I’ve been using HA for over eight years. And I love it. I’ve had ups and downs. And there are always folks who have helped. I’m hoping that this will continue.
I am currently using 2024.7.4 on an RPi 4. I can locally log into my HA instance. All operations (when logged in via the local ip and port) seem fine. Three months ago, I added a pfSense router to my network. Things have been fabulous.
A week ago, I started to add CrowdSec to my system. First, I added it to my pfSense router. And it has been fine - apart from a few false positives. Yesterday, I added the HA Add-on for CrowdSec. It added fine. I set up and enrolled the security engine for HA. And that worked fine.
But I went to HA remotely, and I couldn’t connect. I double-checked my Nabu Casa account. It is paid and active. And I can log onto the account via a web browser. That worked. But I couldn’t log into HA via the dedicated cloud address. And when I checked the HA cloud setting, it showed as connected. But the Remote UI said it was disconnected.
I checked to see if the router had quarantined the device for any reason. It had not.
I checked the add-on in HA. It was online. And it appears fine.
But for good measure, I stopped the add-on. I changed its autostart option. And I rebooted. But it still cannot connect for Remote UI.
Right now, I’m not certain if I have a CrowdSec issue or a 2024.7.4 issue. Any ideas?
Second, I use a variety of IDS / IPS solutions to secure my perimeter. After checking my firewall block logs, I saw that the Remote UI (23.21.100.229) was listed in my snort2c table (on pfSense). I have no idea why this address would show up in that table. But it did. Once I cleared the table, connectivity was restored.
Does anyone in the community know why Snort would identify this HA Cloud IP address as problematic?
This is interesting. Snort has again identified Nabu Kasa Cloud as a site to be blocked. Once again, I cleared the snort2c table in my firewall. And once again, I resolved the problem - until the next time that it gets flagged as some kind of malevolent service. Any ideas why this has now happened twice in seven months.
I’m not sure if this is related but I’ve been having some issues with the remote connection and Nabu Casa have replied with this:
“They suspect a recent update on our end may be related. The update was rolled out yesterday, and while most instances reconnected without trouble, I’ve noticed a small flurry of tickets since then that might be connected. The update has now been rolled back in the last hour, so hopefully you’ll see a more stable connection soon.”