Hass.io over IPv6

You probably need to update your IP address with duckdns… It’s tricky with IPv6 to do that. (Running an update on the router will only update the WAN address not the device address)

If you’re running Hass.io you can use the duckdns addon.

I am running my Hass.io as a generic Linux install on my NUC but I just use a bash script that runs every 5 minutes to update. Depending on your HA platform that would work for you as well.

I think I understand what you mean. Only the first few blocks specific to the router will change.

However, this morning the last 4 blocks are back to their old values.
the day before yesterday:

yesterday

today

Without changing anything, I can access hass.io again over the my duckDNS domain (btw, I am allready using the duckDNS addon).

I do not understand why the IPv6 of my RPi changes to a completely different one and then after a few hours goes back to “normal”… does anyone have a clue how to prevent this?

Hello Everyone.

I really need some help here please. I have been trying everything that was written here in the forum without success. I’m not able to access my Home Assistant from the “outside” ipv6 address.

This is what I have in the Fritzbox network information and on the permit access part:

In the configuration.yaml:

http:
server_host: ::0

When I try to access with the external IP I get a timeout:

http://[2a02:xxx:xxx:xxxx:xxxx:b4bd:75c4:6b60]:8123

If I use the local ipv6 address then it works fine:

http://[fe80::xxxx:xxxx:xxxx:7dac]:8123

How can I access it using the external ipv6 address?

Thanks a lot!

I don’t know but I can’t use the IPv6 address like that either - but a domain pointing to that address works fine. I thought it might be caddy causing the problem.

Thank you David. Unfortunatelly even when I update the 2a02:xxx:xxx:xx… IP address of my home assistant in the duckdns page, I cannot access it with my duckdns domain.

I have tried enabling the “Internet access to the FRITZ!Box via HTTPS enabled” in my fritz box just to make sure that it was not blocked by the Unitymedia, and when I update this 2a02:xxx… IP address in my duckdns domain, I can remotelly access my router.

I have also tried changing the HTTP port of my home assistant to the same I have tested in the fritz remote access (after disabling it again), and still it does not work. So the port itself is not blocked by UnityMedia.

I have no idea what is going on here.

I gave up trying to access HA this way.

I to am with UnityMedia.

They use this aweful IPV6 DNS-Lite.

No matter what I tried I was never able to access it from outside.

In the end I just signed up for Home Assistant cloud. I figured it`s less than €5 a month and supports the project too and has the seemless google home integration too.

are you testing from a device that is also attached to the same fritz!box? make sure to white list your duckdns domain in the fritz!box’s dns rebind protection settings then.

make also sure that you don’t have an ipv4 address configured for this domain since that address won’t point to your home assistant instance when having to deal with ds-lite.

lastly make sure you are on a network that is able to use an ipv6-only address (e.g. a lot of the mobile networks are still not supporting that).

if all of this won’t help consider a service like cloudflare’s where you can proxy a connection to your home assistant through their services. they provide you with an ipv4 and ipv6 address that internally points to your ds-lite ipv6 address. i think you’ll can find more about that here in the forum.

Thank you Florian.

I’m trying to access from the same network of the fritzbox… from a windows 10 laptop.

I have installed a fresh hassio now to make sure it was nothing else I had configured previously. In the configuration.yaml I have:

http:
server_host: ::0

and I have also reset my complete router to factory settings. Then in the fritz “DNS Rebind Protection” I have added my duckdns page (xxxxxx.duckdns.org), as well as added the Permit Access to hassio on port 8123 ipv6.

I have removed the IPV4 IP address in the duckdns page. Only the IPV6 address is there now (2a02:xxxx…) pointing to the home assistant IPV6 address.

Unfortunatelly I’m only able to access the home assistant using the local ipv6 address fe80::4706:xxx…

Sometimes I can see two 2a02:xxx addresses in the Network in fritz box, but none of them works by accessing directly with the browser http://[]:8123 or by adding them on duckdns.

I will try the cloudflare then…

that change in the ipv6 address is usually a sign that you did not configure your network settings for hass.io

you could give it a try with the following data (based on your screenshots, you may want to alter the IPv4 DNS if you prefer a different provider):

[connection]
id=hassos-network
uuid=dbc7de34-208b-4535-b8ed-d468e636e063
type=802-3-ethernet

[ipv4]
method=manual
address=192.168.178.35/24,192.168.178.1
dns=1.1.1.1;1.0.0.1;

[ipv6]
addr-gen-mode=eui64
method=auto

put this in a file called my-network (no extension!) and drop it on an USB stick inside the folder path \CONFIG\network\ (make sure you use all uppercase for CONFIG and all lowercase for network).

import that file using the “import from usb” button which you can find in the “Host System” card on hass.io’s “System” tab. reboot the system after importing your network settings.

remove the “IPv6 interface ID” values (ccd7…) from the fritz!box you’ve shown in your screenshot. the box should then try to rediscover the current values from the host your home assistant is running on (a raspberry pi?). if this does not work you may try to reboot the box and/or remove the device “hassio” from the box. a complete reset of your fritzbox should not be required…

try then to connect to hass.io again using http://[2a02:...]:8123/ in your browser.

Me either lol!
I can also access the fritzbox admin page via the IPv6 IP address. But if I try to access the IPv6 address of HA it doesn’t work and I assume it’s because any http request hits the reverse proxy and it blocks access. Funny thing is I can use the IPv6 address with ssh (not on port 22 obviously) so I know for sure the address works. Caddy proxies my domain anyway so it’s not an issue.

That should not matter if he’s using the IPv6 IP address though… (This did trip me up when I wanted to use my domain though and you fixed me up way back with this advice)

I only have an AAAA record for my domain. All I can put it down to is Caddy is interfering with the http incoming (which is fine by me). I would have liked to make it work internally though.

