I’ll preface this by saying that my knowledge of networking is limited, so if I misinterpreted something, please correct me. I’m learning based on my needs.
Newbie here with a brand new install of home assistant on a raspberry pi. Then, after doing a little research,(https://youtu.be/5rFWcukwCzU) I realized that getting the tailscale app on my phone and addon on HA would be the easiest way for me to access HA app on my android. My ISP was being a pain about port forwarding.
Next, I decided I want to integrate HA with Google home to get access to those sweet voice commands. Looking at a tutorial for that, I’d need an https URL to achieve that. As I’ve already mentioned, port forwarding was a no go, so I had to scratch DuckDNS. While looking at documentation, I realized Tailscale has it’s own DNS Service(MagicDNS).
But a few steps down the instructions, I got stuck as I have no idea the instructions mean.
For reference:
The instructions are posted at
Configure HTTPS
To be able to provision TLS certificates for devices in your tailnet, you need to:
Under “Feature previews”, click “Configure HTTPS”.
Acknowledge that your machine names and a domain alias for your tailnet will be published on a public ledger.
For each machine you are provisioning with a TLS certificate, run tailscale cert on the machine to obtain a certificate.
So far, I have followed up to step 5. However, have little clue how to implement step 6.
I am guessing it is a Linux command I have to run. I tried getting the terminal addon on HA and running it there, but it didn’t recognize the Tailscale command. Please note that I have never used Linux either.
I am hoping someone will be able to help me figure this out
If you don’t have port forwarding working, then I believe the only way you’ll be able to do the Google integration is if you have a NabuCasa subscription.
The Google integration requires that the HA instance is accessible on the internet without a VPN as Google’s systems need to be able to talk directly to HA, it’s not HA talking to Google (though it does that too).
Agree with Andrew above - Tailscale would not help here.
The instructions you had is about enabling https between 2 Tailscale nodes.
So, since your Tailscale nodes obviously could not / would not include any Google’s server, that feature would not be applicable for your use case.
Welp, there go my hopes of that Avenue. @k8gg and @tykeal , Thanks for explaining the “why” of it. Are there any easily digestible material you could suggest that’d give me a decent starting point? I need to get to know the different technologies that HA uses. I’m basically trying to get a grasp of what is capable of doing what. understand the capability of the tools at my disposal. Feel rather blind rn.
If I might ask. What was the problem you had with port forwarding? It’s been a long time since I encountered an ISP that blocks incoming port 80 and 443. I know of many that still block outgoing port 25 (mail) to counter SPAM bots, but that’s about all
Not at all. This is suburban India where ISPs do what they want. I called, they bluntly told me I either purchase a static IP or shove off. Been raising hell with them for a week. It took me 4 days to get someone from the tech team on the phone in the first place
Static vs dynamic IPs aren’t going to matter. And with a DDNS setup (like using DuckDNS) if everything is configured correctly the DNS entry will point correctly.
The real issue with port forwarding is usually in configuring your home router to do the pass through.
Oh I’m well aware that it’s not going to matter. Duck DNS was the first thing I tried. Unfortunately, there are other layers between me and my outward facing ip. What I see at my end and my outward ip are different. Unfortunately, port forwarding is blocked from the ISP end. I have tried from my router and ONU unit, then used port checking. Always ended with a refused connection. I’m happy to try any suggestions you might have
Do you have an ISP supplied modem?
Do you have your own router behind that modem?
That’s the first thing I would start with in a troubleshoot.
If your connection looks something like this:
ISP <-> ISP supplied modem <-> Home Router <-> WiFi / Ethernet <-> your device
That’s where things can get weird. Most times, ISP supplied modems are configured to act as a router / wifi access point. When you stick your own router behind it you likely end up in a double NAT configuration. This can be a bit tricky to unwind.
The first step in doing so would be to get into your own router and make sure that the port forwarding is properly configured for your device. The second step would then be to get into the ISP supplied modem and make sure it’s configured to port forward to the “external” IP address of your home router.
Alternatively, if you can put your ISP supplied modem into bridge mode, then it would effectively move your home router to living directly on the internet and all port forwarding would just be managed there.
regarding port forwarding - I use t-mobile’s 5g home internet service that does not offer any port forwarding. So I too was looking at tailscale as a solution to connect google assistant to HA. That seems to be a dead end for me for the reasons already stated.
I wonder if nabu casa would even work given the lack of port forwarding.
Good news, I gave it a try and it turns out that nabu casa works just fine with the t-mobile 5g home internet service. The HA folks must be doing some serious magic to make it work. Nice.
what you are facing is a CG-NAT. This means in simple terms that your local ISP IP is different from the internet side IP. I faced the same problem, still looking for a solution for HTTPS access. HTTPs behind CGNAT - #34 by yousaf465
Hi
Long time from the last messages in this topic. I think the original question is still partly unanswered. " 6. For each machine you are provisioning with a TLS certificate, run tailscale cert on the machine to obtain a certificate."
Has anyone figured out already how to “run tailscale cert” in HA machine, especially hassio raspberry set-up, in order to get https activated at machine level.
