Definitely try Plex again–it may change your mind. Great web UI, Chromecast, iOS, Android, WebOS, XboxOne, Playstation4 apps, and the ability to do direct transcoding to all the apps I tested. I used to use XBMC/Kodi all the time, but it was a pain trying to setup a centralized DB and this DIY work. Plex is very much plug and play, and is really good at scraping TV, movies and music now. I’m really happy with it, especially since it works with Chromecast so well.
So, to add to my previous Linux Perils:
I adventured into VLANs. I have now a complete Unifi Setup and segregated my IoT devices, my Voice devices (Google Home, Alexa), my general internet and management network.
However, this brought me some new issues, as Hassio was not able to listen on the Multicast L2 that is required for a lot of component. i.e. the Xiaomi Air Purifier was simply not possible to connect. It even flooded my Network so that the Hue integration stopped working completely.
After reading a lot, i finally found the solution is simply adding the VLANs to my HASSIO. All on the same Ethernet Port.
There were basically 2 posts that helped a lot:
and
I just adjusted the whole thing a little bit. So basically it works like this for me:
Step 1: Add "networkmanager"
to the packages in the SSH & Web Terminal Addon from the Community Repo.
Step 2: Turn off Protection Mode so you can edit the base system
Step 3: Check the connections by typing: nmcli connection show
Step 4: Create a new VLAN (you can choose the name) under the device that is your ethernet. For me this is enp2s0. nmcli con add type vlan con-name enp2s0@vlan10 dev eth0 id 10
Because i do not define the IP, the Gateway or the DNS i am using my DHCP Server for it.
Step 5: Recreate for any other VLAN. id = vlan id.
Step 6: After restart all of the previously not found devices are finally back. Even the WOL works like a charm.
New Update - Zero Tier
I recently discovered the great service Zero Tier. Luckily, there already is an Addon for Hassio
My goal is to replace my VPN (from Unifi) with the ZeroTier solution. However, i do not know if its possible to install ZeroTier on my Unifi Gear (USG). Therefore i needed the possibility for my Hassio Zero Tier to route all traffic from all my LANs (and VLANs) to my ZeroTier Network.
By default, this is not working and i was reading a lot of different things that are required. I tried setting up firewall rules on my unifi gear but nothing worked. Finally i found a great post explaining how to “bridge” the networks.
https://www.reddit.com/r/zerotier/comments/9714a2/easy_way_of_bridging_lan_for_remote_access/
So basically, we need to adjust the IP Tables. I used the same method as in my post above via using the terminal addon. However for IP Tables the terminal addon even works when protection mode is enabled.
So first i checked my current iptables with this command:
iptables -L
then i added my network and all the VLANs: (enp2s0 = NIC ID for my LAN Network. ztc**** = NIC ID for my ZeroTier Lan.) You can find it easily via
ncmli connection
iptables -t nat -A POSTROUTING -o enp2s0 -j MASQUERADE
iptables -t nat -A POSTROUTING -o enp2s0.10 -j MASQUERADE
iptables -t nat -A POSTROUTING -o enp2s0.20 -j MASQUERADE
iptables -t nat -A POSTROUTING -o enp2s0.30 -j MASQUERADE
iptables -A FORWARD -i enp2s0 -o ztc****** -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A FORWARD -i enp2s0.10 -o ztc****** -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A FORWARD -i enp2s0.20 -o ztc****** -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A FORWARD -i enp2s0.30 -o ztc****** -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A FORWARD -i ztc****** -o enp2s0 -j ACCEPT
iptables -A FORWARD -i ztc****** -o enp2s0.10 -j ACCEPT
iptables -A FORWARD -i ztc****** -o enp2s0.20 -j ACCEPT
iptables -A FORWARD -i ztc****** -o enp2s0.30 -j ACCEPT
Now it is time to also configure the Zero Tier network. So simply login to your zerotier network website https://my.zerotier.com/
In “Managed Routes” you need to add for every LAN or VLAN to the “Destination” side and on the “via” side you add the ZeroTier IP of the Hassio Addon.
This can look like this in the end:
And with this its done. I now can ping and access all of my Lan (& VLAN) devices via ZeroTier.
Hi, thanks a lot for your post, do you mind helping me a bit. So I have HASSIO and this ZeroTier One addon. All is working fine.
I can access from outside my LAN only the devices in my network that have a ZeroTier program (HASSIO, a QNAP, PI3), all the other I can’t access.
