Migrated to HA OS this weekend - help with LAN access?

Came off a NUC i3 / Debian 11.x Buster / Docker container / formerly hass.io system. Took a full/complete HA backup from the GUI, and pulled it off to another machine for backup. Started with a completely new/blank/empty Samsung m.2 NVME SSD, and used Balena Etcher to write the HA OS 10.1 image for generic X86_64 to it. This then booted just fine, using DHCP for the IP address (more to come on that) and homeassistant.local for the DNS node name. Used the CLI to set a static/manual IP address, DNS servers, and gateway. Used the CLI to set the DNS node name. Performed a host reboot to see what survived, and was relatively happy.

Until… I tried to hit the HA server from within my local LAN. Nope, it loads the initial screen, then says it cannot complete loading. Turning off local wi-fi on my phone resulted in the iPhone HA Companion app working just fine. So I know outside secure connections using DuckDNS and LetsEncrypt are working as expected. Unfortunately, phone screens are just not the best for updating and configuring anything. And without SSH into the system, I’m not certain what IS the best tool for troubleshooting and correcting.

Router details: Asus AX router running Merlin release 388.2_2. Hairpin NAT / NAT loopback is available and active. NUC has a static 192.168.1.35 address on my LAN. Router has a route setup for the external WAN port and internal LAN port. DuckDNS has the correct/current external IP address. As mentioned, HA Companion app on iPhone (wifi off) works great. So I know the vast majority of settings are correct, because the certificates and app are working. But no GUI connectivity from within my LAN.

Any and all ideas are greatly appreciated!

Turn off wifi on the nuc.

Also, hairpin is bad.

Wifi on the NUC is disabled in BIOS, has been for years.
What about NAT loopback is supposed to be bad?

It sounds like there may be a problem with resolving a local hostname. If so, you might find the answer here:

https://community.home-assistant.io/t/homeassistant-os-cant-resolve-local-hostname/499741

Some things to check:

The default local hostname is homeassistant (no ‘.local’). If all is working, you should be able to access your overview dashboard with homeassistant.local:8123. If not, try using 192.168.1.35:8123 until you get things straightened out.

The IP Address/Netmask should be 192.168.1.35/24, and should appear that way when using the CLI.

→ ~ ha network info

There is no “supposed to be”.

It is bad.

The list of reasons why is long.

You can always load your ha via the local IP.

http://IP:8123

Thank you for that explanation and link. Looks like something I should research and use to debug.
I noticed some other posts about using the nmcli command. Do you think that might also be relevant?

Tried that, it’s not working AT ALL.

I’ve never needed to use nmcli, but it might help you troubleshoot what’s wrong. This command will give you a fairly comprehensive network device configuration status:

→ ~ nmcli device show

My speculation about being a problem with resolving a local hostname is just a guess. I would take @exx seriously and see what disabling the NAT reflection may have done. It may limit you to using a fully-qualified domain name and perhaps encryption to access a local resource.

I’ve NOT disabled NAT loopback / reflection / hairpin, simply because there is no GUI option available to enable/disable it. It is enabled by default in the rMerlin firmware.

I originally DID disable the wireless module in my NUC a long, long time ago, because it’s hardwired and would never be using WiFi.

I’m currently asking at SNBforums regarding NAT loopback. Specifically, Linux shell commands to enable and disable it.

Understand.

Have you tried the GUI with a different browser? Do you have any browser add-ons? If so, disable them and refresh and/or clear the cache (ctrl F5 usually works for me). Also, the browser interface is http which requires permitting the browser to use it.

I’m running out of ideas.

If he has configured a certificate, then internal access will also be via https, not http.

Additionally,the host name will need to match the cert or mobile devices will throw a fit.

Yup; good points. Keith already has experience with HA and he mentions secure connections are functional.

Perhaps he should get a clean image and start by onboarding using the local LAN before restoring integrations and add-ons piecemeal. It’s something I’ve reverted to when I had some intractable issue.

Yes so try https://IP:8123

Usually just a “certificate does not match” error, which you can click past.

Not with the companion app, it’s not…

I didn’t realise that.

Definitely tried alternate browser. Normally use Firefox for most things. Tried Chrome, similar negative results. I’m definitely out of ideas at this point. Debian 11 with Docker containers never had this problem. Unfortunately, HA OS seems to have the problem. Thought there might be some tweaks I had not seen or read, but that does not seem to be the case. I’m definitely scratching my head.

Also want to thank @exx and @nickrout for their input. Much appreciated. Quite a frustrating issue.

I’m wondering if there might be some incompatible DNS server or proxy built into the HA OS that is disagreeing with my router’s NAT loopback functionality. Sometimes the tiniest little difference causes the largest difficulty.

I’d still try a basic installation of HA and see if it works with your router. If it doesn’t work, then I’d suspect the router.

You probably know this already, but should you ever decide to change routers, there are some very good open-source software-defined routers that load onto modest, small form factor x86 hardware. Some have built-in utilities for troubleshooting network issues.

Best of luck.

Tuesday evening I added a dnsmasq assignment for the NUC’s DNS name and IP address to my router. Rebooted the router to insure the assignment was persistent. Pings to the DNS name are correctly directed to the internal LAN IP address. Whatever is not working is definitely on the HA OS side. Will do more digging tonight.

Sonovabatch, that seems to have resolved the issue. If that wasn’t it, I don’t know what else may have changed, because that’s the ONLY configuration change I made, and it was on the router, not the HA system.

I’m surprised using 192.168.1.35:8123 didn’t work. Very strange, but glad it’s working.