I performed JuanMTechs remote access steps. (https://www.juanmtech.com/hassio-duckdns-add-on-set-up/) Now I cant log on locally, and when I use my duck address, it goes to my router’s login page instead of the home assistant control page. Any advice? I’m not a techy…this set up is frustrating. I’m locked out! I think I got the router config’d right. I have a static IP for the raspberry Pi address. I have the port forwarding as listed. As far as I know I have all the coding right. I followed all the directions listed in order as written.
It was after Step 4, the last step, I got locked out.
Any advice or comments of course are appreciated.
That’s usually what happens when the port forwarding has NOT been done right. Can you make a screenshot of the part of the router config where you have done this?
Hi Daniel,
Here’s a shot of the router settings. The crossed out IP adresses are the same: the address of the raspberry pi.
Any suggestions are greatly appreciated.
And’s here’s the static IP:
The crossed out IP is again the ID for the raspberry pi, and the crossed out MAC is the raspberry pi MAC.
Lastly, should I set up the DDNS on the router to yes? Currently it is off (no). If I click to add yes, this is what it looks like:
I would need to know what to put in the server and hoset names, I assume the username is what I registered with Duckdns, and the key is from their website?
I’m not sure that you are actually accomplishing what you think you are…
You say you need help “securing” your HA.
Duckdns doesn’t secure anything. The only thing it does is simply allows you to use a domain name to access your public IP address instead of needing to put in the IP address itself. And it also provides a means to keep your DNS address in sync with your public IP address if it ever changes.
Letsencrypt does give a little bit of security by preventing others from eavesdropping on your traffic when out in public and accessing your HA controller. All it does is prevents someone from easily listening in on your traffic and obtaining your password. That’s it.
Ultimately, If someone finds your open port on your router (which is apparently fairly easy and common) all they need to do is then try to crack your password (assuming you have a password set).
It is a common misconception that DuckDNS and letsencrypt provides some special security that it actually doesn’t. I was under the same misconception for a long time.
If you still want to secure your set up using the above at least (besides a password) you should enable the ip_ban and set the threshold pretty low (3 to 5 max?).
There are other options for a securing your set up for outside access. I personally started using a VPN (PiVPN) a few weeks back and feel that it provides a decent level of security.
As far as the DDNS setting on your router that won’t work for DuckDNS. If you look at the server name it’s using a DNS provided by dyndns.com. Which is completely different than duckdns.org.
hiding your internal, private, nonrouteable IP addresses doesn’t do anyone any good. Nobody can hack your network with your internal IP addresses.
Don’t mess with the DDNS on your router if you are using DuckDNS
Try disabling 'Remote access to configuration" or something similar in your router’s settings.