Ahh I read that as saying you couldn’t re-authenticate after the 1 month period was up-- thanks for the correction.
Anyway, at this point I would recommend using Tailscale to access Home Assistant remotely. Nobody needs third parties to login interactively, and the source IP constraints I have in the OP let Google Assistant connect. Or Alexa, if someone finds those source IPs.
I went through the setup guide, during the first start it created a random Hostname, fine. I then went into configuration tab and set up a subdomain hostname and restarted. Only then did I think to look at the log. I copied and pasted the url in the log and authenticated with cloudflare. It proceeded to do this:
If you wish to copy your credentials to a server, they have been saved to:
/root/.cloudflared/cert.pem
[10:09:53] INFO: Authentication successfull, moving auth file to the '/data' folder
[10:09:53] INFO: Checking for existing certificate...
[10:09:53] INFO: Existing certificate found
[10:09:53] INFO: Checking for existing tunnel...
[10:09:53] NOTICE: No tunnel file found
[10:09:53] INFO: Creating new tunnel...
Tunnel credentials written to /data/tunnel.json. Keep this file secret. To revoke these credentials, delete the tunnel.
Created tunnel homeassistant with id [REDACTED]
[10:09:55] INFO: Checking for existing tunnel...
[10:09:55] INFO: Existing tunnel with ID [REDACTED] found
[10:09:55] INFO: Checking if existing tunnel matches name given in config
[10:09:56] INFO: Existing Cloudflare Tunnel name matches config, proceeding with existing tunnel file
[10:09:56] INFO: Creating config file...
I can see the new hostname in my dns records panel on Cloudflare, and in the Zero Trust I see Status: “INACTIVE”:
And the logs keep showing this:
2023-09-12T08:24:40Z ERR Failed to create new quic connection error=“failed to dial to edge with quic: timeout: no recent network activity” connIndex=0 event=0 ip=[REDACTED]
When I try to open the new sub-domain DNS record I get this:
You’ve requested a page on a website (REDACTED) that is on the Cloudflare network. The host (REDACTED) is configured as an Argo Tunnel, and Cloudflare is currently unable to resolve it.
If you are a visitor of this website:
Please try again in a few minutes.
If you are the owner of this website:
Ensure that cloudflared is running and can reach the network. You may wish to enable load balancing for your tunnel.
What am I doing wrong? I using the standard Home Assistant install on a Raspberry Pi, and the “addon-cloudflared” from the brenner-tobias repo. On the Cloudflare Zero Trust, it says it’s “locally configured” and is asking if I want to migrate it:
EDIT (35 minutes later): I manually configured the tunnel and now I see a healthy status. When I visit the URL I get “400: Bad Request” anything else I have to do on the homeassisant (LAN) side?
EDIT (2 hours later): I finally got the tunnel to work. Changed some firewall settings and restarted home assistant seemed to fix that issue. Now I’m trying to setup “Smart Things” and it’s trying to use an incoming web hook but the url it trying to use is my internal IP address “192.168.100.2” instead of the external DNS tunnel hostname I’m using. Is there somewhere to configure this?
EDIT (2.5 hours later): Found a setting in Settings → System → Network to set an external hostname. That fixed the incoming web hooks issue. Still trying to work through the Samsung Smart Things API. But getting there. Leaving this here for anyone that might run into similar issues.
I’d be interested to know how to achieve this with Tailscale? I use HAOS and was using the Tailscale add on for a while. Then desired to add Google Assistant into my setup and ended up creating a Tailscale Funnel to give me an external URL I just don’t see a way of securing it like with Cloudflare authentication.
I thought you need an external domain to integrate with Google Assistant. Thanks!
You do need an external domain yes. Tailscale funnels get that for free, cloudflare you need your own, which costs a couple dollars a year if you don’t already have one.
My understanding is tailscale funnels can’t be secured on their end, which is the key point I address in the OP.
FYI, your IP address ranges have a duplicate.
Thanks, fixed.
I have a list of AWS us-east-1 IP addresses that I extracted via Excel from this link and it’s working well for me for my Alexa Smart Home Skill. It’s a lengthly list (896 IP ranges).
