Companion App connection issues

Configuration
,
1

Hi all,

I’m new here and new to Home Assistant since a few weeks. I got everything running smoothly but there is this one thing that bugs me and I cannot find a solution searching the community and the web.

HA is running behind a Fritz!Box 6590 Cable which is up to date and not limited by my ISP. I also have a Fritz!Powerline 1260E running and Home Assistant on a Raspberry PI is connected to it by LAN.

I’ve set up DuckDNS with Letsencrypt from Supervisor as described, it is running without any issues while accessing HA within the local WiFi from my computer, but it has some issues from my mobile phone. It won’t connect to it showing some connection errors until I go up to my computer, access HA by Browser and … Voila! In the very same moment, the HA Companion App is able to connect, too. So… What??? I will work for while and loose the ability to connect then until I reconnect to HA in my Computers Browser (or disable WiFi to get connection from “outside”).

This can be reproduced that on 2 different mobiles (both running on Android, a Samsung Galaxy S10 and Google Pixel 2).

I checked the documentation on Companion App Networking and Hairpin NAT. I applied a DNS Rebind Protection exception for the complete domain name (xyz.duckdns.org) and then I restarted everything (just to make sure, …).

Port sharing is activated for 18123 forwarding to internal HA Port 8123 of the LAN IP address of the raspberry. WiFi is also enabled there but more or less to have another option to access it, just in case…

Does anyone have an idea, how to solve that?

Here some information about the configuration:

DuckDNS Config:

lets_encrypt:
  accept_terms: true
  certfile: fullchain.pem
  keyfile: privkey.pem
token: xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
domains:
  - xyz.duckdns.org
aliases: []
seconds: 300

http settings in configuration.yaml

http:
  ssl_certificate: /ssl/fullchain.pem
  ssl_key: /ssl/privkey.pem
  ip_ban_enabled: true
  login_attempts_threshold: 4

I can provide more information, if helpful.

Thanks in advance and best regards
Christian

2

You should be forwarding 443 to 8123 and then access it through https://xyz.duckdns.org

3

First, thanks for the reply!

Could you please give me a hint why this should be helpful in this case?
Ok, it’s more convenient, that I have to type less characters, when I enter the URL inclusively port, but … does this really effect the connectivity?

I’m able to connect to HA from mobile networks and within the local WIFI when accessing the URL on a computers browser. And even the HA companion app is working under the described circumstances… why should it relate to the port?

4

Don’r think it’s related then, I thought you are maybe accessing it from the wrong address. What are the settings on the mobile phone for internal and external URL? Does it work from the browser on the phone?

5

I tested port 443, but it did not improve the situation. Just to make sure :wink:

Right now, I did a test, as the connection in HA companion was broke over night.
The companion could not connect and the message shown was (translated from German):

The web site https://xyz.duckdns.org/?external_auth=1 could not be loaded, because: 
net::ERR_FAILES

After that, I tried to access HA via browser on the phone but just received a DNS_PROBE_FINISHED_NXDOMAIN.

The phone was not able to get an IP replied from the DNS Server then.

I started my computer, refreshed my HA web site in Chrome, … refreshed the web site on the browser on the one, … and access was possible.

I checked my IP, it has not changed over night.

So, both devices are connected within the very same WiFi network. Both connected to the Fritz!Box which is set up to utilize the Google DNS Servers (8.8.8.8 and 8.8.4.4). “DNS over TLS (DoT)” is enabled which might not be the standard but I did not have any other issues since I activated that about half a year ago.

Both devices are connected in the 5 GHz WiFi, the mobile using WPA3, my desktop using WPA2. But this is the only difference I could think of in the connetion.

So, just a guess, … I don’t know the TTL set up by duckdns, but it should be rather short, as dynamic IPs are target to change frequently. It might be, that the DNS of the Fritzbox is keeping the name resolution relatively short. Requests from the desktop trigger are resolving request and then it’s cached and available also for the mobile. So, why is that resolving request not triggered while accessing the URL via phone?

I know that is maybe now not a question purely HA related, but… any ideas out there?

A practical approach that crosses my mind would be a automation with a ping to refresh the DNS cache constantly, but… this is like opening the front door every other second to check, if someone is there to let in. :laughing:

Thanks for the recent replies @Burningstone!

6

Does it work if you use the browser on the phone? Did you check what you have in the settings for the companion app for external and internal URL?

7

When the companion app is not working access via browser on the phone is also not working.

There is no internal URL set in the companion app. As I use DuckDNS and Letsencrypt the connection to a local IP instead of xyz.duckdns.org would leave it unsecured respectively it would throw the known “NET::ERR_CERT_COMMON_NAME_INVALID” message.

In either way, from extern or internal, with browser or app it’s planned to use https://xyz.duckdns.org for access.

Nevertheless… I tried to add my Home WiFi SSID and the internal connection URL which do not really change anything in this constellation.

Maybe I have to think about nginx proxying…

8

Yes, definitely recommend this.

9

Same problem with a Vodafone Station, but before it worked with no problems. To connect with HA app on my iPhone I have to disable wi-fi, connect using mobile data and then enable wi-fi again. About one month ago all worked fine, maybe some change in Duckdns service…