No Internet in HA?

deanfourie · August 10, 2023, 10:35pm

as requested, ha network info

[core-ssh ~]$ ha network info
docker:
  address: 172.30.32.0/23
  dns: 172.30.32.3
  gateway: 172.30.32.1
  interface: hassio
host_internet: false
interfaces:
- connected: true
  enabled: true
  interface: ens19
  ipv4:
    address:
    - 172.16.102.1/27
    gateway: null
    method: static
    nameservers: []
    ready: true
  ipv6:
    address:
    - fe80::84e0:ec07:ca7a:eda2/64
    gateway: null
    method: disabled
    nameservers: []
    ready: true
  mac: 02:5A:80:90:6A:5B
  primary: false
  type: ethernet
  vlan: null
  wifi: null
- connected: true
  enabled: true
  interface: ens20
  ipv4:
    address:
    - 172.16.103.10/28
    gateway: null
    method: static
    nameservers: []
    ready: true
  ipv6:
    address:
    - fe80::b713:120:8093:4ed5/64
    gateway: null
    method: disabled
    nameservers: []
    ready: true
  mac: 0A:A0:5A:40:23:0F
  primary: false
  type: ethernet
  vlan: null
  wifi: null
- connected: true
  enabled: true
  interface: ens18
  ipv4:
    address:
    - 172.16.101.3/27
    gateway: null
    method: static
    nameservers: []
    ready: true
  ipv6:
    address:
    - fe80::9494:92f0:b4eb:7597/64
    gateway: null
    method: disabled
    nameservers: []
    ready: true
  mac: 0A:79:F8:45:51:1E
  primary: true
  type: ethernet
  vlan: null
  wifi: null
supervisor_internet: true

FriedCheese · August 10, 2023, 11:10pm

You don’t have a DNS server set in HA.

ipv4:
    address:
    - 172.16.101.3/27
    gateway: null
    method: static
    nameservers: []
    ready: true

deanfourie · August 10, 2023, 11:13pm

See attached,

FriedCheese · August 10, 2023, 11:17pm

I would try switching to DHCP and back.

Regardless of what the UI is showing, that DNS server doesn’t appear to be set based on the ha network info command. That would explain why you’re only seeing traffic to your gateway.

deanfourie · August 10, 2023, 11:20pm

Yes, thats what it look like to me too.

I will try switch to DHCP and back.

paddy0174 · August 10, 2023, 11:37pm

Do you advertise your DNS server via your router? I have the HA settings on “auto” but do advertise the IP of the DNS server via the router. HA picks up on that and has them listed under nameservers (ha network info).

deanfourie · August 10, 2023, 11:38pm

Sorry, when you say “advertise” DNS are you referring to DHCP?

paddy0174 · August 10, 2023, 11:42pm

Yes. Can you set that in your router (or at the DHCP server)?

deanfourie · August 10, 2023, 11:44pm

Yes, the DNS server is issued via DHCP.

deanfourie · August 10, 2023, 11:47pm

ha network info after setting DHCP.

[core-ssh ~]$ ha network info
docker:
  address: 172.30.32.0/23
  dns: 172.30.32.3
  gateway: 172.30.32.1
  interface: hassio
host_internet: false
interfaces:
- connected: true
  enabled: true
  interface: ens19
  ipv4:
    address:
    - 172.16.102.1/27
    gateway: null
    method: static
    nameservers: []
    ready: true
  ipv6:
    address:
    - fe80::84e0:ec07:ca7a:eda2/64
    gateway: null
    method: disabled
    nameservers: []
    ready: true
  mac: 02:5A:80:90:6A:5B
  primary: false
  type: ethernet
  vlan: null
  wifi: null
- connected: true
  enabled: true
  interface: ens20
  ipv4:
    address:
    - 172.16.103.10/28
    gateway: null
    method: static
    nameservers: []
    ready: true
  ipv6:
    address:
    - fe80::b713:120:8093:4ed5/64
    gateway: null
    method: disabled
    nameservers: []
    ready: true
  mac: 0A:A0:5A:40:23:0F
  primary: false
  type: ethernet
  vlan: null
  wifi: null
- connected: true
  enabled: true
  interface: ens18
  ipv4:
    address:
    - 172.16.101.21/27
    gateway: 172.16.101.1
    method: auto
    nameservers:
    - 172.16.101.5
    ready: true
  ipv6:
    address:
    - fe80::9494:92f0:b4eb:7597/64
    gateway: null
    method: disabled
    nameservers: []
    ready: true
  mac: 0A:79:F8:45:51:1E
  primary: true
  type: ethernet
  vlan: null
  wifi: null
supervisor_internet: true

And yet,

FriedCheese · August 11, 2023, 12:00am

I’m wondering if having multiple interfaces is the issue. I would presume not since the one with DNS configured is marked as primary.

Alternatively, you could try disabling blocking in piHole temporarily and see if the add-on install will work. Or just look at the log query to see if anything is being blocked.

deanfourie · August 11, 2023, 12:11am

The strange thing is, some things work, some don’t.

For example, I’m running a CF tunnel, which connects everytine without issue. Now for this tunnel to connect it obviously needs to resolve the hostname for the server, this happens without issue.

Also, I can browse HACS, browse the add on store etc.

Just cant install add-ons and updates.

paddy0174 · August 11, 2023, 1:34am

I normally don’t do that, but in this case I hope it’s ok.

@CentralCommand You might be more familiar with this, can you shed some light or offer some tips? Thank you very much!

francisp · August 11, 2023, 2:16am

tried this ?

ha dns options --servers dns://172.30.32.3
ha dns restart

deanfourie · August 11, 2023, 2:33am

I tried

ha dns options --servers dns://172.1.101.5

deanfourie · October 10, 2023, 10:59am

This is still an issue for me.

I have confirmed that my host, and the VM (as in debain itself) can ping and resolve DNS without any issues.

Its just HA that doesnt like something.

Is HA ok behind piHole? Becuase thats the only thing that could be messing up/blocking DNS request. Other then that, IDK why it will not led me update / browse HACS / update HACS addons with my current manual DNS servers set. Again, I can ping from within debain itself so I know its not something hapening at host level / on proxmox.

I have been trying to solve this for so long now.

FriedCheese · October 10, 2023, 12:48pm

It should be OK behind piHole, but that would really depend on the blocklists you are using.

Have you tried temporarily disabling blocking in piHole to see if that resolved your issue?
Have you monitored the query log in piHole while trying an update to see if any DNS requests are being blocked?
Have you tried disabling the other interfaces in HA to check for a weird split routing issue?

deanfourie · October 11, 2023, 10:59am

I’ve tried everything.

Disabling PiHold didn’t help, can also see that it is not blocking anything.

Here’s the thing, I block everything outbound, and allow 443 out.

Even with my DNS set static, I see DNS queries to 8.8.8.8:53 blocked by my firewall. Why?

But still, I am seeing connection errors in the logs for api.home-assistant.io:443 and others. Why? I can browse the internet etc using 443.

This is not making sense.

When I disable the block all firewall rule, it connects just fine.

deanfourie · October 24, 2023, 11:09pm

With DNS now working, I am still unable to update anything in HA unless disabling the block all firewall rule.

deanfourie · October 24, 2023, 11:09pm

What ports are required for HA to install updates etc.