13.248.103.0/24
13.248.108.0/24
13.248.116.0/24
13.248.124.0/24
13.34.102.192/27
13.34.102.224/27
13.34.103.0/27
13.34.103.32/27
13.34.105.128/27
13.34.105.160/27
13.34.105.192/27
13.34.105.224/27
13.34.12.192/27
13.34.12.224/27
13.34.13.0/27
13.34.13.32/27
13.34.17.64/27
13.34.17.96/27
13.34.21.192/27
13.34.29.128/27
13.34.29.160/27
13.34.29.192/27
13.34.29.224/27
13.34.29.64/27
13.34.29.96/27
13.34.30.0/27
13.34.30.128/27
13.34.30.160/27
13.34.30.192/27
13.34.30.224/27
13.34.30.32/27
13.34.30.64/27
13.34.30.96/27
13.34.31.0/27
13.34.31.192/27
13.34.31.224/27
13.34.31.32/27
13.34.31.64/27
13.34.31.96/27
13.34.34.192/27
13.34.34.224/27
13.34.4.64/27
13.34.4.96/27
13.34.40.0/27
13.34.40.32/27
13.34.42.0/27
13.34.42.32/27
13.34.42.64/27
13.34.42.96/27
13.34.43.192/27
13.34.43.224/27
13.34.47.128/27
13.34.47.160/27
13.34.50.128/27
13.34.50.160/27
13.34.50.192/27
13.34.50.224/27
13.34.51.0/27
13.34.51.32/27
13.34.55.192/27
13.34.55.224/27
13.34.56.0/27
13.34.56.32/27
13.34.56.64/27
13.34.56.96/27
13.34.57.128/27
13.34.57.160/27
13.34.57.192/27
13.34.57.224/27
13.34.57.64/27
13.34.57.96/27
13.34.59.128/27
13.34.59.160/27
13.34.59.64/27
13.34.59.96/27
13.34.60.0/27
13.34.60.128/27
13.34.60.160/27
13.34.60.192/27
13.34.60.224/27
13.34.60.32/27
13.34.60.64/27
13.34.60.96/27
13.34.61.0/27
13.34.61.32/27
13.34.63.128/27
13.34.63.160/27
13.34.66.0/27
13.34.66.192/27
13.34.66.224/27
13.34.66.32/27
13.34.66.64/27
13.34.66.96/27
13.34.67.0/27
13.34.67.32/27
13.34.68.128/27
13.34.68.160/27
13.34.69.128/27
13.34.69.160/27
13.34.70.0/27
13.34.70.192/27
13.34.70.224/27
13.34.70.32/27
13.34.72.0/27
13.34.72.192/27
13.34.72.224/27
13.34.72.32/27
13.34.73.0/27
13.34.73.192/27
13.34.73.224/27
13.34.73.32/27
13.34.74.128/27
13.34.74.160/27
13.34.75.0/27
13.34.75.128/27
13.34.75.160/27
13.34.75.192/27
13.34.75.224/27
13.34.75.32/27
13.34.75.64/27
13.34.75.96/27
13.34.76.128/27
13.34.76.160/27
13.34.76.192/27
13.34.76.224/27
13.34.77.192/27
13.34.77.224/27
13.34.78.64/27
13.34.78.96/27
13.34.79.64/27
13.34.79.96/27
13.34.8.64/27
13.34.8.96/27
13.34.83.192/27
13.34.83.224/27
13.34.84.64/27
13.34.84.96/27
13.34.86.64/27
13.34.86.96/27
13.34.90.192/27
13.34.90.224/27
13.34.91.0/27
13.34.91.128/27
13.34.91.160/27
13.34.91.32/27
13.34.92.0/27
13.34.92.32/27
13.34.94.128/27
13.34.94.160/27
13.34.94.192/27
13.34.94.224/27
13.34.98.64/27
13.34.98.96/27
136.18.128.0/23
136.18.132.0/23
136.18.136.0/23
136.18.32.0/24
136.18.50.0/23
142.4.160.0/29
142.4.160.112/29
142.4.160.120/29
142.4.160.128/29
142.4.160.136/29
142.4.160.176/29
142.4.160.184/29
142.4.160.200/29
142.4.160.24/29
142.4.160.40/29
142.4.160.48/29
142.4.160.72/29
142.4.160.8/29
142.4.160.80/29
142.4.160.88/29
142.4.161.128/29
142.4.161.136/29
142.4.161.144/29
142.4.161.152/29
142.4.161.184/29
142.4.161.192/29
142.4.161.200/29
142.4.161.208/29
