MQTT - why 172.30.32.1 gets connected?

Hi everyone,

I am trying to get my alarm panel to interface with Hassio. So far I think I have configured the thing correctly but I kept seeing logs like this on Mosquitto’s logs

1520748445: New connection from 172.30.32.1 on port 1883.
1520748445: New client connected from 172.30.32.1 as caabc404-b113-452d-b9f2-ad54c64e5171 (c1, k60, u’homeassistant’).

Would like to know what are these connections? I am on a Class C network so everything should be 192.168.x.xx.

Appreciate some insight.

Thanks

172.0.0.0/8 is used by Docker’s internal networking and HASS.IO is using Docker. This could be an reason.

You can use “docker network ls” to identify the software defined networks and “docker network inspect (network name)” to get insights on IP range etc.

2 Likes

Thanks mate.

This is what I have on my configuratio.yaml

mqtt:
  broker: 172.17.0.1
  port: 1883
  username: mqttbroker
  password: j4222949

and on mosquitto, this is what I have:

{
  "plain": true,
  "ssl": false,
  "anonymous": false,
  "logins": [
    {
      "username": "mqttbroker",
      "password": "j4222949"
    }
  ],
  "customize": {
    "active": false,
    "folder": "mosquitto"
  },
  "certfile": "fullchain.pem",
  "keyfile": "privkey.pem"
}

Is the settings right?

Your response exposes your password and does not correlate to my initial answer. You were asking on client connections to your MQTT server and I said that the logged IP could probably the internal IP of a Docker container that is controller by HASS.IO .

Thanks. Just wanted to post my config to see if there are any obvious errors.

Not too concern with exposing the password because that password as shown is for testing only.

I think I’m having a similar issue that I don’t know how to resolve. I have a client cover-type sensor running on a NodeMCU. It is set up on a static IP address. When I start the client, I see it connect to the network. Here are the messages showing up on the serial output screen:

Connecting to [MyNetwork] requesting IP 192.168.1.50
Wi-Fi mode set to WIFI_STA
scandone
. WiFi connected - IP address: 192.168.1.50
setting MQTT message callback…
completed setting MQTT message callback…
Attempting MQTT connection…pm open,type:2 0
failed, rc=-2 try again in 5 seconds
Attempting MQTT connection…failed, rc=-2 try again in 5 seconds

It never connects to the HA broker. Just keeps looping.

When I checked the Mosquitto MQTT add-on log file, I see the following:
1531179460: mosquitto version 1.4.15 (build date 2018-03-04 15:35:59+0000) starting
1531179460: Config loaded from /etc/mosquitto.conf.
1531179460: Opening ipv4 listen socket on port 1883.
1531179460: Opening ipv6 listen socket on port 1883.
1531179460: Warning: Mosquitto should not be run as root/administrator.
1531179460: New connection from 172.30.32.1 on port 1883.
1531179461: Socket error on client , disconnecting.
1531179461: New connection from 172.30.32.1 on port 1883.
1531179461: New client connected from 172.30.32.1 as 2a4849d7-3749-4b59-ba49-2e26f3f862a9 (c1, k60, u’MyUserName’).

There are several things I don’t understand.

  1. I don’t understand what I should do to eliminate the warning about Mosquitto running as root/administrator.
  2. I don’t understand why the new connection connects, then gets a socket error, then immediately reconnects successfully.
  3. I don’t understand why it is connecting to address 172.30.32.1 instead of the static IP address that I assigned to the client. Is this because of Docker? I want the MQTT broker to connect with the client’s static IP address, not the 172… address. Otherwise, the broker and the client refuse to talk to each other. How can I force the HA MQTT broker to connect to the static IP address I have designated?

(It did originally connect with the static IP address, and I had MQTT exchanging info nicely. Then the next thing I know, it started using this other IP address. I’m not sure what I changed.)

I will greatly appreciate any help anyone can provide.

Typically this is caused by client IDs being the same on one or more clients. That freaks MQTT out.

Anything that is not directly connected into the Docker network (host or other docker containers) have no idea what 172.x.x.x is or how to reach it. It simply doesn’t work like that. The devices outside of the docker world do not know of any 172.x.x.x existence.

That’s not how MQTT works. You don’t connect to the client, the client connects to the broker.

Thanks for the replies. Here’s what I still don’t understand. My client is on a static IP address on my internal network. In my case, the client IP is 192.168.1.50. I see it join my network and get connected via wi-fi. I can see it on that IP address via Fing. It attempts to connect to my MQTT broker, which I have running as a hassio add-on on a pi3. The pi3 also has a static IP address in the same network range. On the client side, I’m getting “Attempting MQTT connection…pm open,type:2 0. failed, rc=-2 try again in 5 seconds.” But on the broker side, when I go to hassio and look at the MQTT log, it says “New client connected from 172.30.32.1 as 662df215-dff5-47d4-9e56-d737d55c5213 (c1, k60, u’********’).” This connection is clearly the one my client is attempting, because the user ID is showing up correctly (I replaced it with asterisks here). The broker seems to think the client connected, but with a different IP address. Why or how is that client IP address getting changed from the actual static IP address of the client to this other bogus 172… number?

Sorry if this is a noob question. I’m new to MQTT.

I bet this is the docker network IP of your host. Your host is pseudo acting as a NAT for your docker network.

This isn’t an MQTT issue, but a docker/hassio “side effect”. I’m leaning towards hassio. My docker MQTT broker displays the actual IP address.

Verify your client IDs are all unique though. Including the one home assistant uses to connect to the broker.

I only have the one client I’m trying to connect. So multiple clients are not an issue. My client ID is “garagedoor”.

When you say to make sure the ID that home assistant uses to connect to the broker is also unique, is this the one designated in the hassio configuration file? Or is it an ID referenced somewhere else? I tried to follow the hassio MQTT documentation and examples that said to code as follows:
mqtt:
broker: core-mosquitto
username: redacted
password: redacted

I don’t know what address the “core-mosquitto” resolves to. Do I need to change that to something unique?

client_id
(string)(Optional)The client ID that Home Assistant will use. Has to be unique on the server. Default is a randomly generated one.

hassio knows how to resolve it. It is resolving to the mosquitto docker container that is running alongside home assistant within hassio.

I figured out my trouble, so I’m posting the resolution in case anyone else finds it useful…

My wifi seemed to quit working on my raspberry pi, so I switched over to an ethernet connection. However, I forgot that the hassio/resin os requires you to configure the type of connection you are using. Once I updated the connection type in the resin file, everything worked beautifully.

1 Like

Hi, can you explain exactly the solution?

If your password contains “@” character, DELETE IT!!!
took me 2 days…

1 Like

Hi, im getting this error:
23-01-13 16:54:24 ERROR (MainThread) [supervisor.api.ingress] Ingress error: Cannot connect to host 172.30.33.1:8099 ssl:default [Connect call failed ('172.30.33.1', 8099)]

Running a fresh install on OVA Virtual machine but cant figure out how to solve this.
any help appreciated

I ran into this problem, and fortunately I figured out the root cause. It’s because the watchdog is turned on, and HA use 172.x.x.x to check if mosquitto is still alive. It’s not an issue at all, but if you want to eliminate the message, simply turn off the watchdog.

2 Likes