Duckdns not connecting

kevroxldn · March 17, 2019, 10:12pm

Hi all,

Does anyone have any tips on using duckdns?

I’ve setup an account with them, pasted the token into the config file and followed all the steps on many different sites (Juan m tech, bruh, etc) but due to my router (ZTE MF920V) I can’t set a static IP for my raspi. Is this the problem?

I can log into hassio internally with https://(ipaddressfrompi):8123 but not externally with duckdns.

On my duckdns account I’ve put the IP address of my router (the external 1, not 192…)

Really running out of ideas here, any pointers would be really appreciated!

Thanks

anon34565116 · March 17, 2019, 10:39pm

You need to forward your internal ip address & port 8123 to the Internet at port 8123 I do not recall needing to enter an ip address when configuring duckdns.

The fact you can use https internally indicates your Home Assistant is likely set up correctly. You need to forward port 8123 to the Internet on your router.

DavidFW1960 · March 17, 2019, 11:15pm

Other way around.

Forward port 80 to port 80 and forward port 443 external to 8123 internal. Then you won’t need to specify the port :8123 to connect externally. You can also forward 8123 to 8123 but that’s not normally necessary.

anon34565116 · March 17, 2019, 11:44pm

Either forward port 443 external to 8123 internal or just forward 8123 external.
There is NO need & can be security issues caused by forwarding the unencrypted port 80.

DavidFW1960 · March 17, 2019, 11:46pm

Depending on the LetsEncrypt used, you need port 80-80 for certificates to be issued. The DuckDNS addon for hassio uses DNS validation but every other method uses http and requires port 80.

anon34565116 · March 17, 2019, 11:57pm

I did not need to open that to get my LetsEncrypt certificate through DuckDNS on Hass.io. Hassbian, or virtualenv.

DavidFW1960 · March 18, 2019, 12:08am

Well as I said if you use the DuckDNS addon, it does not use http validation but all other methods do and http validation requires port 80-80 unless that requirement has changed in the individual configurations for venv or hassbian (although I have not heard of that and don’t use either) Even Caddy which I use requires port 80 to be forwarded as does the LetsEncrypt addon for Hass.io. The only addon that doesn’t is DuckDNS that I am aware of.
(Just checked the docs for the LetsEncrypt addon and it requires port 80)

kevroxldn · March 18, 2019, 6:52am

Wow, thanks guys. Off to work now but will try all suggestions the next chance I get.

I know for a fact that I’ve got 8123 ext-int forwarded, 80-8123 ext-int and 443-3218 ext-int setup.
According to both methods this is wrong so back to the drawing board!

The other gem is that it is a mobile router with a sim card so gets a new IP from the ISP more often than most! As I’m sure you’re aware this wreaks havoc with duckdns as I have to enter the new IP each time it changes (fine on the internal side but impossible from afar)
Bruh has a comprehensive video on this
https://youtu.be/BIvQ8x_iTNE
but it is based on running home assistant on raspian as opposed to a hass.io OS.

Do you think there is a possibility to perform this with the hass.io setup? (That it reports the new IP back to duckdns as it changes)

Many thanks

Kev

DavidFW1960 · March 18, 2019, 6:56am

Yes the addon will update the Public IP address at DuckDNS as it changes.

kevroxldn · March 18, 2019, 7:20am

Great, that’s both intuitive and relieving! I’ll let you know how I get on with the port forwarding issue ASAP
Thanks again!

kevroxldn · April 8, 2019, 3:30pm

Hi all again,

Well, after almost giving up a friend who is on the same mobile network as me (3) said that in the online account settings there is a toggle for the number to be accessed externally. I enabled it and voila! It all works.

I’ve currently got ports 8123ext-8123int. 443ext-8123int. and 80ext-80int. I will try it without 80-80 and see if it still works.

Thanks ever so much for the advice!

anon34565116 · April 8, 2019, 3:47pm

I just have 8123ext-8123int and 3218ext-3218int (for configurator).

kevroxldn · April 8, 2019, 3:56pm

Just got rid of 80ext-80int and it seems to have had no effect, still working fine.
just going to try getting rid of 443ext-8123int and see if it still works externally with duck dns address.
Fingers crossed!
Thanks

anon34565116 · April 8, 2019, 4:31pm

IF you get rid of that you will need to specify :8123 when accessing externally. Keeping 443 allows you to use just https:// You do not need both entries, IMO

kevroxldn · April 8, 2019, 4:40pm

Got rid of 8123ext-8123int, put 443ext-8123int back and have 3218ext-int also.

Cant connect to the config page externally though (me.duckdns.org:3218). It asks for user and pwd then says “policy not fulfilled”

any ideas?

thanks

anon34565116 · April 8, 2019, 4:45pm

The configurator has it own “allowed networks” I believe. Perhaps you need to open that up.

kevroxldn · April 8, 2019, 5:03pm

Just tried adding “me.duckdns.org” in the configurators allowed addresses in network settings and the ip address, no joy. I’ll have to dig a little deeper with this methinks!

thanks

anon34565116 · April 8, 2019, 5:23pm

I think you need to allow all addresses, or at least your network gateway. In hy Hassbian install, thet field is empty.

# Limit access to the configurator by adding allowed IP addresses / networks to
# the list, e.g ALLOWED_NETWORKS = ["192.168.0.0/24", "172.16.47.23"]
ALLOWED_NETWORKS = []
# Allow access to the configurator to client IP addesses which match the result
# of DNS lookups for the specified domains.
ALLOWED_DOMAINS = []
# List of statically banned IP addresses, e.g. ["1.1.1.1", "2.2.2.2"]
BANNED_IPS = []
# Ban IPs after n failed login attempts. Restart service to reset banning.
# The default of `0` disables this feature.
BANLIMIT = 0

kevroxldn · April 8, 2019, 6:18pm

Not quite sure where to look for this, not in the config.yaml file (im running hass.io as the os).
Any ideas?
Thanks

anon34565116 · April 8, 2019, 6:32pm

Try the Configurator Add-On. I think it is there.