In general, there is no need to install this repository on your Home Assistant instance. It is activated and added by Home Assistant by default.
However, if the repository is missing on your setup, adding this add-ons repository to your Home Assistant instance is pretty easy. In the Home Assistant add-on store, a possibility to add a repository is provided.
You can find the same by following the 1st link in the 1st post.
I already tried it yesterday. What I get when I try to import it is a message saying that the repository is not valid.
Another thing that I tried is to add the add-on as a custom add-on. Then it appear in the list of local add-ons but if I try to install it from there, it does nothing.
I thought that was not installing it but it seems that was just working. After a while, I saw it in the tab of the installed add-ons. I configured it with the networkId and now I can access directly using Zerotier.
Forgive the somewhat newbie question with regard to this integration:
Until recently, Iāve used āPort Forwardingā in my router to allow me to access my HomeAssistant installation when away from home. However, Iāve now switched to a new ISP that uses CGNAT on their network, meaning Iām now not able to use router āPort Forwardingā to access HomeAssistant remotely
Then I discovered ZeroTier and this brilliant integration. It works - itās great. However, after a lot of head scratching & messing around with Windows Firewalls, I think I have now realised that when this integration is operational within HomeAssistant, it means HomeAssistant is now no longer accessible on my home LAN using the original IP address. I now have to connect to my ZeroTier network, even when at home, in order to access HomeAssistant.
Is there not a simple solution that allows access to HomeAssistant on its normal IP address when at home, but when away from home I can connect my phone or laptop to my ZeroTier network and access HomeAssistant?
ie. I want HomeAssistant to be on both my networks - the local LAN and my ZeroTier network.
I thought I could do this by having two virtual network adapters on my HomeAssistant VM running in VirtualBox, but I couldnāt get that to work.
I also tried having my local LAN DHCP server farm out addresses 192.168.1.50-200 and set my ZeroTier virtual network to farm out addresses 192.168.1.201-250.
Is this problem the ābridgingā problem Iāve read about in this thread, but havenāt really understood?
Bill,
Iām not sure I can help you with your specific setup, but it shouldnāt be a problem to access Home Assistant directly on your local LAN or by ZeroTier. I am able to access by either method.
Are you using a web browser or the Home Assistant Companion app to access Home Assistant? The companion app may require a little setup for internal url and external url.
Iām just using a web browser to access my HomeAssistant, not the companion app (although I will try that to see it itās any different).
I shouldāve been a little clearer - I can access HomeAssistant from my local LAN, but only if I first connect via ZeroTier and āstopā the ZeroTier integration running. Then everything works just as it used to.
But I want to be able to leave the ZeroTier integration running and connect either from my LAN when at home OR via ZeroTier when away from home.
That shouldnāt the case though. Everyone else can access Home Assistant via itās local IP (or domain name) AND via itās Zero Tier IP address, without doing anything.
Err, well itās definitely what Iām experiencing.
While trying to figure out the issue, I completely reinstalled Windows, VirtualBox and even a new HomeAssistant VM and it still happens.
I install the ZeroTier integration in HA and join it to my ZeroTier network. Connect my phone to ZeroTier and I can open a browser to HA using the allocated ZeroTier IP address.
If I then stop & exit ZeroTier on my phone and Iām just on my WiFi home LAN, then I can no longer connect to HA on its original LAN IP address (because the ZeroTier integration in HA is still running).
If I reboot HomeAssistant (and the ZeroTier integration has 'Start on Boot = Off") then because the integration has not started, I can now open a browser onto HA using the original LAN IP address.
So whenever the integration is running, I have to use the ZeroTier IP address. When itās not running, I can use the original LAN IP address. But obviously I want to be able to use them simultaneously.
Im running HA in a VirtualBox VM with a single āBridgedā network adapter (with all default settings) so the VM gets allocated an IP address on my LAN by my router DHCP.
