NVM - I was thinking something else…
Here is some additional trouble shooting info:
- Connecting on a MacBook. IP address is 10.0.1.57
- RaspberryPi running HASSIO is at IP address 10.0.1.104
- Tried setting “allowed_networks” to 0.0.0.0/0 and it worked. this is the only thing that I’ve gotten to work.
Does anyone have any thoughts as to why it won’t work
well 10.0.1.0/24 should work as well.
I might try playing with mine - but if you set the banlimit it’s not like it’s going to be easy to crack and of course use a strong password and non-obvious username.
ok that doesn’t work and I know why. Helps when you read the logs eh!
It’s trying to connect from my external IP address (same one that duckdns is pointing to) So it’s useless trying to specify local network if you’re connecting via ssl
tried changing allowed IP to duckdns and I get a message saying duckdns didn’t send any data.
If you want to use a specific IP address (and you’re not using SSL) you will find that 10.0.1.57/32 will work and you will only connect from that one IP address.
10.0.1.57/32 doesn’t work either. 
{
"username": "admin",
"password": "password",
"certfile": "fullchain.pem",
"keyfile": "privkey.pem",
"ssl": false,
"allowed_networks": [
"10.0.1.57/32"
],
"banned_ips": [
"8.8.8.8"
],
"banlimit": 0,
"ignore_pattern": [
"__pycache__"
],
"dirsfirst": false
}
Also, here are my logs, if that is helpful.
starting version 3.2.4
INFO:2018-01-20 16:56:36,532:__main__:Starting server
INFO:2018-01-20 16:56:36,534:__main__:Listening on: http://0.0.0.0:3218
INFO:2018-01-20 16:56:37,537:__main__:Requesting authorization
INFO:2018-01-20 16:56:37,539:__main__:172.30.32.1 - "GET / HTTP/1.1" 401 -
INFO:2018-01-20 16:56:40,680:__main__:172.30.32.1 - "GET / HTTP/1.1" 420 -
INFO:2018-01-20 16:56:40,737:__main__:Requesting authorization
INFO:2018-01-20 16:56:40,738:__main__:172.30.32.1 - "GET /favicon.ico HTTP/1.1" 401 -
INFO:2018-01-20 16:56:40,758:__main__:Requesting authorization
INFO:2018-01-20 16:56:40,759:__main__:172.30.32.1 - "GET /favicon.ico HTTP/1.1" 401 -
INFO:2018-01-20 16:57:05,418:__main__:Requesting authorization
INFO:2018-01-20 16:57:05,419:__main__:172.30.32.1 - "GET / HTTP/1.1" 401 -
INFO:2018-01-20 16:57:08,127:__main__:172.30.32.1 - "GET / HTTP/1.1" 420 -
INFO:2018-01-20 16:57:08,374:__main__:172.30.32.1 - "GET /favicon.ico HTTP/1.1" 420 -That is helpful - Like I said, it is trying to connect from 172.30.32.1 which (like me) is your duckdns address. If you try 172.30.32.1/32 it will work. So if you’re using SSL you’re screwed and must use 0.0.0.0/0
AND SET A BAN LIMIT AND USE A DIFFERENT STRONG USERNAME AND PASSWORD!!!
4 Likes
This worked. Thank you so much!
Glad we got there.
I am in the same situation. So did this fix you?
So the 0.0.0.0/0, strong username and password was the fix?
Hi, scooter.
For me it was this…
Whitelisting “172.30.32.1/32” did the trick.
Also, make sure you save the changes to the options, then restart the Configurator, and then try to open the web UI. Cheers!
Shouldn’t this just work out of the box?
Why exactly is 0.0.0.0/0 dangerous? I know 0.0.0.0 is just a wildcard for any possible address. I’m wondering that the dangers are
Isn’t it self evident that allowing connection from anyone is dangerous?
Thanks, this helped me.
However it is a half backed solution.
What is interesting is that clicking on “open the web view” correctly opens the page.
Checking the logs I see that using the tool bar to open configurator, it tries to do it on a different IP than HA’s.
H, I’m new to this and having the same issue but it’s not yet fixed.
Here’s a screen shot of my Config and Log.
Any pointers would be much appreciated.
1 Like
I’ve now fixed this. Just a case of adding 10.0.0.0/8 to the allowed networks.
1 Like
I had this same issue and found it to be related to SSL encryption I set up (through Hass.io). The problem occurred everytime I accessed the configurator non-locally by accident.
Add or uncomment the line below in the configuration.yaml file (usually lines 25-27):
Uncomment this if you are using SSL/TLS, running in Docker container, etc.
http:
base_url: bertlmann.duckdns.org:8123
I didn’t change or add any of the network numbers for allowed networks (eg. 10.0.0.0/8) as suggested in this link.
1 Like
Noob here trying to figure out this precise problem. Duckdns appears to be working, but I’m getting a policy not fulfilled error when trying to get configurator back up and running. At this point, I cannot get the web interface or the iframe within hassio to work. Any help would be appreciated. Log as follows:
INFO:2018-12-20 07:03:50,676:main:Starting server
WARNING:2018-12-20 07:03:50,677:main:Password PASSWORD is too short
WARNING:2018-12-20 07:03:50,678:main:Password PASSWORD does not contain digits
INFO:2018-12-20 07:03:50,684:main:{‘title’: ‘HASS Configurator - Password warning’, ‘message’: ‘Your PASSWORD seems insecure (3). Refer to the HASS configurator logs for further information.’, ‘notification_id’: ‘HC_PASSWORD’}
INFO:2018-12-20 07:03:50,937:main:Listening on: https://0.0.0.0:3218
INFO:2018-12-20 07:03:54,748:main:Requesting authorization
INFO:2018-12-20 07:03:54,750:main:47.39.44.135 - “GET / HTTP/1.1” 401 -
INFO:2018-12-20 07:04:03,885:main:Requesting authorization
INFO:2018-12-20 07:04:03,886:main:47.39.44.135 - “GET / HTTP/1.1” 401 -
WARNING:2018-12-20 07:04:22,286:main:Client IP not within allowed networks.
INFO:2018-12-20 07:04:22,287:main:47.39.44.135 - “GET / HTTP/1.1” 420 -
WARNING:2018-12-20 07:04:22,766:main:Client IP banned.
INFO:2018-12-20 07:04:22,767:main:47.39.44.135 - “GET /favicon.ico HTTP/1.1” 420 -
WARNING:2018-12-20 07:06:07,887:main:Client IP banned.
INFO:2018-12-20 07:06:07,888:main:47.39.44.135 - “GET / HTTP/1.1” 420 -
WARNING:2018-12-20 07:06:08,530:main:Client IP banned.
INFO:2018-12-20 07:06:08,531:main:47.39.44.135 - “GET /favicon.ico HTTP/1.1” 420 -
That’s the error. When connecting from outside, your client IP is different. If it’s not within your list of allowed networks, then the IP gets banned. So you can either whitelist every IP address in the world (allowing brute force attacks on your password), or consider using the SESAME feature mentioned in the documentation to whitelist your client IP on demand.