I have added now the network configuration as recommended, imported the settings from USB and rebooted the raspberry pi. To make sure it was really getting the config, I have disconnected the LAN cable and setup the wifi access with the IP address 192.168.178.100:

image

I can see it now in my fritz box:

And the port sharing now looks like:

This didnt work. I was only able to access the home assistant from the local IPv6 address fe80:xxx.

I have then tried removing the “IPv6 interface ID” values, but then the “IPv6 Settings” section get greyed out:

image

And I could only share IPv4 port:

But then going back the IPv6 got filled up automatically, and I could also share the port for IPv6:

Unfortunately this also didnt work I’m still not able to access the home assistant from the 2a02:xxx… IPv6 address. I have also tried updating the IPv6 manually in duckdns, and it does not work using my domain address.

Only the fe80:xxx… IPv6 works locally currently.

do you have someone you trust who could try to reach your home assistant instance from outside your network using either the duckdns domain or your ipv6 address?

if it is only inaccessible locally you won’t run in that problem once you are using a reverse proxy in front of home assistant since you can use the ipv4 address then.

you can message me your duckdns domain or ipv6 address if you don’t have someone who can test it from the outside for your you.

update: okay, @scherer42 messaged me his details and i was able to connect to his home assistant both ways. if the dns rebind protection is configured properly he should also be able to use the duckdns address from a local device. could someone else who actually owns a fritz.box have a look at his screenshot from some posts before and verify if this looks correct? since i don’t own one i’m unable to validate this…

i’m not sure how this should work. if you enter your ipv6 instead of the domain name that belongs to the used certificate you should run in an SSL protocol error and if you choose to use HTTP instead this should not work at all (either Caddy redirects to HTTPS and the original problem returns or Caddy does not listen to the HTTP port or you don’t have have a firewall exception for the HTTP port in your box or …)

what do you think is the benefit of using an external address for internal communication?

Yeah pretty much what I thought. I expected to be able to use the IPv6 address to connect as http (not https) with a browser error but it won’t connect at all. I can use the IPv6 address to connect to the router externally though. (Different IP address of course) Like I said, I can ssh to the IPv6 address inside and outside my network so Caddy seems to be definitely intercepting the http(s) traffic. I can connect to the local IPv4 address internally.

No benefit… I was more seeing if I could do it really.

Everything works fine with the domain name. It’s not an issue at all - more trying to increase my understanding.

1 Like

Hey Hackmett, sorry for the direct question but, did you finally make it work? I think I am exactly in the same situation as you: M-net as ISP provider (forced to use DS lite) and trying to make my hassio accesible from the outside world through my Fritzbox with the help of duckdns. By the way I am also located near Munich if that makes a difference :slight_smile:
Basically I have been trying all the recommendations that you and some other members of the community have suggested in these posts, but so far the results are pretty… random. I was able to access externally with my IPV6 address (so I succesfully opened the port I guess) but, as you know, this address is modified from time to time. I have not succeded in configuring the duckdns plugin, as I cannot see my address being updated in the duckdns web interface. However the log of the addon says that everything is ok and updated (I get the feeling that it is only updating the ipV4 address).

Anyway, before I completelly give up, could you please confirm if you succeded in setting the whole thing up?

1 Like

Have you tried using a shell script to update duckdns? You’re right - the addon only updates IPv4.

Hi @gamoesp,
no problem, I am happy to share my experience! I appears we are in a very similar spot. And all what you wrote is correct as far as I recon. My situation was:

  • ISP M-Net with FB 7490
  • DuckDNS set up worked for a specific IPv6 and only with access from other IPv6 networks
  • The IPv6 kept changing and I had to manually update the FB port forwarding and the page on the DuckDNS site … not really a good solution

I am writing in the past, bc I had to make a clean setup with my hass.io and since then didn’t bother to actually configure DuckDNS or any other stuff. atm I am only using my hass.io locally and to top it of since a few weeks I am stuck to version 0.97.2 cannot update and can’t even access anymore via http://hassio.local:8123/lovelace/ … not going great with hass.io atm…

Anyway, it is good to know that we share a problem. As soon as I have time and figure out an easy way to backup my yaml files without the browser access I’ll might give it another try and let you know the status.

Best Regards from Giesing!

edit: ok, just got access with the local numerical ip address (192.168.x.x:8123) and the update was now successful

Thanks for the tip @DavidFW1960. I was fighting with mqtt until this morning (it is finally working :partying_face:) so I had no time to get back to this. Indeed I just installed a script in my machine to update the IPV6 address in duckdns and it seems to work so far… Let’s see for how long. As long as the low part of my IPV6 address doesn’t change (invalidating my port opening entry in the FB) should be ok… but at this point I dont know what to expect.

Ok, so I guess the final step is to actually access my hassio from an outside network. From any computer in my local network it works flawlessly (using the .duckdns.org address) but I have tried to use the mobile network and I cannot reach it. I read somewhere around here that this may be a problem associated to the cellular network itself, not fully supporting ipv6. Is this correct? Is there any work around? Actually, considering that duckns also stores a IPV4 entry (useless in my case) for my domain, who is deciding which IP version to use? Is duckdns doing this choice?

Thanks for your help!

specific to that: I think that is correct. asfaik O2 e.g. is completly IPv4 so u can not access you M-Net IPv6 network (at least not without a IP tunnel provider which you would have to pay). Telekom uses IPv6.

this ipv6 is a pain… as i feared, now i have a completely different IPv6 assigned to the nuc and, while duckdns is correctly updated, the Freigaben entry in the fritzbox becomes useless… I guess I am missing something really basic here, because I cannot understand then how are you suposed to configure the router’s firewall if the address of the local server is changing constantly…