142.4.161.224/29
142.4.161.232/29
142.4.161.24/29
142.4.161.240/29
142.4.161.248/29
142.4.161.32/29
142.4.161.56/29
142.4.161.64/29
142.4.161.72/29
142.4.161.8/29
142.4.161.80/29
142.4.161.88/29
142.4.161.96/29
142.4.162.0/29
142.4.178.0/24
15.177.64.0/23
15.181.112.0/22
15.181.120.0/21
15.181.144.0/20
15.181.160.0/20
15.181.176.0/20
15.181.192.0/19
15.181.224.0/21
15.181.232.0/21
15.181.240.0/24
15.181.241.0/24
15.181.242.0/24
15.181.243.0/24
15.181.244.0/24
15.181.246.0/24
15.181.247.0/24
15.181.249.0/24
15.181.254.0/24
15.181.32.0/21
15.181.40.0/21
15.181.48.0/20
15.181.80.0/20
15.181.96.0/20
15.193.6.0/24
15.220.120.0/21
15.220.176.0/21
15.220.184.0/21
15.220.196.0/22
15.220.220.0/23
15.220.222.0/23
15.220.233.0/24
15.220.234.0/23
15.220.236.0/22
15.220.248.0/23
15.220.250.0/23
15.221.0.0/24
15.221.146.0/23
15.221.160.0/22
15.221.24.0/21
15.221.4.0/23
15.230.105.0/24
15.230.108.0/24
15.230.109.0/24
15.230.130.0/24
15.230.137.0/24
15.230.14.0/24
15.230.142.0/24
15.230.145.0/24
15.230.147.0/24
15.230.148.0/24
15.230.157.0/24
15.230.162.0/24
15.230.168.0/24
15.230.169.0/31
15.230.169.2/32
15.230.169.3/32
15.230.169.4/31
15.230.169.6/31
15.230.18.0/24
15.230.184.0/24
15.230.192.0/24
15.230.193.0/24
15.230.201.0/24
15.230.204.0/25
15.230.205.0/24
15.230.206.0/24
15.230.208.0/24
15.230.214.0/24
15.230.216.0/31
15.230.216.10/32
15.230.216.11/32
15.230.216.2/31
15.230.216.4/31
15.230.216.6/31
15.230.216.8/32
15.230.216.9/32
15.230.218.0/24
15.230.220.0/24
15.230.221.0/24
15.230.242.0/24
15.230.245.0/24
15.230.248.0/24
15.230.254.0/31
15.230.254.2/31
15.230.254.4/32
15.230.35.0/24
15.230.38.0/24
15.230.40.0/24
15.230.48.0/24
15.230.56.0/24
15.230.57.0/24
15.230.65.128/25
15.230.66.0/25
15.230.66.128/25
15.230.83.0/24
15.230.87.0/24
15.230.95.0/24
15.251.0.10/32
15.251.0.11/32
150.222.100.0/24
150.222.103.0/24
150.222.110.0/24
150.222.137.0/24
150.222.138.0/24
150.222.143.0/24
150.222.15.124/32
150.222.15.125/32
150.222.15.126/32
150.222.15.127/32
150.222.2.0/24
150.222.205.0/24
150.222.206.0/24
150.222.211.0/24
150.222.212.0/24
150.222.216.0/24
150.222.218.0/24
150.222.222.0/24
150.222.223.0/24
150.222.224.0/24
150.222.226.0/24
150.222.227.0/24
150.222.236.0/24
150.222.237.0/24
150.222.32.0/24
150.222.33.0/24
150.222.34.0/24
150.222.66.0/24
150.222.68.116/31
150.222.71.0/24
150.222.73.0/24
150.222.76.0/24
150.222.79.0/24
150.222.87.0/24
150.222.99.0/24
151.148.36.0/24
151.148.8.0/21
16.182.0.0/16
16.56.0.0/18
161.178.0.0/18
161.178.128.0/18
161.193.0.0/18
162.250.236.0/24
162.250.237.0/24
162.250.238.0/23
172.96.97.0/24
173.83.200.0/22
174.129.0.0/16
176.32.120.0/22
176.32.124.128/25
176.32.125.128/25
176.32.96.0/21
18.204.0.0/14
18.206.107.160/29
18.206.107.24/29
18.208.0.0/13
18.209.113.240/28
18.209.113.64/27
18.213.156.96/28
18.232.0.0/14
18.232.1.128/26
18.232.1.192/26
