I recently setup a home assistant server on my home lan. As far as local networking is concerned, It seems to be working fine - I have it set up with a reserved dhcp address from my router. The issue is that I would like to be able to see and control home assistant when I am away from home using my existing open vpn setup (detailed below). I’m looking for help debugging the connection problem, as I am running out of ideas.
I setup this VPN several years ago. It consists of a Raspberry PI running an OpenVPN server in tun mode, sitting behind a router that forwards vpn connection requests to the OpenVPN Server. Routing rules on the OpenVPN Server and Router bridge the two subnets. The other machines on the LAN are not VPN clients, but the routing rules on the server and router have enabled me to acccess them remotely from over the VPN without needing to do anything special to these machines. I have been successfully using this VPN to access various machines on my home LAN for years now.
The problem is, I don’t seem to be able to see the HassIO server from over the VPN. Pings do not return like they do for other devices. Below is an illustration of the connectivity problem.
LAN/VPN Connectivity Status.
VPN CLIENT ROUTER OVPNServer MediaPC NAS HASSIO
<============== LAN 10.10.1.x/24 ========================>
<==== OVPN TUNNEL 172.31.1.x/24 =======>
<--conn working -------->
<--conn working (ssh/ping/etc) -------->
<--conn working (ssh/ping/etc) ---------------------->
<--conn working (ssh/ping/etc) -------------------------------->
<--conn NOT working (ssh/ping/etc) ---------------------------------------->
I have tried using tcpdump to watch traffic, and I can see the ICMP req packets being relayed at the OVPNServer. For other devices, I can also see the reply messages coming back. HassIO is not sending a reply and I’m not sure why. Locally, when I send pings to HassIO I get responses. I’ve had trouble debugging at the HassIO level since I’m not sure how to acccess the underlying OS (or if it is even possible) from a network connection. I’m wondering if there is something security related being implemented in HassIO causing the problem.
I apologize if this situation has been addressed before and I just have not yet found it digging through forum posts. Below is my network configuration. Again, any suggestions for debugging or potential causes of the problem would be appreciated.
Network Configuration
-
Router
-
OpenWRT
-
br-lan: 10.10.1.1 -
eth0: xx.xx.xx.xx(public ip) -
routing table
Destination Gateway Genmask Flags Metric Ref Use Iface 0.0.0.0 xx.xx.xx.xx 0.0.0.0 UG 0 0 0 eth0 10.10.1.0 0.0.0.0 255.255.255.0 U 0 0 0 br-lan xx.xx.xx.xx 0.0.0.0 255.255.240.0 U 0 0 0 eth0 172.31.1.0 10.10.1.21 255.255.255.0 UG 0 0 0 br-lan -
IP Tables forwards VPN connections to OVPNServer (verified, working)
-
-
OVPNServer
-
eth0: 10.10.1.21 -
tun0: 172.31.1.1 -
tun0: P-t-P 172.31.1.2 -
routing table:
Destination Gateway Genmask Flags Metric Ref Use Iface 0.0.0.0 10.10.1.1 0.0.0.0 UG 0 0 0 eth0 10.10.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0 172.31.1.0 172.31.1.2 255.255.255.0 UG 0 0 0 tun0 172.31.1.2 0.0.0.0 255.255.255.255 UH 0 0 0 tun0 -
/etc/openvpn/server.conf/etc/openvpn/server.conf # IP address of the interface OpenVPN should listen on (optional) local 10.10.1.21 proto tcp port 1194 dev tun ca /etc/openvpn/ca.crt cert /etc/openvpn/xx.crt key /etc/openvpn/xx.key dh /etc/openvpn/xx.pem # OpenVPN Subnet - server will take 172.31.1.1 server 172.31.1.0 255.255.255.0 route 172.31.1.0 255.255.255.0 push "route 10.10.1.0 255.255.255.0" push "dhcp-option DNS 10.10.1.1" # Tell Client to route all traffic through VPN push "redirect-gateway" # Allow clients to see each other client-to-client # Allow multiple clients to connect with the same cert/key files # Less secure but you have to manage less keys duplicate-cn # Ping every 10 seconds, client is gone if no response afer 120s keepalive 10 120 persist-key persist-tun verb 1 log-append /var/log/openvpn.log
-
-
HassIO
IP: 10.10.1.70/24Gateway: 10.10.1.1