Declare a static route to reach other LAN

CONTEXT

The objective here is to reach equipments present in other local networks.
Here is a diagram of my local network:

It’s divided into 4 different networks to split and restrict access:

  • in purple: the server/services network which includes NAS equipment, Home Assistant, Freebox (internet router) and the Firewall allowing me to control the flows of other networks

  • in blue: the network for PCs, printers, smartphones, etc… of my home

  • in orange : the network for guests

  • in green: the network of IoT IP devices

The need is to allow my Home Assistant in the purple network (192.168.1.0/24) to reach for example a Yeelight which is in the green network (192.168.3.38).

I have to create a static route on my Home Assistant because the default gateway is a Freebox, it is impossible to declare (on the Freebox) routes (=> product limitation).

To solve this problem, I have to tell the Home assistant to join the IP address of the Firewall (192.168.1.253) to reach another networks.

PROCEDURE

  1. Prerequisites

It’s imperative to install SSH add-on on Home Assistant. Important point, you have to install only the one called “SSH & Web Terminal” and uncheck the protected mode. This will give access to advanced commands that we will see later (for example nmcli)

  1. Verification of the non-access to the resource

Once this module is installed and configured, we’ll try to reach the Yeelight’s IP using ping command
image
You can see in the screenshot that 0 packets have been received

  1. List all configured connections

The nmcli device show command displays the following information:
image
It’s important here to identify the connection name (here Supervisor eth0) in charge of the purple network. On this network, we will add a new route (the first two were added automatically).
We can see in this list that there is no route to the green network (192.168.3.0/24)

  1. Editing the parameters of the card

The command nmcli con edit " Supervisor eth0" (replace this name between quotation marks according to the name of your card indicated in the previous command) allows you to enter the configuration mode
image
You can see a change in the prompt (here we switch to nmcli>)

  1. Display the detailed configuration of the network card

The print ipv4 command allows to display the configuration details and then to overload the automatic configuration (seen during the command of point 3)
image

  1. Adding the route

We want to add a new route, for that we have to type the command set ipv4.routes 192.168.3.0/24 192.168.1.253 . So, to reach the network 192.168.3.0/24, we have to transmit the packet to the gateway 192.168.1.253
image

  1. Change check

Thanks to the print ipv4 command, we can observe the addition of the new route
image

  1. Apply the configuration

This step is essential, otherwise the new route will not be taken into account in the network card. You have to save the configuration BUT in persistent mode. So, that will be applied even after a reboot. To do that, we use the command save persistent (and especially not only save)
image
The result of the command shows that the configuration has been updated.

  1. Exit nmcli mode

All that remains is to quit the module with the quit command

  1. Reboot the host

The last essential step is to reboot the host completely in order to allow completely the new routing table: be careful, this operation may take a little time depending on your configuration.

For this reboot :
Supervisor > System > Restart Host

  1. Global check

To confirm that the new route is working, we will execute the command in point 3 and check the presence of the route

And confirm with the ping command (same as point 1) that we can now reach our equipment

image

12 Likes

Followed these steps, but after reboot the route is not activated.
What am I missing?

Have you the route to the new LAN when you execute this command : nmcli device show ?
Is your gateway available : try to ping it

I have a similar issue with setting up static route in HA. Interestingly, it was working until 2022.4 update.

I am able to set up the static route using nmcli and restart, but the static route does not appear to be persistent across a reboot of the host (running HA in VM of Proxmox), despite running ‘save persistent’ in nmcli.

Specifically, when pinging the VM from a device in my network requiring the static route, I get a response until I believe the Supervisor starts, then I get no response. If I then check ‘nmcli print route’ the static route I set up before the reboot has disappeared.

I’m not sure if anyone else has experienced this or knows how to work around this.

Same issue… was working fine until earlier this week

Did anyone get this working again?

I tried today and as others have mentioned… with the reboot the config is gone again.

Same issue, verified that the route is added on print ipv4 (even after reboot) but not added as a route[3] (ping still does not work)

doing ip route add 192.168.33.0/24 via 192.168.4.254 dev eth0 (using example ip addresses) works fine (not permanent though)

Tried now with these commands:
nmcli con edit “Supervisor enp2s1”
set ipv4.routes 192.168.200.0/24 192.168.8.3
save persistent
but I get this error:
Error: Failed to save ‘Supervisor enp2s1’ (27a9ad08-bf14-3be8-ab21-dea262f723d4) connection: ipv4.dns-data: unknown property

I don’t see the ipv4.dns-data property, what’s the problem?

With the ip route commands it works but like said by luis it’s not persistent.

Thanks

In the end I resolved with a bash script executed by the Run On Startup.d addon:
In my case the name of the script must be hassio_multicast.sh, placed on folder /config/startup/startup.d/
The file contains:

#! /bin/bash
ip route add 192.168.33.0/24 via 192.168.4.254 dev enp2s1;

1 Like

I couldn’t get the nmcli method to work and therefore used Run On Startup.d. However, on a few rare occasions it didn’t work and I had to reboot (or restart the Run On Startup.d addon).

What finally works for me is:

  1. in order to get access to nmcli from the terminal, I had to log into the host system:
docker run --privileged --pid=host -it alpine:latest \
nsenter -t 1 -m -u -n -i sh

source

  1. follow the above steps with nmcli
1 Like