On my HASSIO/NUC if I do iptable -L I have this
me@ubuntu:~$ sudo iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy DROP)
target prot opt source destination
DOCKER-USER all -- anywhere anywhere
DOCKER-ISOLATION-STAGE-1 all -- anywhere anywhere
ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED
DOCKER all -- anywhere anywhere
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED
DOCKER all -- anywhere anywhere
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED
ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED
ACCEPT all -- anywhere anywhere
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Chain DOCKER (2 references)
target prot opt source destination
ACCEPT tcp -- anywhere 172.17.0.2 tcp dpt:8126
ACCEPT tcp -- anywhere 172.30.33.0 tcp dpt:8884
ACCEPT tcp -- anywhere 172.30.33.0 tcp dpt:8883
ACCEPT tcp -- anywhere 172.30.33.0 tcp dpt:1884
ACCEPT tcp -- anywhere 172.30.33.0 tcp dpt:1883
ACCEPT tcp -- anywhere 172.30.33.1 tcp dpt:tproxy
ACCEPT tcp -- anywhere 172.30.33.2 tcp dpt:9541
ACCEPT udp -- anywhere 172.30.33.3 udp dpt:21027
ACCEPT tcp -- anywhere 172.30.33.3 tcp dpt:8384
ACCEPT udp -- anywhere 172.30.33.4 udp dpt:ntp
ACCEPT tcp -- anywhere 172.30.33.7 tcp dpt:8086
ACCEPT tcp -- anywhere 172.30.33.8 tcp dpt:ssh
ACCEPT tcp -- anywhere 172.30.33.9 tcp dpt:9050
ACCEPT tcp -- anywhere 172.30.33.11 tcp dpt:5037
ACCEPT tcp -- anywhere 172.30.33.12 tcp dpt:7277
ACCEPT tcp -- anywhere 172.30.33.13 tcp dpt:8000
ACCEPT tcp -- anywhere 172.30.33.14 tcp dpt:https
ACCEPT tcp -- anywhere 172.30.33.14 tcp dpt:81
ACCEPT tcp -- anywhere 172.30.33.15 tcp dpt:mmcc
ACCEPT tcp -- anywhere 172.30.33.14 tcp dpt:http
ACCEPT tcp -- anywhere 172.30.33.15 tcp dpt:5000
Chain DOCKER-ISOLATION-STAGE-1 (1 references)
target prot opt source destination
DOCKER-ISOLATION-STAGE-2 all -- anywhere anywhere
DOCKER-ISOLATION-STAGE-2 all -- anywhere anywhere
RETURN all -- anywhere anywhere
Chain DOCKER-ISOLATION-STAGE-2 (2 references)
target prot opt source destination
DROP all -- anywhere anywhere
DROP all -- anywhere anywhere
RETURN all -- anywhere anywhere
Chain DOCKER-USER (1 references)
target prot opt source destination
RETURN all -- anywhere anywhere
Then I do this (enp0s25 is the name of my NIC oif the HASSIO/NUC, zthnxxxo is the ZT1 name, both I got via ifconfig)
me@ubuntu:~$ sudo iptables -t nat -A POSTROUTING -o enp0s25 -j MASQUERADE
me@ubuntu:~$ sudo iptables -A FORWARD -i enp0s25 -o zthnxxxo -m state --state RELATED,ESTABLISHED -j ACCEPT
me@ubuntu:~$ sudo iptables -A FORWARD -i zthnxxxo-o enp0s25 -j ACCEPT
then did this in ZT1 configuration (192.168.192.12 is the ZT1 address of the HASSIO/NUC, which has a local LAN 192.168.1.12)
Now I can access from outside the LAN
192.168.1.12
192.168.192.xxx (xxx my devices that have ZT1 apps)
but not the other 192.168.1.yyy
EDIT, never mind it works, after switching OFF and ON again the Zerotier of my Android!!!
Wow, I was looking for a reliable solution as this since the 90s!!
BTW I did NOT do the following
" make sure you have allowManaged=1
in your /var/lib/zerotier-one/networks.d/###.local.conf file or whatever is respective to your system"
Ah yes me neither As I read in the reddit thread this also seems not to be a requirement for this solution
Hi, there is a pi3 that I need to reach and can’t since I did your suggestions, nothing i do works.
Wish now to go back, any clue on how to remove those iptables?
Just restart. That should wipe the additional rules.
