Failed login attempt from own router

Hi everyone,

Since a few days HASSIO is reporting failed login attempts from 192.168.178.1, which is the IP of my own router. It happens once or twice per day, as far as I can tell.
Can anyone tell me how I can troubleshoot this and find out the cause? The only thing that changed in the last few days is that I configured a Foscam C1 IP camera, but that’s working fine.

Any help appreciated!

If you’ve forwarded the port for external access, that would mean someone’s attempting to login to your Home Assistant from the internet.

1 Like

Yeah, I was afraid of that. Now to find out the real source IP’s.

I’ve had the same issue with invalid login notice displaying my router’s IP. Just tested by accessing HASS from my cellular connection. Incorrect login notice did not return my router’s IP address; external IP from my wireless provider was displayed.

Any idea why router my router’s IP is being displayed and in other cases the actual external IP?

Best way to find out is to use a reverse proxy, and have it send HA the IP address, you could check your router logs for IPs around the time the login attempt was reported as well.

I highly recommend using a revers proxy rather than just leaving Home Assistant exposed, plus it’s far easier to setup SSL certs this way.

I use Nginx for this, here’s my config:

worker_processes  2;

events {
    worker_connections  1024;
    use epoll;
}


http {
    map $http_upgrade $connection_upgrade {
        default upgrade;
        ''      close;
    }

    server {
        # Update this line to be your domain
        server_name [REDACTED DOMAIN NAME];

        # Ensure these lines point to your SSL certificate and key
        ssl_certificate /etc/letsencrypt/live/[REDACTED DOMAIN NAME]-0001/fullchain.pem; # managed by Certbot
        ssl_certificate_key /etc/letsencrypt/live/[REDACTED DOMAIN NAME]-0001/privkey.pem; # managed by Certbot


        # These shouldn't need to be changed
        # Proxy Home Assistant via SSL
        listen 0.0.0.0:443;
        add_header Strict-Transport-Security "max-age=31536000; includeSubdomains";
        ssl on;
        ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
        ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4";
        ssl_prefer_server_ciphers on;
        ssl_session_cache shared:SSL:10m;

        proxy_buffering off;

        location / {
            proxy_pass http://[IP ADDRESS TO HOME ASSISTANT]:8123;
            proxy_set_header Host $host;
            proxy_redirect http:// https://;
            proxy_http_version 1.1;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;  # Unmask IP of user
            proxy_set_header Upgrade $http_upgrade;
            proxy_set_header Connection $connection_upgrade;
        }


    }

}
1 Like

I noticed the same behaviour, but I found something interesting…
My Home Assistant is reachable from the internet and has its own domain based on DuckDNS.
If I connect to HA from the Internet (for example using my smartphone over a mobile network), HA reports the correct external IP address of my smartphone.
If I connect to HA from my LAN visiting the DuckDNS domain, HA reports the IP address of my router.
If I connect to HA from my LAN visiting the local domain (https://hassio.local), HA reports the IP address of the device I am using.
:face_with_raised_eyebrow:

2 Likes

Correct this is the NAT loopback working (Hairpin NAT). Completely normal.

1 Like

Then is it correct to say that when I see a failed login attempt from my router IP, it’s a matter of LAN devices and not of someone from the internet?

I have this same issue, leaving some crumbs for myself to find later once y’all find this out. It started happening when I added app daemon, I removed app daemon and it’s still showing up. To my knowledge when it says it’s coming from your router, following the conversation here and elsewhere, it means a device on your own wifi network is trying to connect but can’t. Strange, I’d love to find out what is going on to cause this same error on my machine.

I too get the Failed Login attempt just about all the time when either the web browser has sit for a while, or even the iOS app is firing up sometimes (restart the app and no problem); whether at home, or away. Its always my (or router’s) address. Rather annoying.

1 Like

Me too. Whenever I login to Homeassistant (and there isnt already a login session) I get a failed login notification. It happens weather I use my android phone’s browser, the home assistant app, or my pc.
It must be some kind of a bug…

I’m getting this too - every 30 seconds or so. In my case the IP address in the error message belongs to my Wireless Tag hub, which seems to be working perfectly well.

@Stiltjack did you ever find an answer to this problem as am experiencing the same issue with my wireless tag hub too

Afraid not - it’s become a feature. Doesn’t seem to do any harm. Mainly it’s the annoyance of a constant notification, but you get used to it after a few weeks…

Yep, enjoying same feature atm :slight_smile:

Yes, I have been having the same issue for the past 3 days and is incredible annoying. I alos have Ip_ban enabled so Have to keep unbanning my devices. I have googled and googled and do not see any advice for this. We need to get this looked at. I am guessing it is my own networking error somewhere
but extremely frustrating

I have had this error for 6 months now. I have just learned to ignore notifications hoping nothing important comes up.

Are you guys using the local_file camera?

1 Like

Nope. I dont use the local file camera platform.
This notification appears whenever I login to Homeassistant (and there isnt already a login session running ) and despite I have no trouble logging in.

Hey all.
I’m in the same boat.
Plus https blocks me every once and awhile.
I recently added my router to my trusted networks but I’m worried I’m allowing some nefarious activity.
Like @ebaschiera I noticed when I log in from work my external IP address is logged.