Configuring two internal URLs for IoT vlan

kongo09 · April 16, 2022, 11:07pm

HA is listening to two VLANs but I can only configure one internal URL.

Some integrations seem to use the internal URL to set push callbacks with devices. However, if I set the internal URL to my IoT vlan, then devices in my other (main) vlan get the wrong URL and can’t reach HA for push.

Is there any way to register two internal URLs?

danwize · November 6, 2022, 3:55am

How do you set even one internal URL? I’m having a problem with HA hosted in a kubernetes cluster and when I try to play media, HA tells the device to use the internal kubernetes IP rather than one that is accessible to my media device.

Failed to cast media http://172.16.66.152:8123/api/tts_proxy/51292a973ff969a6a8c11feeb47bc7d0e22175db_en_-_google_translate.mp3 from internal_url (http://172.16.66.152:8123). Please make sure the URL is: Reachable from the cast device and either a publicly resolvable hostname or an IP address

danwize · November 6, 2022, 4:18am

I found the docs for setting the urls here:

Setting two internal urls would be tricky. How would home assistant know which one to give? I guess it could give the one that is on the same vlan as the request.

I wonder if it would work to just use the external IP address. You could have your router handle DNS for your external url and redirect to your local IP.

kongo09 · November 6, 2022, 9:11pm

My HA does not have an external IP / domain. It’s all local.

mitchins · June 4, 2023, 8:24am

I have a similar with my reolink camera on a restricted subnet and the webhook (internal_url) URL being inaccessible.
It’s impossible to configure the internal_url per integration without code changes nor is it wise for maintenance, and the IP addresses of the VLAN specifically are restricted so the same IP cannot be accessed from both (even though Home Assistant has both interfaces).
Here’s how I solved it:

Subnet1 (trunk) 192.168.1.0/21: Internet access, Adguard Home DNS
Subnet1 (vlan tag 100) 192.168.10.0/24: No internet or main network access, Adguard Home DNS

Suffice to say Home Assistant has IP addresses on both subnets, and all my cameras (especially those outside like the doorbell) can’t access my lan or the internet, but of course other devices internally still need to reach HA.

By leveraging that all of my network uses adguard home as its DNS, I can manipulate a rewrite rule based on subnet to give the right address for the HA Url, simplified as homeassistant.local here:

# Home assistant on VLAN100
||homeassistant.local^$dnsrewrite=192.168.10.2,client=192.168.10.0/24
# Home assistant on default network
||homeassistant.local^$dnsrewrite=192.168.1.16,client=192.168.1.0/21

Presto, it works like a charm.
Consequently, I also use an adguard home DNS rule to route the external URL to the internal IP directly, getting the most direct connection but still using SSL.

||mydomain.com^$dnsrewrite=192.168.1.16