Or:
From:
List all commands that were used to create the currently used rules, useful to edit or delete rules.
sudo iptables -S
To delete a specific rule choose a rule from sudo iptables -S
and replace -A
with -D
.
# -A INPUT -p tcp -m tcp --dport 22 -j ACCEPT
sudo iptables -D INPUT -p tcp -m tcp --
I think I know what hapend (?). Basically if I use your tecquique AND keep zerotier client in a pi3 it does have problems with the pi3, its enough to uninstall zerotier one from the pi3 and UNCHECK the device in the zerotier network webui.
If , as I did, you DELETE the device from the zerotier network webui the pi3 disappears entirely from the network, do you know how to get it back?. Nothing I did works
I noticed that when you click DELETE you get this message
“This marks a member as permanently hidden and banned. Deleted member records are purged from the database after a period of time. To “un-delete” manually add the member.”
. (How to “add the member” back???
What I did is reflash the SD card of the pi3, and NOT install Zerotier on it.
My goal is still accomplished since I can reach the devices at 192.168.1.xxx outside my LAN.
To manually add, just note the Address (10 Digits looks similar to a MAC) and add it to the add manual field in ZeroTier website
Ok, but which address is that? Since I delete that pi3, I do not have that address anymore (?)
For example when you start the Hassio Addon, it shows the address in the Log:
[12:22:04] INFO: ZeroTier node address: XXYY0011ZZ
You can probably see the same when you installed it manually on Linux. Just check the manual or logs when you start it.
very good,thank you
Hi, never mind, the easiest and fastest solution is to delete the zerotier network and redo another one (I think zerotier has a small bug when you delete a member, because you simply can’t add it again).
From scratch to fully working it takes 5 minutes at the most.
Great tool, and great instructions, thanks a lot
Some new updates… since there is no Hassio Addon available so far for Face/Person Recognition via Camera i decided to first try to install Facebox via docker-compose and get it to run.
This means basically following this guide:
So i logged into my Ubuntu via SSH and created a new folder for facebox where i could add my docker-compose.yml for it:
mkdir facebox
cd facebox
nano docker-compose.yml
In the docker compose i added this:
Important to note:
- In contrast to the official guide i do not have ${ YOURKEY } where the key goes.
This didnt work for me, only the plain key worked. - I added an additional environment attribute to load state (the faces i taught facebox) after every restart since facebox is stateless and does not save anything if your not a premium subscriber.
(This seems to only work from an web accessible address. I was not able to use filesystem for this.) - Since i already use port 8080 for the unifi addon, i had to switch the listening port to something different. i chose 8083 for it.
- I had to use the _noavx version since my CPU seems to not be supported.
version: '3'
services:
facebox:
image: machinebox/facebox_noavx
container_name: facebox
restart: unless-stopped
ports:
- 8083:8080
environment:
- MB_KEY=YOURKEY
- MB_FACEBOX_DISABLE_RECOGNITION=false
- MB_FACEBOX_STATE_URL=https://myserver.duckdns.org/local/facebox/state/state.facebox
Hassio configuration:
I use this in my configuration.yaml:
image_processing: !include image_processing.yaml
And then for the image_processing.yaml itself:
- platform: facebox
ip_address: localhost
port: 8083
scan_interval: 10000
source:
- entity_id: camera.xiaomilivingroom
name: FaceBox
I chose the scan_interval of 10000 because of this post:
It makes a lot of sense to me, to only manually trigger the scanning. i.e.: When motion is detected.
I also used the python script robmarkcole posted here to automate the teaching:
For this i created a new facebox folder in my home assistant shared folder and for each person an extra folder with all the images. The script lies in the facebox folder and is simply called via:
python3 teach_facebox.py
After the teaching was done, i simply downloaded the state through the local website: localhost:8083 and added it as state.faceboy to my /config/www/facebox/state folder
Now, after every restart, it automatically load the state back into my facebox.
The automation for scanning and handling of the data i do via Node Red.
Forgive me mate, but i’m really noob with home assistant. I successful installed facebox, and it works. I was looking around for re-teach faces on restart. How do you add the state downloaded from the facebox frontend as state for facebox?
Nevermind, got it
Ok, i still have a problem. The state reloading only works if i manually restart the docker container of facebox, not if i restart the host machine. Why?
I finally got around to test this. And you are right.
I now implemented a new flow in my node-red, that upon restart just uploads the state file to my facebox.
Im using the simple URL method:
POST /facebox/state?url={url}
And then simply add the state file to my config/www folder to reference it in an absolute URL