HA takes my router down?

sen · August 16, 2019, 6:27am

Hi,

I have a very strange problem. It seems like HA is taking my router down every time I want to use it inside my network. When I access HA from outside my network (over https and duckdns) everything works flawless.
When I use the same url from inside my network, my router is giving DHCP errors and reboots itself up to 5 times. After x minutes, it the errors occur again.
I have a router from my ISP Telenet (Belgium company), so I can’t setup or change much myself. Telenet came to ‘fix it’, but failed 2 times already. The replaced the router, but that didn’t fix it.

Does anyone else have or had this issue?

quattr0 · August 16, 2019, 2:51pm

when you say the same URL you mean using fully qualified domain name? Have you tried using local IP/private IP (192., 10., or whatever your LAN IP is) when you’re at home, instead of domain name, to see if your router won’t act up?

sen · August 16, 2019, 5:42pm

It works when I use my LAN ip, but I had to change my http config to make this work.
I had:

http:
  base_url: https://xxx.duckdns.org:8123
  ssl_certificate: /ssl/fullchain.pem
  ssl_key: /ssl/privkey.pem

But I had to remove my base_url, but I than I have to use https://192.x.x.x:8123 and I get ssl errors. When I use http://192.x.x.x:8123, I can’t access my HA instance.
How can I resolve this error?

Knowing that using my duckdns url gives this error with my router. How can I fix this? I need to use my duckdns url with working ssl for the Home Assistant Cast functionality.

quattr0 · August 16, 2019, 7:52pm

What kind of ssl errors?

flamingm0e · August 16, 2019, 8:03pm

Certificates are for a hostname, not an IP address. If you browse to an IP address, on https, it will error with an “incorrect cert name”

sen · August 16, 2019, 8:08pm

I get these errors when I use my IP:

It’s in Dutch, but I think you will recognice the screen.

flamingm0e · August 16, 2019, 8:23pm

Just so you know, you don’t have to hide any 192.168, 172.16, or 10. addresses because they are non routeable addresses.

jparthum · August 16, 2019, 9:32pm

This seems more likely to be related to network settings on the device running HA. Can you provide some details about the device and operating system?

In particular, make sure the device is not running as a DHCP server.

finity · August 16, 2019, 11:07pm

That looks like the “your connection is not private” page that you get when you try to access a https site over http.

I think if you hit the “Advanced” link it will allow you to get past that screen and then just takes you to the HA page.

You will see that every time you visit that page but it is able to be done.

There are ways to avoid it but it takes some additional configuration.

flamingm0e · August 17, 2019, 12:08am

No. It’s when you access a https site with anything other than the hostname that the certificate was registered with.

finity · August 17, 2019, 12:18am

yeah, thanks for the correction.

sen · August 17, 2019, 6:13am

Its running on a Synology NAS inside a docker container. My device isn’t a DHCP server.

sen · August 17, 2019, 6:14am

How can I do this additional configuration?

jparthum · August 17, 2019, 6:46am

How about a DNS server (eg: PiHole)?
Do you have the same problem when accessing HA from a different client device?

sen · August 17, 2019, 7:00am

No, also no dns server.
I have it on all devices in my network.

0kk0 · August 17, 2019, 8:34am

Just saw your message.
I have had exactly same problem a few weeks ago.
Also SSL errors… Router stopped responding and rebooted. It started after an home assistent update to a newer version. Finally reinstalled homeassistant and problems went away.
One of the strangest thinks that happend to debug in a long time i think.
First i thought it was a dd wrt firmware bug on my r7000 router but when i reinstalled fresh home assistant after a while everything was workibg normal. But still weeeiird issue

0kk0 · August 17, 2019, 8:37am

Ohh also problem went away if i rebooted home assistant/rpi and router. Then when everything was ok again… as soon as i opened home assistant in my browser, problems started again

finity · August 17, 2019, 2:49pm

you have two (common) options:

NGINX reverse proxy or VPN

I personally use a VPN and it makes things way easier and arguably way more secure than duckdns/letsencrypt.

You have a couple of different options for setting up a VPN.

My router supports it’s own OpenVPN server so I just set that up.

But before I realized that my router had that functionality built-in I had previously set up PiVPN on an extra Pi I had laying around.

Using a VPN allows me to connect directly to my HA instance usinbg the IP address while I’m connected to my home network (wifi or LAN) and then if I need to access HA while I’m not on my home wifi network I literally just click a button to connect to my VPN and I can access my HA (or anything else on my network) just as if I was connected to my router through wifi sitting in my livingroom.

The connection is securely made by setting up server/client key files that someone would need to have on their device to allow access to the VPN. And communication is encrypted so no one can listen in on your traffic.

I can give you a quick and dirty procedure that you can use to install it on a Pi and may be able to be adapted to use on another device. But it’s even easier if your router offers the built-in functionality.

I also have a NGINX proxy set up in my Docker but I really don’t use it for anything. It was more of a “let’s get this running in case I need it at some point down the road”. So it just sits there running along doing nothing except for the occasional test to make sure it is still working.

sen · August 19, 2019, 11:41am

Did a full reinstall this weekend, no success. After using HA for 2 minutes, the router went down…

sen · August 19, 2019, 11:43am

I’m looking into nginx. I will try to set this up.
Thanks