Home Assistant unable to access websocket since moving to opnsense

Configuration
1

I have moved from a Netgear Orbi RBR850 to an N100 running opnsense. I’m running opnsense 25.7.5. In an effort to incrementally introduce complexity whilst focusing on stabilising my configuration, I am trying to replicate my previous network setup.

I have two interfaces:

  1. WAN - connects to a fibre ont
  2. LAN - connects to my unmanaged switch

I am using the following plugins to support Sonos and other device discovery:

  • IGMP Proxy
  • mDNS Repeater
  • UDP Broadcast Relay
  • Universal Plug and Play

My Node-Red container reports intermittent errors:

node-red  | 12 Oct 08:45:02 - [error] [api-call-service:Front Lamp] HomeAssistantError: NcpResetCode.ERROR_EXCEEDED_MAXIMUM_ACK_TIMEOUT_COUNT
node-red  | 12 Oct 08:49:14 - [error] [api-call-service:Front Lamp] HomeAssistantError: NcpResetCode.ERROR_EXCEEDED_MAXIMUM_ACK_TIMEOUT_COUNT
node-red  | [red] Uncaught Exception:
node-red  | 12 Oct 09:51:32 - [error] UnhandledPromiseRejection: This error originated either by throwing inside of an async function without a catch block, or by rejecting a promise which was not handled with .catch(). The promise rejected with the reason "3".
node-red  |     at throwUnhandledRejectionsMode (node:internal/process/promises:389:7)
node-red  |     at processPromiseRejections (node:internal/process/promises:470:17)
node-red  |     at process.processTicksAndRejections (node:internal/process/task_queues:96:32)
node-red  | 12 Oct 09:51:39 - [warn] Projects disabled : editorTheme.projects.enabled=false
node-red  | 12 Oct 09:51:39 - [error] [api-call-service:Front Outside] NoConnectionError
node-red  | 12 Oct 09:51:39 - [error] [api-call-service:Back Outside] NoConnectionError
node-red  | 12 Oct 09:51:39 - [error] [api-call-service:Side Outside] NoConnectionError
node-red  | 12 Oct 09:51:39 - [error] [api-call-service:Bonus String] NoConnectionError
node-red  | 12 Oct 09:51:39 - [error] [api-call-service:Bedroom 1 String] NoConnectionError
node-red  | 12 Oct 09:51:40 - [error] [api-call-service:Plant Lights] NoConnectionError

My Home Assistant container has errors that appear to relate to the websocket:

homeassistant  | 2025-10-12 10:26:25.163 ERROR (MainThread) [plexwebsocket] AIOHTTP websocket error
[homeassistant.components.websocket_api.http.connection] [139651724650400] from 192.168.1.130 (Home Assistant/2025.8.7-17352 (Android 16; Pixel 6)): Unexpected error inside websocket API
homeassistant  | 2025-10-12 14:38:43.694 ERROR (MainThread) [homeassistant] Error doing job: Task exception was never retrieved (None)
homeassistant  |     raise zigpy.exceptions.DeliveryError(
homeassistant  | zigpy.exceptions.DeliveryError: Failed to enqueue message: <sl_Status.ZIGBEE_MAX_MESSAGE_LIMIT_REACHED: 3075>
homeassistant  | 2025-10-12 16:52:10.673 ERROR (MainThread) [homeassistant.components.tautulli] Error fetching tautulli data: Request timeout for 'http://192.168.1.95:8282/api/v2?apikey=[REDACTED_API_TOKEN]&cmd=get_home_stats'
homeassistant  | 2025-10-12 16:52:10.720 WARNING (MainThread) [homeassistant.components.mqtt.client] Error returned from MQTT server: The connection was lost.
homeassistant  | 2025-10-12 16:56:08.129 ERROR (MainThread) [zigpy.zcl] [0x3084:1:0x0b04] Traceback (most recent call last):
homeassistant  |         t.NcpResetCode.ERROR_EXCEEDED_MAXIMUM_ACK_TIMEOUT_COUNT
homeassistant  | bellows.ash.NcpFailure: NcpResetCode.ERROR_EXCEEDED_MAXIMUM_ACK_TIMEOUT_COUNT

I’ve got a bunch of Floating Firewall Rules for various multicast ports:

firewall rules 690x499
firewall rules 690x4991812×1311 339 KB

Am I missing any for the websockets for HA?