18.232.1.32/30
18.232.1.36/30
18.232.1.40/30
18.232.1.44/30
18.232.1.48/28
18.232.1.64/26
18.34.0.0/19
18.34.232.0/21
18.88.0.0/18
18.89.128.0/18
184.72.128.0/17
184.72.64.0/18
184.73.0.0/16
192.43.175.0/24
199.127.232.0/22
204.236.192.0/18
204.45.0.0/16
205.251.225.0/24
205.251.240.0/22
205.251.244.0/23
205.251.246.0/24
205.251.247.0/24
205.251.248.0/24
207.171.160.0/20
207.171.176.0/20
208.110.48.0/20
208.86.88.0/23
209.54.176.0/21
216.182.224.0/21
216.182.232.0/22
216.182.238.0/23
23.20.0.0/14
3.2.0.0/24
3.2.2.0/24
3.2.3.0/24
3.2.36.0/25
3.2.41.0/26
3.2.47.0/25
3.2.50.0/24
3.2.51.0/24
3.2.52.0/24
3.208.0.0/12
3.208.72.176/28
3.209.202.48/28
3.209.83.0/27
3.209.83.144/28
3.209.83.160/27
3.209.83.192/26
3.209.83.32/27
3.209.83.64/27
3.209.83.96/27
3.209.84.0/25
3.209.84.128/25
3.209.85.0/25
3.209.85.128/27
3.209.85.160/27
3.209.85.192/27
3.209.87.0/25
3.209.87.128/25
3.216.135.0/24
3.216.136.0/21
3.216.144.0/23
3.216.148.0/22
3.216.99.160/27
3.217.228.0/22
3.218.180.0/22
3.218.180.0/25
3.218.180.128/25
3.218.181.0/25
3.218.181.128/25
3.218.182.0/25
3.218.182.128/25
3.218.183.0/25
3.218.183.128/25
3.224.0.0/12
3.227.250.128/25
3.227.4.0/22
3.228.170.0/26
3.228.170.128/25
3.228.170.64/26
3.228.171.0/25
3.228.171.128/25
3.228.172.0/25
3.228.172.128/25
3.228.173.0/25
3.228.173.128/26
3.228.173.192/26
3.228.181.0/24
3.228.182.0/31
3.228.182.10/32
3.228.182.100/32
3.228.182.46/31
3.228.182.48/28
3.228.182.5/32
3.228.182.6/31
3.228.182.64/27
3.228.182.8/31
3.228.182.96/30
3.231.2.0/25
3.234.232.224/27
3.234.248.192/26
3.235.112.0/21
3.235.189.100/30
3.235.189.96/30
3.235.202.128/26
3.235.26.0/23
3.235.32.0/21
3.236.169.0/25
3.236.169.192/26
3.236.32.0/22
3.236.48.0/23
3.236.94.128/25
3.237.107.0/25
3.238.166.0/24
3.238.167.0/24
3.238.178.100/30
3.238.178.104/29
3.238.178.112/29
3.238.178.120/31
3.238.178.128/27
3.238.178.160/29
3.238.178.168/30
3.238.178.172/30
3.238.178.176/28
3.238.178.192/30
3.238.178.196/32
3.238.178.197/32
3.238.178.198/31
3.238.178.200/29
3.238.178.208/28
3.238.178.224/27
3.238.207.0/26
3.238.207.128/25
3.238.208.0/25
3.238.208.128/25
3.238.209.0/25
3.238.209.128/25
3.238.210.0/25
3.238.212.0/22
3.238.216.128/25
3.239.152.0/31
3.239.152.12/31
3.239.152.128/29
3.239.152.136/31
3.239.152.138/31
3.239.152.14/31
3.239.152.140/30
3.239.152.144/28
3.239.152.16/28
3.239.152.160/27
3.239.152.192/26
3.239.152.2/31
3.239.152.32/29
3.239.152.4/32
3.239.152.40/30
3.239.152.44/31
3.239.152.46/31
3.239.152.48/28
3.239.152.5/32
3.239.152.6/31
3.239.152.64/26
3.239.152.8/30
3.239.153.0/24
3.239.154.0/24
3.239.155.0/24
3.239.156.0/31
3.239.156.10/31
3.239.156.100/30
3.239.156.104/29
3.239.156.112/29
3.239.157.188/30
3.239.157.19/32
3.239.157.192/26
3.239.157.2/31
3.239.157.20/30
3.239.157.24/29
3.239.157.32/27
3.239.157.4/30
3.239.157.64/27
3.239.157.8/31
3.239.157.96/30
3.239.232.0/24
