OpenWRT Luci Device Tracker: need more specific info on error

michielrutjes · January 2, 2017, 2:15pm

Hey all. I’ve been setting up HA over the last couple of weeks and I’ve come up with an issue I haven’t been able to resolve. I’d like to include my OpenWRT Luci router into HA for presence detection, but so far I’m unsuccessful. I was able to install the luci-mod-rpc package on the router, and added this to the configuration.yaml:

device_tracker:
  platform: luci
  host: 192.168.1.1
  username: my_user_name
  password: you_dont_need_to_know_ofc

The only thing the log-file is reporting is:

17-01-02 15:01:22 homeassistant.components.device_tracker: Error setting up platform luci

Is there a way to find out more specifically what’s not working? Or does anyone have an idea what I should do? Thank you very much!

Michiel

michielrutjes · January 7, 2017, 9:53pm

Haven’t had any luck so far finding a solution, so shamelessly replying to my own post to bump this question. Sorry

bluenote73 · January 20, 2017, 3:39am

I need help on this [ssl certificate error] too, did you get it working?

michielrutjes · January 20, 2017, 8:46am

Nope, didn’t get it working so far. It also looks like you’re having a different problem. In the end I switched to MQTT/Owntracks and Nmap for device tracking and I’m considering adding an BLE Beacon in my house which should be more accurate anyway But let me know if you get things working with Luci!

benaranguren · January 20, 2017, 10:46pm

I had issues with SSL as well so I opened port 80 but only within my LAN.

You can enable port 80 by adding this line in /etc/config/uhttpd.conf.
option listen_http ‘192.168.1.1:80’

Please be aware that this is not the right way to fix this since you’ll be exposing an unencrypted interface on your router. But since it’s only accessible in my LAN, I fine with it.

bluenote73 · January 21, 2017, 1:52am

Thanks for weighing in! After adding this (and confirming I can access the router via http) I still get the same old ssl_certificate error. I don’t suppose you recall further steps you had to take?
thanks

benaranguren · January 23, 2017, 2:46pm

In fact I do. I just did this yesterday again.

Have you tried accessing port 80 when you are in the same network as your router?

After you edit uhttpd.conf, did you restart uhttpd service?

bluenote73 · January 24, 2017, 11:14pm

Actually I was always able to access port 80 on the router, the default config for me was 0.0.0.0:80 enabled, bu I added the specific interface as you suggested as well. I’ve been through multiple reboots since. I still get this:

17-01-24 15:10:49 homeassistant.components.device_tracker: Setting up device_tracker.luci
17-01-24 15:10:50 homeassistant.components.device_tracker: Error setting up platform luci
Traceback (most recent call last):
File “/usr/lib/python3.6/site-packages/urllib3/connectionpool.py”, line 594, in urlopen
chunked=chunked)
File “/usr/lib/python3.6/site-packages/urllib3/connectionpool.py”, line 350, in _make_request
self._validate_conn(conn)
File “/usr/lib/python3.6/site-packages/urllib3/connectionpool.py”, line 835, in validate_conn
conn.connect()
File “/usr/lib/python3.6/site-packages/urllib3/connection.py”, line 323, in connect
ssl_context=context)
File "/usr/lib/python3.6/site-packages/urllib3/util/ssl.py", line 324, in ssl_wrap_socket
return context.wrap_socket(sock, server_hostname=server_hostname)
File “/usr/lib/python3.6/ssl.py”, line 401, in wrap_socket
_context=self, _session=session)
File “/usr/lib/python3.6/ssl.py”, line 808, in init
self.do_handshake()
File “/usr/lib/python3.6/ssl.py”, line 1061, in do_handshake
self._sslobj.do_handshake()
File “/usr/lib/python3.6/ssl.py”, line 683, in do_handshake
self._sslobj.do_handshake()
ssl.SSLError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:749)

Thanks for any advice you can suggest

benaranguren · January 24, 2017, 11:52pm

It looks like it’s still going to port 443 instead of port 80. Can you post your /etc/config/uhttpd and how you defined luci in configuration.yaml?

Maybe uhttpd is forwarding all traffic to port 443.

benaranguren · January 24, 2017, 11:56pm

Also, compare your output of curl when accessing the router: Mine looks like this:

pi@raspberrypi:~ $ curl http://192.168.1.1

<?xml version="1.0" encoding="utf-8"?> LuCI - Lua Configuration Interface pi@raspberrypi:~ $ curl https://192.168.1.1 curl: (60) SSL certificate problem: self signed certificate More details here: http://curl.haxx.se/docs/sslcerts.html

curl performs SSL certificate verification by default, using a “bundle”
of Certificate Authority (CA) public keys (CA certs). If the default
bundle file isn’t adequate, you can specify an alternate file
using the --cacert option.
If this HTTPS server uses a certificate signed by a CA represented in
the bundle, the certificate verification probably failed due to a
problem with the certificate (it might be expired, or the name might
not match the domain name in the URL).
If you’d like to turn off curl’s verification of the certificate, use
the -k (or --insecure) option.

bluenote73 · January 25, 2017, 12:19am

Thanks so much for the help. Here’s the data:

device_tracker:

platform: luci
host: 192.168.10.1
username: root
password: ******

config uhttpd ‘main’
list listen_http ‘0.0.0.0:80’
list listen_http ‘[::]:80’
list listen_https ‘0.0.0.0:443’
list listen_https ‘[::]:443’
option redirect_https ‘1’
option home ‘/www’
option rfc1918_filter ‘1’
option max_requests ‘3’
option max_connections ‘100’
option cert ‘/etc/uhttpd.crt’
option key ‘/etc/uhttpd.key’
option cgi_prefix ‘/cgi-bin’
option script_timeout ‘60’
option network_timeout ‘30’
option http_keepalive ‘20’
option tcp_keepalive ‘1’
option ubus_prefix ‘/ubus’
option listen_http ‘192.168.10.1:80’

config cert ‘defaults’
option days ‘730’
option bits ‘2048’
option country ‘ZZ’
option state ‘Somewhere’
option location ‘Unknown’
option commonname ‘LEDE’

Oddly, I get no response from curl at all, it either just hangs, or returns nothing. I think that’s probably diagnostic, but there’s a chance there’s something else going on.

Now that you’ve brought up the uhttpd file, the ‘option redirect https’ set to 1 jumps out at me … should I change that to 0?

thanks for the help

EDIT: Curl https output is similar to yours

EDIT2: SUCCESS! Thank you so much! I changed the option redirect https option to 0, and curl was then able to get a response as you detailed. And HA does appear now to be showing items as present or not! Thank you!

tdwhbp · February 28, 2017, 10:21am

for the less tech adept with LEDE or openWRT I found that installing luci-app-uhttpd very helpful under advanced settings it has settings that help fix the issue
this thread helped me. thank you