HA works for my devices but says CONNECTION_REFUSED for any other device

txemavs · April 11, 2023, 6:56pm

Hi.

Edited:
Do not continue reading, the problem was in my head, I was determined to go to port 8321.

I have two HAOS on Intel NUCs: “work” and “home”. Both of them work fine with my laptop and two phones. But when I try to access from any other device, I always get CONNECTION_REFUSED (CR).

I don`t see any problem at “ha core logs”, “ha supervisor logs” or “dmesg”

I’ve been reading posts for days, but no one solves my problem. I’m stuck and frustrated, I really don´t understand why this happens and how to troubleshoot. It seems that I’m the only one having this problem and I`m missing something obvious.

Versions:

Home Assistant 2023.4.2
Supervisor 2023.04.0
Operating System 9.5

First I did the “work” NUC:

I used my laptop to flash the SSD with HA OS, entered via http://homeassistant.local:8321
Configured a fixed IP for ethernet, set up DynDNS and NAT port 8321 on my router.
Created a CNAME work.mydomain.com to the DynDNS name
Used Letsencrypt addon and added to configuration.yaml http: section with ssl_certificate: and ssl_key:

Then I configured the android app in the local network, and another persons phone using 4G, no problem. One week later, this 3 devices still connect, but I can’t get access from any other device. Using a PC in the same LAN:

http://homeassistant.local:4357 → OK “Connected Supported Healthy”
https://work.mydomain.com:8321 → CR
https://homeassistant.local:8321 → CR
https://LOCAL_IP:8321 → CR

Trying to install the android app in other phones:

https://work.mydomain.com:8321 → CR, Error -6

Using my laptop using another browser → CR

This NUC is at the workplace, everything works fine with my phone or laptop,
but I can´t get any other device to access via web or app. So I bought a second NUC for home, installed the same way but this time tried to connect before setting up any addon or SSL:

My laptop connects via http://DHCP_IP:8321 and http://homeassistant.local:8321
Set up fixed IP and still connects OK from my laptop.
But again, any other PC gets CR

Later I set up SSL the same way, but the problem is the same in the two. Network says “External access enabled”

Things I tried:

In LAN, I get ping response using the IP and homeassistant.local
In my laptop, only Chrome was accesing HA, and Opera said CR, in a desperate moment I copied the URL https://work.mydomain.com:8321/lovelace/0/... from Crome and pasted to Opera, and magically I got to the Auth login web and now Opera works everytime too.
But edge still says CR
I installed SSH and opened port 22, any PC in the LAN can login via SSH.

Modifications to contiguration.yaml:

homeassistant:
  external_url: "https://work.mydomain.com:8321"
  internal_url: "https://homeassistant.local:8321"
http:
  ssl_certificate: /ssl/fullchain.pem
  ssl_key: /ssl/privkey.pem
  ip_ban_enabled: false

boheme61 · April 11, 2023, 7:30pm

is it just for fun, or are you looking for potentials failure-points, by using :8321 instead of :8123 ?
One thing i would look at(consider), when you take the step of “going” into ssl, is potentials for ip_ban_allowed … beside ofcause that you have the knowledge required running on 2 sites/domains

BenoitAnastay · April 11, 2023, 7:43pm

CONNECTION_REFUSED is at network layer, it’s either not routed (check NAT), blocked (check firewall), not listening (check port binding).

Remember port binding is IP:PORT if you want to listen on every interfaces use 0.0.0.0:8123

txemavs · April 11, 2023, 8:05pm

Thank you. Yes, I did all the NATs with 8123, but then I started writing 8321. That was it.

Even the configuration.yaml urls was wrong and it still worked at port 8123.

boheme61 · April 11, 2023, 8:07pm

It just get worse the older one gets