3.3.16.0/21
3.3.2.0/24
3.3.5.0/24
3.33.34.0/24
3.33.44.0/22
3.4.0.0/24
3.4.1.0/24
3.4.10.0/24
3.4.2.0/24
3.4.7.0/24
3.4.9.0/24
3.5.0.0/19
3.80.0.0/12
3.83.168.0/22
3.91.171.128/25
34.192.0.0/12
34.195.252.0/24
34.224.0.0/12
34.226.106.180/32
34.226.14.0/24
34.228.4.208/28
34.231.114.205/32
34.231.213.21/32
34.236.241.44/30
34.238.188.0/29
35.153.0.0/16
35.168.0.0/13
35.168.231.216/29
35.170.83.0/25
35.170.83.144/28
35.170.83.160/28
35.170.83.176/28
35.170.83.192/26
35.171.100.0/28
35.171.100.128/26
35.171.100.208/28
35.171.100.224/27
35.171.100.64/26
35.172.155.192/27
35.172.155.96/27
35.71.68.0/22
44.192.0.0/11
44.192.134.240/28
44.192.135.0/25
44.192.135.128/25
44.192.140.112/28
44.192.140.128/29
44.192.140.64/28
44.192.245.160/28
44.192.255.128/28
44.194.111.224/30
44.199.180.0/23
44.199.222.128/26
44.202.79.128/25
44.206.4.0/22
44.209.84.0/22
44.210.201.0/24
44.210.202.0/24
44.210.246.64/26
44.210.64.0/22
44.212.176.0/23
44.212.178.0/23
44.212.180.0/23
44.212.182.0/23
44.212.79.192/26
44.213.61.128/25
44.213.78.0/23
44.213.98.0/24
44.214.144.0/22
44.214.148.0/22
44.214.152.0/22
44.214.156.0/22
44.215.114.0/23
44.215.116.0/22
44.215.128.0/22
44.215.132.0/22
44.215.136.0/22
44.215.140.0/22
44.215.76.0/24
44.216.184.0/22
44.216.188.0/22
44.216.192.0/22
44.216.196.0/22
44.216.200.0/22
44.216.41.152/29
44.216.41.160/29
44.218.96.0/23
44.220.25.0/25
44.220.28.0/22
44.220.67.128/25
44.220.68.0/25
44.220.72.0/22
44.220.76.0/22
46.51.208.0/22
50.16.0.0/15
50.19.0.0/16
52.0.0.0/15
52.119.196.0/22
52.119.206.0/23
52.119.212.0/23
52.119.214.0/23
52.119.224.0/21
52.119.232.0/21
52.144.192.0/26
52.144.192.128/26
52.144.192.192/26
52.144.192.64/26
52.144.193.0/26
52.144.193.128/26
52.144.193.64/26
52.144.194.0/26
52.144.195.0/26
52.144.200.128/26
52.144.200.64/26
52.2.0.0/15
52.20.0.0/14
52.200.0.0/13
52.216.0.0/15
52.23.61.0/24
52.23.62.0/24
52.4.0.0/14
52.44.0.0/15
52.46.128.0/19
52.46.164.0/23
52.46.166.0/23
52.46.168.0/23
52.46.170.0/23
52.46.250.0/23
52.46.252.0/22
52.54.0.0/15
52.55.191.224/27
52.70.0.0/15
52.72.0.0/15
52.86.0.0/15
52.90.0.0/15
52.93.1.0/24
52.93.119.144/30
52.93.123.136/32
52.93.123.255/32
52.93.123.98/32
52.93.123.99/32
52.93.126.122/32
52.93.126.123/32
52.93.126.212/32
52.93.126.213/32
52.93.126.214/32
52.93.126.215/32
52.93.127.122/32
52.93.127.123/32
52.93.127.124/32
52.93.127.125/32
52.93.127.162/32
52.93.127.163/32
52.93.127.164/32
52.93.127.165/32
52.93.127.166/32
52.93.127.167/32
52.93.127.168/32
52.93.127.169/32
52.93.127.172/32
52.93.127.173/32
52.93.127.18/32
52.93.127.180/32
52.93.127.181/32
52.93.127.182/32
52.93.127.183/32
52.93.127.184/32
52.93.127.185/32
52.93.127.19/32
52.93.127.200/32
52.93.127.201/32
52.93.127.216/32
52.93.127.217/32
52.93.127.218/32
52.93.127.219/32
52.93.127.220/32
52.93.127.221/32
52.93.127.68/32
52.93.127.69/32
