DUCDNS connecting to ISP rather than HA

rbreed · July 20, 2023, 4:58pm

Home Assistant newbie here so apologies this isn’t an appropriate question for this forum or the terminology or the post formatting are incorrect. I’m trying to follow instructions here: Hass.io + Duck DNS. The simplest way. | by Alex Fedorets | Medium.

The short version of my problem is that having followed the instructions when I try connecting HA using my duckdns domain I get:

which my ISP tells me is their “router” for my connection. I suspect that this needs to be configured to do port forwarding and my neighbor, the network admin, gave me the necessary credentials but I know just enough to be dangerous and don’t want to mess things up.

Details:

HAOS Screenshot 2023-07-20 at 11-37-10 Settings – Home Assistant
installed on DELL Optiplex 7050 with ethernet connection to router.

DUCKDNS add-on installed and running with this configuration:

domains:
  - bruceghouse.duckdns.org
token: xxxxxxxxx
aliases: []
lets_encrypt:
  accept_terms: true
  algo: secp384r1
  certfile: fullchain.pem
  keyfile: privkey.pem
seconds: 300

NGINX add-on installed and running with this configuration:

domain: bruceghouse.duckdns.org
hsts: max-age=31536000; includeSubDomains
certfile: fullchain.pem
keyfile: privkey.pem
cloudflare: false
customize:
  active: false
  default: nginx_proxy_default*.conf
  servers: nginx_proxy/*.conf

configuration.yaml

# Loads default set of integrations. Do not remove.
default_config:

# Load frontend themes from the themes folder
frontend:
  themes: !include_dir_merge_named themes

automation: !include automations.yaml
script: !include scripts.yaml
scene: !include scenes.yaml

http:
  use_x_forwarded_for: true
  trusted_proxies:
    - 172.30.33.0/24

Netgear WNDR3400v2 router (I know, I’ve ordered a new one) with port 443 forwarded:

If, as I suspect, the issue is with the ISP router here’s what I think are the relevant screens:

Am I on the right track here or totally off base? Any help appreciated.

reotto · July 20, 2023, 7:01pm

If I am understanding your setup correctly from the pics, you have the ISP Modem setup as pass through. Your personal router is setup as your DHCP. It appears to be using a range of 192.168.1.2-X

On your 3rd screen with the green and purple box you need to forward all of the traffic on port 443 to the IP address of your HA instance. What you are doing is basically saying I want all traffic on port 443 to get sent to my HA.

On your ISP router forward all 443 traffic from WAN port 443 to WAN port 443, from LAN port 443 to LAN port 443 and the LAN IP should be the 192.168.254.251 based on your pics. Here what you are basically saying is I want all traffic port 443 to pass from the WAN side (public internet) to my LAN side (For you this is to your personal router).

I have a very similar setup with different gear.

rbreed · July 20, 2023, 7:42pm

Thanks for the reply. I setup the port forwarding on the ISP router

clicked apply and then rebooted the router. I also verified the HA ip address (192.168.1.11) on the port forwarding for the Netgear (home) router is that of my HA instance. I’m still getting the ISP router login screen when I browse to bruceghouse.duckdns.org.

reotto · July 20, 2023, 8:00pm

Where are you browsing from?

Internal network OR from outside your network?

rbreed · July 20, 2023, 9:26pm

I’m browsing from inside the local network. If I try it on my phone with the wifi turned off using bruceghouse.duckdns.org it says address not found.

reotto · July 20, 2023, 9:52pm

So what is the IP address you have on DuckDNS if you log on to their website?

rbreed · July 20, 2023, 10:27pm

bruceghouse.duckdns.org 137.83.82.90

reotto · July 21, 2023, 3:08am

My last question and last idea then I might be out of ideas.

Are you going to https://

Try cleaning out your DNS on the device.

rbreed · July 21, 2023, 11:57am

Flushed DNS on the windows desktop running the browser - no change, still connects to ISP for bruceghouse.ducdns.org. At this point I’d settle for being able to establish a secured session between the browser on the windows desktop and the HA server, both on the local network. My understanding is that the secured connection is required to be able to do the initial flash of a Lilygo T-Display S3 using the ESPHOME add-on (GitHub - landonr/lilygo-tdisplays3-esphome: tdisplay s3 170x320 running esphome using patched tft_espi). I’ll revisit the remote access issue later once I’ve received the new router.