. Will give it a try.
As a W/A I tried to remove ssl cert from configuration.yaml and then everything seems to work, but when I was done the File editor gave 404 so I had to restore the backupā¦ not very good W/A ā¦
If youāre willing to learn a new setup, some of the EdgeRouter Xās are compatible with OpenWrt custom firmware, which would unlock a whole new world of capabilities for you.
1 Like
Thanks,
I will try this route. I guess I can always switch backā¦
So i installed Openwrt on the edgerouter X, a b nervous to brick it but instructions was perfect. Only config was portforward of 8123 and remove local IP from companion and it works like a charm. Guess this hairpin thing comes ootb with openwrt.
Lovley little cheep router and I suppose way better now
1 Like
Possibilities are endless. When you get some free time, investigate āhardeningā OpenWrt routers/APās. Thereās several things you can do to make it even more secure than it is ootb. You can also host your own WireGuard VPN (this is something I do), which is super handy if youāre away from home and the spouse or kids are experiencing technical difficulties with the WiFi network. You can also host a SAMBA and/or DLNA server off of it for makeshift NAS, if the device has USB ports and your have a spare thumbdrive or external HD you can use. So much! Have fun!
EDIT - As far as HA is concerned, there are a handful of ways to integrate OpenWrt into HA. I use a combo of collectd packages (on OpenWrt), which allows me to create MQTT sensors for it, and command_line scripts, which allow me to control the device, like rebooting it, resetting the LAN, WAN, WAN6 network interfaces, resetting the firewall, the DHCP, etc. Collectd allows me to track how many devices are connected to my network/s, ping speeds, and processing loads.
Someone recently created an integration that does all of that. Youāll have to surf the forums or GitHub to find it.
Thanks a lot for input, I realized that HA access was not stable but hairpinning was easy and works now like a charm.
I have a Edgerouter-X that I bought used christmas eve from a friend when my old router died so itās a cheap and simple piece. For wireless I use a old ASUS RT-AC68U in AP mode. I have used this many years now. Perhaps I should replace the whole network but now with Openwrt router I have no issuesā¦
Now when Companion works on LAN (became really important when I bought some IKEA matter devices that cannot be included without a companion on the local LANā¦) I will spend some time with WireGuard and hardening. Thanks for putting me on this track!