52.93.147.0/24
52.93.236.0/24
52.93.238.0/25
52.93.238.128/25
52.93.24.0/21
52.93.243.0/24
52.93.249.0/24
52.93.254.0/24
52.93.3.0/24
52.93.34.128/25
52.93.37.0/24
52.93.4.0/24
52.93.40.0/24
52.93.50.0/24
52.93.51.0/24
52.93.59.0/24
52.93.60.0/24
52.93.61.0/24
52.93.64.0/24
52.93.65.0/24
52.93.70.40/29
52.93.74.0/24
52.93.76.0/24
52.93.87.96/27
52.93.91.100/32
52.93.91.101/32
52.93.91.102/32
52.93.91.103/32
52.93.91.104/32
52.93.91.105/32
52.93.91.106/32
52.93.91.107/32
52.93.91.108/32
52.93.91.109/32
52.93.91.110/32
52.93.91.111/32
52.93.91.112/32
52.93.91.113/32
52.93.91.114/32
52.93.91.115/32
52.93.91.96/32
52.93.91.97/32
52.93.91.98/32
52.93.91.99/32
52.93.97.0/24
52.94.0.0/22
52.94.124.0/22
52.94.132.0/22
52.94.152.11/32
52.94.152.12/32
52.94.152.44/32
52.94.152.9/32
52.94.192.0/22
52.94.201.0/26
52.94.224.0/20
52.94.240.0/22
52.94.244.0/22
52.94.248.0/28
52.94.252.0/23
52.94.254.0/23
52.94.68.0/24
52.95.108.0/23
52.95.208.0/22
52.95.216.0/22
52.95.245.0/24
52.95.255.80/28
52.95.41.0/24
52.95.48.0/22
52.95.52.0/22
52.95.62.0/24
52.95.63.0/24
54.144.0.0/14
54.152.0.0/16
54.156.0.0/14
54.160.0.0/13
54.172.0.0/15
54.174.0.0/15
54.196.0.0/15
54.198.0.0/16
54.204.0.0/15
54.208.0.0/15
54.210.0.0/15
54.221.0.0/16
54.224.0.0/15
54.226.0.0/15
54.231.0.0/16
54.234.0.0/15
54.236.0.0/15
54.239.0.0/28
54.239.103.128/26
54.239.104.0/23
54.239.108.0/22
54.239.112.0/24
54.239.16.0/20
54.239.8.0/21
54.239.98.0/24
54.240.196.0/24
54.240.202.0/24
54.240.208.0/22
54.240.216.0/22
54.240.228.0/23
54.240.232.0/22
54.242.0.0/15
54.243.31.192/26
54.80.0.0/13
54.88.0.0/14
54.92.128.0/17
63.246.119.0/24
64.187.128.0/20
64.252.64.0/24
64.252.66.0/24
64.252.67.0/24
64.252.68.0/24
64.252.69.0/24
67.202.0.0/18
67.220.240.0/20
68.66.112.0/20
69.107.3.176/29
69.107.3.184/29
69.107.7.104/29
69.107.7.32/29
69.107.7.40/29
69.107.7.64/29
69.107.7.72/29
69.107.7.96/29
70.232.92.0/22
72.21.192.0/19
72.41.0.0/20
72.44.32.0/19
75.101.128.0/17
76.223.172.0/22
96.0.100.0/23
96.0.102.0/23
96.0.104.0/22
96.0.12.0/22
96.0.131.0/24
96.0.152.0/21
96.0.16.0/21
96.0.48.0/21
96.0.56.0/22
96.0.84.0/22
96.0.88.0/22
96.0.92.0/23
96.0.96.0/22
98.80.0.0/12
99.150.8.0/21
99.151.184.0/23
99.151.190.0/23
99.77.128.0/24
99.77.129.0/24
99.77.151.0/24
99.77.187.0/24
99.77.191.0/24
99.77.254.0/24
99.78.192.0/22
99.82.165.0/24
99.82.166.0/24
99.82.167.0/24
99.82.171.0/24
99.82.175.0/24
99.82.176.0/21
99.82.188.0/22
99.83.101.0/24
99.83.112.0/21
99.83.64.0/21
99.83.88.0/21
100.24.0.0/13
104.153.112.0/24
104.255.56.11/32
104.255.56.12/32
104.255.56.15/32
104.255.56.16/32
104.255.56.17/32
104.255.56.18/32
104.255.56.19/32
104.255.56.20/32
107.20.0.0/14
107.23.255.0/26
I tried for several hours to get a Cloudflare WARP client tunnel on my phone to work but to no avail and ended up using the HA Tailscale Add-on with Tailscale for Android.
