I currently have home assistant (on RPi5) and all IOT devices on a VLAN (10.10.1.xxx) separated from my main network (192.168.60.XXX). This all works well. I recently installed AdGuard on Home Assistant with a basic configuration. I set my router DNS setting to 10.10.1.201 (home assistant IP). AdGuard is only receiving DNS lookups from my IOT devices on the 10.10.1.XXX network. AdGuard is NOT receiving lookups from the 192.168.60.XXX devices. I have added 192.168.60.1 as a persistent DNS client. I have a router firewall rule to allow communication between 192.168.60.1/24 and 10.10.1.201 devices. Any guidance will be much appreciated.
Hi dreato,
Just so you know, HA is not designed for segmented networks, so your configuration network-wise is self supported. Those DNS man-in-the-middle attack programs also are not designed for segmented networks.
I don’t know what you are gaining by using either of these, and using them together is very complicated, likely not worth the trouble.
The support is likely going o come from you as you are the ouly one with physical access to this ‘network’.
I would do a lot of reading and understanding what you are doing before trying to do something like this. I wouldn’t touch it with 50 feet of cat6 wire…
I have adguard and vlan ssid over my local network.
Unlike you I use vlan ssid to segregate wifi devices from my main network. Ha and adguard are part of my main network and are running in docker containers.
Unlike many others I do use ssl over local wifi and my own custom CA.
I don’t have an answer to your question, but I think that you might be done something wrong.
in my option ha should be part of trusted network and other devices, mainly wifi as now days nearly everything is using wifi, should be on separate vlan ssid(s). Of course you can separate and lan devices if you think they should go to different vlan.
I understand what you’re saying. I’ll keep the IOT devices on a separate VLAN, and put the RPi with HA on the main network, with firewall rules to allow communication. This makes sense and I’ll try it.
Just open ports that are actually needed for comunication between ha and wifi devices. Check firewall logs for ports if yiu havn’t already.
And use static ip on vlan ssid if you can that you can open specific port for specific device and enable client isolation on vlan ssid.
And that should be it.
And yes you will probably need mdns reflector on vlan.