IP ban when using Android app

Hey. I have a problem where sometimes my Android app causes invalid credentials trying to login and then the IP is banned, this mostly happens while jumping between applications on my Oneplus 7T.

I’m running latest Home Assistant (0.112.4 at the moment) on HassOS 4.10 and the Android app is using 1.11.0-215.

I’ve put the threshold to 5 attempts and added my internal ip to trusted networks but it get banned anyway.

homeassistant:
  auth_providers:
    - type: trusted_networks
      trusted_networks:
        - 10.13.37.0/24

http:
  use_x_forwarded_for: true
  trusted_proxies:
    - 10.13.37.9
  ip_ban_enabled: true
  login_attempts_threshold: 5

Below are the logs where my internal IP of my phone gets banned despite being in the trusted_networks settings. And I get similar looking logs when using LTE and using the app.

2020-07-12 22:15:52 WARNING (MainThread) [homeassistant.components.http.ban] Login attempt or request with invalid authentication from 10.13.37.231
2020-07-12 22:15:52 WARNING (MainThread) [homeassistant.components.http.ban] Login attempt or request with invalid authentication from 10.13.37.231
2020-07-12 22:15:52 WARNING (MainThread) [homeassistant.components.http.ban] Login attempt or request with invalid authentication from 10.13.37.231
2020-07-12 22:15:52 WARNING (MainThread) [homeassistant.components.http.ban] Login attempt or request with invalid authentication from 10.13.37.231
2020-07-12 22:15:52 WARNING (MainThread) [homeassistant.components.http.ban] Login attempt or request with invalid authentication from 10.13.37.231
2020-07-12 22:15:52 WARNING (MainThread) [homeassistant.components.http.ban] Banned IP 10.13.37.231 for too many login attempts

What might be wrong? When using externally I use it through CloudFlare -> NGINX Proxy Manager -> Home Assistant. But internally it is direct connection from app to Home Assistant server.

It’s not exclusive to Android. The iOS app does it as well. Particularly when the app was running on wifi, backgrounded then used on cellular networks. Not always though. Really annoying that it requires a restart to clear the ban.

:frowning:

https://github.com/home-assistant/core/pull/18770

Ah. At least it’s not only me. And it seems like I’m a lousy searcher as well.

But surely there must be some kind of fix for this. I thought at least putting the IP on the trusted networks worked some way like a whitelist for it not to be banned, but apparently not.

I get this too on the iPhone and not even when I’m using the app at the time. Seems like it’s a newer issue for either HA or the app after I updated them. At least it’s not my wife’s phone or there’d be hell to pay. I’ve tried to delete old refresh tokens, made a long term one (not sure what that even does or if I did it right) but it’s pretty random. I have to VPN to a new get a new IP, delete the ban and then restart. It’s really embarrassing when are trying to show someone this awesome setup you have and then end up looking like a dumbass who forgot their password.

Same here, it happens with the official Android app or with WallPanel. Really painful.