2

Here is a summary of the issue.

Issue
Web connection to Home Assistant fails every 40-60 seconds. Logs indicate a websocket issue.

Host
Intel NUC7CJYHN 16GB RAM 500GB SSD

Services

Service IP and Port MQTT Topic HA Connection
homeassistant 192.168.1.93:8123 homeassistant 192.168.1.93:1883 n/a
mqtt 192.168.1.93:1883 n/a any 192.168.1.93:1883
node-red 192.168.1.93:1880 192.168.1.93:1883 192.168.1.93:8123
zigbee2mqtt 192.168.1.93:8321 zigbee2mqtt 192.168.1.93:1883 mqtt discovery
zwave-js-ui 192.168.1.93:8091 zwave 192.168.1.93:1883 websocket 192.168.1.93:3000

All services are run in docker containers. All connections use host IP addresses and ports.

Behaviour
Since migrating from my Netgear router to opnsense, home assistant has been unstable. The ui will become unresponsive and restart multiple times.

Initial errors in the log files indicated timeouts, usually with the Zigbee Home Automation service.

homeassistant  | 2025-10-13T14:15:59.106199110Z bellows.ash.NcpFailure: NcpResetCode.ERROR_EXCEEDED_MAXIMUM_ACK_TIMEOUT_COUNT␛[0m
homeassistant  | 2025-10-13T14:15:59.229743107Z ␛[31m2025-10-13 08:15:59.184 ERROR (MainThread) [homeassistant.components.websocket_api.http.connection] [140318389399968] Unexpected exception
homeassistant  | 2025-10-13T14:15:59.231156264Z bellows.ash.NcpFailure: NcpResetCode.ERROR_EXCEEDED_MAXIMUM_ACK_TIMEOUT_COUNT␛[0m
homeassistant  | 2025-10-13T14:15:59.465955299Z ␛[31m2025-10-13 08:15:59.464 ERROR (MainThread) [homeassistant.components.websocket_api.http.connection] [140318389399968] Error during service call to light.turn_on: Failed to send request: ApplicationController is not running␛[0m
homeassistant  | 2025-10-13T14:17:52.757669048Z ␛[33m2025-10-13 08:17:52.751 WARNING (MainThread) [homeassistant.components.media_player] Updating webostv media_player took longer than the scheduled update interval 0:00:10␛[0m
homeassistant  | 2025-10-13T14:17:52.769933176Z ␛[33m2025-10-13 08:17:52.751 WARNING (MainThread) [homeassistant.helpers.entity] Update of media_player.lg_webos_tv_bedroom1 is taking over 10 seconds␛[0m
homeassistant  | 2025-10-13T14:17:52.919683463Z ␛[31m2025-10-13 08:17:52.910 ERROR (MainThread) [homeassistant.components.tautulli] Error fetching tautulli data: Request timeout for 'http://192.168.1.95:8282/api/v2?apikey=[REDACTED_API_TOKEN]&cmd=get_home_stats'␛[0m
homeassistant  | 2025-10-13T14:17:52.937803502Z ␛[33m2025-10-13 08:17:52.931 WARNING (MainThread) [zigpy.application] Watchdog failure
homeassistant  | 2025-10-13T14:17:53.302102073Z ␛[31m2025-10-13 08:17:53.301 ERROR (MainThread) [homeassistant.components.websocket_api.http.connection] [140318389399968] Error during service call to light.turn_on: Failed to send request: ApplicationController is not running␛[0m

Troubleshooting
In an effort to resolve this, the following steps were taken:

  1. Add Firewall Floating Rule for ports 8123 and 1883 - no obvious impact
  2. Migrate from Zigbee Home Assistant to zigbee2mqqt - reduced errors in Home Assistant but did not change behaviour
  3. Change version of Home Assistant from latest to 2025.9 - no obvious impact

Current State
I am running Home Assistant 2025.9 in host networking mode. The web ui will work for 30-50 seconds then become unresponsive. The message “Connection lost. Reconnecting…” appears on the UI and 20-30 seconds later the page is responsive again.

3

Getting very odd spikes between resets too:

processor
processor768×475 41.9 KB

memory
memory766×471 38.5 KB