I totally agree with you. If I activate IP’s or geolocation in the Cloudflare tunnel, Google Home services do not work. If you can explain a little more or make a project of how you have set up Nginx ssl Proxy for 443, I would appreciate it. Thank you
this doesn’t seems to work for me.
I see first message that link is established but then after a while i see another message (error. please try again later).
Any hint?
This is working well for Google Assistant:
Expression Preview
(http.request.uri.path contains "/api/google_assistant" and ip.geoip.asnum eq 15169) or (http.request.uri.path eq "/auth/token" and ip.geoip.asnum eq 15169) or (cf.tls_client_auth.cert_verified)
By using URI filtering you get only legitimate GA requests not google search bots etc.
The rule order looks like:
1 Like
it worked!
What the second rule does?
in my case, the issue about error 404 it was related to the authorization URL. Was missing /authorize at the end.
I have followed all the steps in the integration guide and the post above, but I am always getting a “Cannot reach [test] myapp” error when trying to link google home.
I have the WAF rules from here https://community.home-assistant.io/t/how-to-connect-google-assistant-using-the-cloudflare-tunnel/545574/23 and I am able to access my external url from the HA app and outside network.
I tried disabling the WAF rules altogether, but it still doesn’t work. I do have access rules setup for some emails and the one here https://community.home-assistant.io/t/howto-secure-cloudflare-tunnels-remote-access/570837.
My configuration.yaml lines are as follows:
google_assistant:
project_id: my_project_id
service_account: !include SERVICE_ACCOUNT.JSON
report_state: true
expose_by_default: true
I get 405: method not allowed when I try to access my /api/google_assistant and /auth/token from both my external and internal url.
Do I just need to wait for some time or is there something I am missing?
I think it was because of the access rules. I can link it if I disable access rules completely
Where exactly should I set this? I’ve clicked through the entire cloudflare panel but don’t see anything similar. Did I miss something or has cloudflare changed the interface?
Where/how did you disable the access rules? I’m out of ideas with what I can try now.
Previously I had Google Assistant working with duckDNS, but after I migrated to the Cloudflare solution I tried to redo the entire Google Assistant setup, but I just won’t work!
I’ve followed the steps in the thread’s initial post. I’ve recreated the project and actions in Google Console from scratch, using English as language and entered all the details that are needed for it to work.
I’m able to access Home Assistant remotely and I can curl /api/google_assistant and /auth/token and I get a "405: Method Not Allowed" response back.
But when I try to test/simulate the action on console.actions.google.com I only get a “We’re sorry, but something went wrong. Please try again.” when I ask the assistant something.
When I try to add the Home Assistant devices in the Google Home app I selected "[test] My App" and initially I get a message saying the link is successful, but then it continues to load and eventually I get a “Something went wrong. Please try again” message.
I’ve tried to add rules on Cloudflares in the section “Security > WAF > Custom rules”. The ones that @paulka007 listed here, what @mbe used here, and what @Arduxxxx posted here. But none of the variants make any difference when I add them to Cloudflare, same issue and errors.
Does anyone have any advice what I could try or what could be wrong? I’m using iOS by the way.
I meant the access rules under zero trust as mentioned here:
https://community.home-assistant.io/t/howto-secure-cloudflare-tunnels-remote-access/570837
I’m the exact same. I had Google assistant working from when I used DuckDNS but once I moved to Cloudflare, I was no longer able to sync new devices but could use existing devices. I tried a number of times to get it working with Cloudflare but did but succeed.
I have recently added some more devices I want to be able to control through Google assistant so had another look and even deleted the whole Google project to start again.
I am now left with the situation that I can get as far as logging in with my home assistant credentials in the Google Home app but get the “Cannot reach [test] myapp” as seen by others.
It is very frustrating as I now have lost the ability to control all my devices through Google assistant.
I’m in the same situation. I used to use DuckDNS but occasionally got responses to voice commands saying the Home Assistant could not be reached. So I implemented NGINX which worked fine for remote access but still got the same error. Having been through all the threads on this problem I decided to use Cloudflared so I now have my own domain which again works perfectly for remote access but I can’t link Google Home at all now.
I’ve recreated the project from scratch (with new name) on 4 or 5 occasions now. I have been through the latest iteration with a fine toothcomb and checked that the project name and server name in the SERVICE.ACCOUNT.JSON and in the /google_assistant_integ.yaml files are correct.
When I use my phone to link to the new project (through a browser window not the app, as suggested) I choose the new project. The next screen where you put in your username/password, where it says "you are about to give [your project] access to your Home Assistant instance has one of the old project names and I can’t see how to change it.
Oddly, that project still exists in Google Project but it doesn’t appear on Google Assistant as one of my projects (nor do some other attempts), so I can’t select it in the first place. But I have changed all the parameters in Google Project to the correct ones yet it still won’t connect. Obviously there is mismatch of server & project names internally in the two files I mentioned above (also probably a load of other mismatches in internal namings which I can’t see).
At the moment I’m not even sure I can easily go back to my original arrangement - but at least that worked some of the time!!!
I am stuck and have pretty much run out of ideas. Has anyone got any thoughts please?
I’ve tried so many things but still couldn’t solve it.
I configured 2 rules in the WAF to allow reachability of /auth/token and /api/google_assistant.
In the WAF logs I see the correct transit on the 2 endpoints but still the app add [test] goes to error
1 Like
Check if you have bot fight mode turned on. You need to turn it off for Google Assistant to reach your HA instance.
3 Likes
Created an account to thank you! 
My Google Assistant suddenly stopped working. I went through all the steps again and nothing worked. Disabling this Bot Fight mode was the solution!
I checked my Cloudflare setup and I do not have bot fight turned on so this solution did not work for me unfortunately
I am in the “tried everything” group and still getting “could not reach [test]…”
I had this working for almost 2 years prior and stopped working the other day so started fresh and followed almost every option here and same issue. Final option is nginx and port forward. Anyone else have any luck?
Same here. It worked for like a year, but suddenly it stopped.
follow multiple tuts, but still have ‘cannot reach [test] …’…
getting desperate here, and i’m not even a housewife…
Same problem here, I am not using cloudflared as I have read that something was blocked it on their end.
I use a standalone DNS
In my case it was application access rules that failed linking account. Don’t really like removing access rules to get it working. Anyone know of a solution that permits applicantion rules?