Duck DNS not working

Configuration
1

For a couple of days I am trying to access my HA instance remotely with duck DNS.

I have visited Duck DNS.org opened an account and got a token and a url.

I installed Duck DNS in HA. this is my Duck DNS Configuration:

domains:
  - rxxxxxxxxxa.duckdns.org
token: xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxx
aliases: []
lets_encrypt:
  accept_terms: true
  algo: secp384r1
  certfile: fullchain.pem
  keyfile: privkey.pem
seconds: 300

the following lines I have added to my config.yaml:

http:
  ssl_certificate: /ssl/fullchain.pem
  ssl_key: /ssl/privkey.pem

In Settings>System>Network I set the Internet url to https://xxxxx.duckdns.org and the Local Network url to https://homeassistant.local.8123.

on my tp-link router I went to the Advanced tab> NAT Forwarding>Virtual Servers and entered two entities: 1: service type home assistant, external Port: 443, Internal IP 192.168.0.105, Internal Port:8123, protocol: TCP
2:service type home assistant, external Port: 8123, Internal IP 192.168.0.105, Internal Port:8123, protocol: TCP

Restarting HA now resulted that I had initially no access any more. My external link I got from Duck DNS did not connect and the internal link did not work any more. I could only access via ssl.
Soon found out that I could access internaly by canging the http:// prefix to https:// so It seems the ssl is working. But still what ever I try I can not access via the Duck DNS link.

2

One or the other. Not both.

If you go with

Then your external url will be https://xxxxx.duckdns.org.

If you go with

Then your external url will be https://xxxxx.duckdns.org:8123.

You will not be able to use the internal URL without setting up NGINX. And if you do set that up… then you’d want to only have this:

service type home assistant, external Port: 443, Internal IP 192.168.0.105, Internal Port:443, protocol: TCP

And your external url would be https://xxxxx.duckdns.org and your internal url would be http://homeassistant.local:8123

3

I think I find the problem. ’
If I look to my routers internet IP it is: 100.64.65.206 That’s normally an internal IP Address. if I go to a site like “What is my IP Address” it gives me: 143.255.2.82
So there is a discrepancy in IP Addresses.
So what the solution is I don’t know yet.

4

Your ISP has to support running a server from your house. You should find out if you can do that. My last ISP allowed it and it was built into the cost. My new ISP, I have to shell out an extra $10/mo to have an IP.

5

Yes, I have to contact him regarding this problem. I suppose also via Nabu Casa it will not be possible to connect remotly?

6

NabuCasa should work fine because they handle all the legwork. It’s only a problem when you try to host.

IIRC you can try out nabucasa for free for a month or something like that. Might be worth giving less money to them instead of more money to your ISP. It’s $5(?) vs $10(?)

7

Yes I think I will try this first then. Thank you

8

A router should be able to handle both, since it is TCP traffic, so it is stateful.

9

I’m sure it can, but that typically doesn’t help when people are trying to troubleshoot. Not to mention, you really don’t want to have a ton of open ports, let alone 1.

10

This probably has nothing to do with your DuckDNS issue, but…

Something is not right here. The 100.64. 0.0/10 address block is not private address space; it is shared address space. Your internal (private) IP should be either 192.168.x.x, 172.16.x.x or 10.x.x.x…

Your public IP (the WAN address), 143.255.2.82, is owned by Mateus Dupont, Diretor @log Telecom, Rio Grande do Sul, Brazil

A shared IP address means that several routers are using the same IP within one server. A private IP address, on the other hand, is used by a single user only.

I’ve never seen an ISP use shared IP in the 100.64. 0.0/10 address block for the end user. But that can be set in the router (the LAN address). It may not be an issue, but it’s strange and I’ve never seen it before now. I suspect, and its only a suspicion, that the ISP does not have a Class A IP address themselves. The Whois data indicates, and I am not an expert, that 143.255.2.x is a class-C IP address.

But, if it works for you, don’t fix it.

11

So TRUE!! :wink:

12

It has everything to do with the issue.
That 100.64.x.x address means the ISP is using CGNat and you need to have a portforward made in the ISPs NAT router too.

1 Like
13

That’s CGNAT or Carrier Grade NAT - basically you don’t have a public IP address.

One option is to use your own domain and a Cloudflare Tunnel - no port forwarding required. The other option is the Nabu Casa service - also no port forwarding required.

1 Like