I mean it could be a weird virtualbox oddity, but most of us run Home Assistant of one form or another in a VM. I run mine on Xenserver and a friend runs his on Proxmox, and donāt experience this behaviour. Virtualbox should not care at all about the IP assigned from ZeroTier (or indeed from Wireguard or any other VPN). Home Assistant should not care either it should be getting a LAN IP address regardless of what VPN solutions are running. ZeroTier runs in a docker container, Home Assistant should not even be aware of the Zero Tier IP address let alone be binding to it.
EDIT: If you are running Virtual Box on the Windows Machine that has Zero Tier installed on it, then Virtual Box will see the virtual network interface, and may need to be configured to ignore it.
Well if you have the SSH/Terminal add-on installed, connect to Zero Tier and then open the SSH web interface and type ip addr show EDIT: Nevermind that doesnāt show the IP address of the hostā¦ hang on a minute.
So 192.168.68.139 is the original IP address of my HomeAssistant VM.
And 192.168.68.217 (as shown in the browser URL box) is the IP address allocated on my ZeroTier network.
With ZeroTier integration running, I can only connect using 192.168.68.217. if I stop the integration, then I can use 192.168.68.139
Ah now it all makes sense. You canāt have TWO networks running in the same address space, because the rules of how to route network traffic rely on networks being on different subnets.
If you are using 192.168.68.0/24 for your LAN, your ZeroTier needs to be on a different network - eg: 192.168.10.0/24 anything other than 192.168.68.x
Ah! Right. I had changed that earlier today because I had read stuff (probably even near the start of this thread!?) suggesting that it was necessary to have them in the same subnet but with non-overlapping IP allocation from DHCP & from ZeroTier.
But now that you have pointed this out, Iāve realised that this is when my problem started
Right so the way this stuff works - taking a computer with NO VPN as an example:
1 Network interface. 192.168.0.2. The network rules say that ALL traffic not destined for 192.168.0.0/24 should be sent to the router - and out on the internet.
2 Network Interfaces. 192.168.0.2 and 10.10.72.8. The network rules say that all traffic destined for 192.168.0.0/24 should go out on Interface 1. All traffic for 10.10.72.0/24 should go out on Interface 2. And ALL traffic not destined for either of those networks should go to the router, via the primary network interface - probably Interface 1 (192.168.0.2).
Now when you add virtual networks in to the mix, the rules get even more complicated. But taking your situation, if you have 192.168.68.0/24 on Interface 1, and then on a virtual network you have an IP address in the same address range as interface 1, the computer will EITHER continue to send all requests that should be going to the VPN, out on interface 1, or it will send ALL requests for ALL LAN traffic out to the VPN. Which option the computer uses, depends on what priority the interface has been assigned. But under either option - it will break stuff.
That tells the computer that the networks are linked.
In any case, itās a terrible idea as many other people in that thread point out. You really need to be good with your understanding of how networks communicate and route traffic, to be able to pull off stuff like that. The post a bit further down about installing ZeroTier on a Pi and enabling IP forwarding though, that is do-able. I donāt personally use Zero Tier I use Wireguard on a PI, with IP forwarding enabled - which allows me to access anything on my LAN from outside the network, without having to install anything on any of the other machines. And because my Wireguard setup points to my internal DNS server (which is Pi Hole), I get ad-blocking when I am connected to other peopleās networks.
Oh, now that sounds interesting - is it tricky to setup WireGuard VPN at home and use it to ātunnelā into my LAN when away from home? Can you point me at any reasonably comprehendible guides?
I have an rpi2b sitting in a drawer, an rpi0w already running Pi-hole, and an rpi4b running RaspberryPi OS with a 2nd HomeAssistant in a docker. Iāve also got a Win11 PC running VirtualBox - so plenty of places to put a WireGuard server isnāt there?
UPDATE: I did some Googling. Is it necessary for your WireGuard VPN server to have a static IP address from your ISP? I use 4G broadband at home, so my IP address on the internet changes all the time and because they use CGNAT I dont think I have a public facing IP address. Sorry for being off the thread topic.
UPDATE2: Seems not having a public IP address & being behind my ISPs CGNAT, means itās not easy to use a VPN tunnel into my network (looks like various workarounds using reverse tunnels & assorted cloud services). I think Iāll stick to this excellent HomeAssistant ZeroTier integration as it seems to do everything I need.
