I’ve Valetudo running on vacuum.
Vacuum is on subnet (subnetC) without internet access and without ability to interact with HA subnet (subnetB). HA subnet (subnetB) has way to talk to subnetC.
I can open valetudo UI in browser and operate vacuum, however if I want to connect to mqtt, connection fails because I’m trying to initiate connection from vacuum. Is there way to add MQTT client on HA side?
Home Assistant already has an MQTT client (the HA MQTT integration). That’s how it communicates with the broker - which I assume is also in subnetB and the cause of your issues.
You need to fix your network so that subnetC can communicate with subnetB. Even if you put a second MQTT broker in subnetC it would still need to communicate with subnetB so that you can bridge the two brokers.
I see, I didn’t want any of IOTs to be able to talk to computers.
Let me see if I can allow this with just port (1883)
That should work.
That would mean cloud only services on all devices and you are fully reliant on your internet connection and the vendors of the devices vim.
If they decide that they do not want to support a device anymore tomorrow then the device is dead for you or if they decide you have to pay to use their cloud service, then you have to do that.
That may well be true, but the OP did mention they were using Valetudo, “an opinionated software solution for cloud-free vacuum robots”.
Well, a MQTT broker have to run on a computer too.
I guess cloud servers are computers too, but they are not the users own then.
So you want a MQTT broker that listens and talks on both subnets? Are you sure you haven’t overcomplicated things for yourself unnecessarily?
subnet with IOTs have no internet access at all.
I think this is what I was expecting. And I might have overcomplicated my setup.
Why not just use the firewall?
Well, at least it looks like you have limited the protocols to just MQTT, so you have a chance for managing the routing.
yes firewall (pfsense in this case) restricts access to internet / other subnets for IOT subnet.
Why is HomeAssistant server that is hosting the MQTT broker (an IOT device) on a different subnet to the other IOT devices?
A detailed network traffic needs analysis may be in order.
You did, at least for your vacuum. Since you installed Valetudo, there’s no way it’ll reach out to the cloud. Might as well move it to the same subnet as HA.
I actually wanted HA on same subnet as IOT, but HA needs internet access for updates and HACS, Is there way around these?
I think this is what I would do
Created a rule in pfsense (firewall) with easyrule setup.
MQTT connected and things are working well.