Issues with no host internet connection

deanfourie · September 29, 2023, 11:45am

Ok, this problem is really beginning to piss me off.

I am blocking all outbound traffic and I have rules to allow DNS from my resolver only. My static settings have my DNS resolver set in the adapter settings, however still HA is unable to connect to the internet giving the “No Host Internet Connection” error.

If I disable my block all rule, everything works fine.

What’s it blocking that’s not allowing me to run updates?

Is HA DNS independent to the Debian DNS?

Everything else works, Cloudflare is able to connect, which means it obviously able to resolve DNS. I can browse HACS etc, just not update.

Any ideas? This should no be this hard.

Logger: homeassistant.components.websocket_api.http.connection
Source: components/hassio/update.py:169
Integration: Home Assistant WebSocket API (documentation, issues)
First occurred: 00:37:37 (11 occurrences)
Last logged: 00:46:53

[140561417019200] Error updating ESPHome: 'AddonManager.update' blocked from execution, no host internet connection
Traceback (most recent call last):
  File "/usr/src/homeassistant/homeassistant/components/hassio/update.py", line 167, in async_install
    await async_update_addon(self.hass, slug=self._addon_slug, backup=backup)
  File "/usr/src/homeassistant/homeassistant/components/hassio/handler.py", line 53, in _wrapper
    raise HassioAPIError(data["message"])
homeassistant.components.hassio.handler.HassioAPIError: 'AddonManager.update' blocked from execution, no host internet connection

The above exception was the direct cause of the following exception:

Traceback (most recent call last):
  File "/usr/src/homeassistant/homeassistant/components/websocket_api/commands.py", line 227, in handle_call_service
    await hass.services.async_call(
  File "/usr/src/homeassistant/homeassistant/core.py", line 1969, in async_call
    response_data = await coro
                    ^^^^^^^^^^
  File "/usr/src/homeassistant/homeassistant/core.py", line 2006, in _execute_service
    return await target(service_call)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/src/homeassistant/homeassistant/helpers/entity_component.py", line 235, in handle_service
    return await service.entity_service_call(
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/src/homeassistant/homeassistant/helpers/service.py", line 870, in entity_service_call
    response_data = await _handle_entity_call(
                    ^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/src/homeassistant/homeassistant/helpers/service.py", line 942, in _handle_entity_call
    result = await task
             ^^^^^^^^^^
  File "/usr/src/homeassistant/homeassistant/components/update/__init__.py", line 157, in async_install
    await entity.async_install_with_progress(version, backup)
  File "/usr/src/homeassistant/homeassistant/components/update/__init__.py", line 428, in async_install_with_progress
    await self.async_install(version, backup)
  File "/usr/src/homeassistant/homeassistant/components/hassio/update.py", line 169, in async_install
    raise HomeAssistantError(f"Error updating {self.title}: {err}") from err
homeassistant.exceptions.HomeAssistantError: Error updating ESPHome: 'AddonManager.update' blocked from execution, no host internet connection

Tamsy · September 29, 2023, 11:55am

Have you disabled IPv6 with Home Assistant? If not, disable it:

Settings → System → Network → IPv6: Disabled

Within the IPv4-settings (above IPv6 settings) make sure the configuration for:

IP-Address
Gateway-Address
DNS-Sever

is set correctly to your LAN.

deanfourie · September 29, 2023, 11:58am

Thanks for the reply.

Yes I have disabled IPv6.

I should also mention that I have 2 NICs. One is for internet and LAN access the other for the IoT VLAN.

The IoT VLAN has no gateway and no DNS set so I would imagine its not trying to route next hop traffic through that interface as if has no gateway. Thought its worth mentioning.

Tamsy · September 29, 2023, 12:04pm

It certainly is.

It looks like AddonManager.update is trying to access the internet through that 2nd. NIC which has no gateway (thus no host internet connection) . I’m afraid I have to pass this on since I have never worked with an instance with two NICs

Addendum: Maybe this thread can help: HassOS with multiple network cards

deanfourie · September 29, 2023, 12:15pm

Ok, however in network settings, right at the bottom I have both adapters ticked, one with a star next to it that says “Default”, which is the correct adapter, the LAN adapter.

Interestingly, both have IPv6 addresses assigned too.

deanfourie · September 29, 2023, 12:17pm

Trying to understand what exactly this means.

Network adapter
Configure which network adapters integrations will use. Currently this setting only affects multicast traffic. A restart is required for these settings to apply

Should I disable my LAN adapter as no integration or any devices other the the HA instance itself uses this adapter?

Tamsy · September 29, 2023, 12:19pm

Look at ld9000’s post here. Looks promising.

deanfourie · September 29, 2023, 11:49pm

Weird,

Doesn’t help me as my IoT nic already doesn’t have a gateway therfore should no be routing traffic out via that nic.

Also, if I ssh into the vm, I can resolve just fine.

Tamsy · September 30, 2023, 1:19am

VM? Tell us more about your setup and installation method.

Based on the sparse information you have provided:

                  |-----> NIC 1 ---> Internet
Home Assistant OS |
                  |-----> NIC 2 ---> IoT (w/o internet)

Where does the VM comes into play?

According to ld9000’s post you also have to disable DHCP for that particular NIC within the host’s network configuration. Configure that NIC with a static ip-address and the subnet only. Nothing else.

deanfourie · October 1, 2023, 10:17am

Container running on Proxmox.

As for the host NIC, both are set static, the IoT NIC is setup identically to the NIC is HA.

IoT NIC on the HOST:

Static IP
Subnet Mask
NO gateway
NO DNS.

As for the LAN NIC on the HOST

Static IP
Subnet Mask
Static Gateway
Static DNS

ld9000 · December 24, 2023, 1:23am

Bit of a thread revive here, but I got sick of HASS completely freaking out and using the wrong NIC as the primary after reboots. Removing the gateway/DNS is no longer possible, HASS doesn’t allow you to do it. What did work however is momentarily disabling my IoT nic, waiting a few minutes for connections to establish on the “main” NIC, then turning the IoT NIC back on and hoping things continue to work properly.

The reason I had given my HASS instance (Which is a proxmox VM - HASS OS) is because some devices (namely Yeelight, or Xiaomi plugs - maybe others) do not respond to commands that come from it from an IP not in its local subnet. I am guessing this is some sort of “security” measure from internet hosts being able to command your lights/switches to do things due to an incorrectly configured port forward or similar.

I removed my HASS VMs second interface, then added a NAT rule on my firewall so all requests that go into my IoT VLAN appear to come via the router’s IP in that VLAN (which of course is in the same subnet a teh rest of my IoT Gear). So now I am able to address stuff in the IoT subnet without requiring a NIC on that subnet.

An insanely complicated workaround but at least now my devices won’t randomly stop working at the most inopportune of times.