Express VPN DuckDNS Internal and External Access Help

After trying for three days I am finally going to cry “Uncle”. I had my setup working with access internally and externally through before I installed Express VPN on my router to secure my network.

Now I only get partial access (works on the desktop but not on the iPhone through, I think because I have my windows hosts file forwarding to my HA ip) internally and no access externally. Works internally all the time through the direct HA ip on all devices.

I’ve tried forwarding the ports through Express VPN (8123, 80) as I had before I installed the VPN. I have the Dynamic DNS service setup through Express VPN to point to my DuckDNS ip. But nothing works

LAN-to-LAN everything on the same subnet
Modem -> Express VPN Router (WiFi) ASUS AC68U -> TP-Link R600VPN Router (this is where HA is served)

Home Assistant 0.103.5

Networking Related Add-ons
Duck DNS
Nginx Proxy Manager

Configuration Files




  "lets_encrypt": {
    "accept_terms": true,
    "certfile": "fullchain.pem",
    "keyfile": "privkey.pem"
  "token": "xxxxxxxxxx",
  "domains": [
  "seconds": 300

Nginx Proxy Manager


  "defaults": [
  "forwards": [],
  "hosts": [
      "host": "",
      "ip": ""

Things I’ve Tried So Far…
Turning on and off all networking add-ons
Port Forwarding as mentioned above
Turning on and off the VPN
Adding port number to end of URL

My goal would to be able to have everything as it was before the VPN but with the VPN in place.
Exteranl and internal access through my URL. Thank you for any help and insight you can provide.

Here’s an update. I now have it half working and could use some help.

Home Assistant can be reached internally and externally now without SSL via http:. Any suggestions on how to get SSL working through the VPN? The catch is I can’t forward port 443 as every time I try it kills my network.

One additional thing I forgot to mention. I am still using DuckDNS but now it is through Express VPN and not Hass IO. Should I now be setting up Let’s Encrypt separately to have SSL access?

@hartman9 Hi! Did you finish completing the setup using ExpressVPN and DuckDNS? I’m looking at this implementation at the moment (running ExpressVPN on my router). Thanks!

Yes, I had the setup running for two years or so. I have recently gone to running the Tailscale VPN add-on as it seems to be more secure than having a public domain out there. Below is what I believe my setup was, if I am forgetting something forgive me.

  • Run DuckDNS on the ExpressVPN router under Advanced Settings → Dynamic DNS
  • Forward appropriate port, I believe I only had to do 443 to 8123 and point it the HA IP
  • Run Nginx Proxy Manager in Home Assistant to manager your SSL