*** Update ***
I ditched Tailscale for Android as it was killing my battery. Normal 2+ day battery life consumed in less than 10 hours! I first went with OpenVPN to my pfSense firewall which I got working but had to configure the OpenVPN for Android app to exclude the Android Auto app. I then re-attacked Cloudflare WARP and managed to find a way to get it working by configuring Split Tunnels in Coudflare to include only 192.168.1.0/24 for the WARP client plus enabling Proxy under Settings > Network.
Is that range Alexa-specific? Don’t want to allow all of US-east.
No, there’s no published IP ranges for just Alexa, and I’m pleased that Alexa continues to work with just that region since there are other US regions (us-east-2, us-west-1, us-west-2, us-gov-east-1, us-gov-west-1 and GLOBAL) Alexa could be running on. There’s a total of 9,787 ranges in that JSON list so limiting to 896 is substantial (only 9%)!
AWS us-east-1 is where my home-assistant custom skill is hosted and so is as narrow as I can make it and still have that skill work.
I’m happy to report that the occassional failed login attempts have ceased since narrowing my firewall to those Ip ranges!
Glad that works for you but I wouldn’t recommend it for others as it’s trivial to spin up a VM in US-East and bypass authentication. Certainly better then leaving everything open though!
Also, ensure you have a minimal number of user accounts configured in HA who can log on outside the local network and also configure 2FA for those accounts!
I just didn’t like seeing the failed logins occuring so I locked it down as best I could!
I’m no longer using Cloudflare tunnels and instead use OpenVPN to my pfSense firewall for Home Assistant and Vaultwarden. Port 443 on my firewall is open to AWS us-east-1 for the purpose of Alexa Media Player integration and Alexa custom skill for Home Assistant. I only have one HA user account with a 12 character complex password plus 2FA which can log into HA from outside the local network.
My concern is less brute forcing logins than a 0day vulnerability allowing attackers in. Every application sees 0days, nothing against home assistant. The only real defense is not allowing connections in the first place.
I keep a WireGuard VPN open to my LAN on my phone etc all the time anyway for adblocking so I access home assistant that way when required remotely.
I also have home assistant on an untrusted IoT VLAN with no access to my main LAN.
Thanks for this guide! 
I’ve got a question though. I set everything up and the cloudflare tunnel is working. Google Assistant can’t find my Home Assistant devices though.
I had Google Assistant working with duckdns + portforwarding before and when setting that up I had to enter the myname.duckdns.org:8123 url for the webhook and authorization. Do I now need to change that to the cloudflare tunnel address?
Yes of course.
Check that link out, it will most likely help solve your issue.
Interesting. That appears to be all outgoing IPs from Google services not specifically Google Assistant, which isn’t ideal. But it isn’t every IP range owned by the company either like the Amazon link earlier in the thread, which I find unacceptable. If people are seeing problems with Google assistant this post may be worth a shot.
Original source: App Engine 서비스의 아웃바운드 IP 주소 | Go 1.11용 App Engine 표준 환경 문서 | Google Cloud
instead of IP ranges (I still use GEO Location to block out most randoms )
I just protect mine with google accounts , cloudflare has another login portal that can be activated as a main gate before being redirected
If you need remote access in a web browser that should work fine.
Google Home and Alexa don’t know how to login to a google account to authenticate so they won’t work. The HA mobile apps can’t do it either.
I exclusively use the CF tunnel for Google Home. To access my HA remotely, I VPN Into my home LAN. And that’s basically what I recommend as the most secure option, setup a VPN or (much easier) use Tailscale.
I followed this guide along with
I can get the integration to work by adding the public host name under Tunnels but as soon as I add an entry to Applications with up-to-date Google IPs voice control breaks. any ideas? I currently have two applications set up. One that I use for remotely accessing HA which works fine with email login policy but the second one I created strictly for Google Home breaks functionality.
