Remote access - single URL setting: router with no NAT loopback, no DNS server customization

Greetings.

In the past, I managed to set up remote access for my Home Assistant OS using DuckDNS and LetsEncrypt. Since so, remote access has been working flawlessly with Home Assistant Companion on my Android phone, as long as I’m not connected to my home WiFi network in which case Companion would give me the classic can’t connect to Home Assistant error.
I finally decided to take the matter into hands and after watching multiple tutorials on Youtube and reading the following troubleshooting for Companion, I understood that I may need to set a single URL.
However, with my actual network setup I’m not sure how I should proceed and would like to ask knowledgeable/experienced members to share their wisdom.

My network setup is as follow:

  1. ISP gateway doesn’t have NAT loopback functionality neither allow DNS server customization
  2. WiFi router does have NAT loopback functionality and DNS server customization is possible
  3. WiFi router is set as a DMZ host of the DMZ network created by ISP gateway
  4. ISP gateway and WiFi router IP address are fixed
  5. WiFi router DHCP server functionality is set
  6. WiFi router is configured to provide a fix IP address to the WiFi camera and Rasbperry Pi
  7. WiFi router default gateway is set to be ISP gateway IP address

I’m open to any suggestion/remarks, could it be about how setting things up with my actual network configuration or how my network configuration itself should be revised.

Thank you in advance.

(not very knowledgeable) at the end of the day, it is the public ip address owner device to loop back out not. Your ISP router has the public address and when your local clients try to reach home assistant via external pubic ip address, it should handle this internally using NAT loopback, not your wifi router.

You should go with nginx add-on and reverse proxy option.

Perhaps adding AdGuard on your HA setup and using it as a DNS server would work? You can add custom DNS rewrites:

Thank you for your comment. From previous searches, I understood NAT loopback function is precisely what you described. :slight_smile:

I will look into that and give it a try.

Thank you for your comment. At first this is exactly what I planned to do but I didn’t know if with my network configuration it would work but I will give it a try.

Your other option is to use a proxy server, like NGINX, to handle SSL and remote access. Then you can use https://yourha.example.org/ remotely, and http://homeassistant.local:8123/ locally.

For a test, I installed AdGuard Home, configured a DNS rewrite, routed UDP port 53 to my HA machine and set my HA machine IP address as main and secondary DNS server on my WiFi router. After restarting both my WiFi router and HA machine, I was still able to access HA from my computer but I lost internet on all my devices. :neutral_face:
So I uninstalled AdGuard Home and tried with Dnsmasq: without changing my WiFi router settings, my internet was back and I was also able to connect to HA with my phone … for about 5 minutes?!
I do have a strong feeling that I’m may not be doing things properly :thinking: :woozy_face:

Thank for your comment. Excuse my ignorance but is your solution the same as the one suggested by fuatakgun? I would think they are not, as one is about “reverse proxy” and the other is “proxy server”.

Same thing, different words

Just a question, why are you routing port 53 and not setting your HA machine as the DNS server in DHCP?
There is also a bug in AdGuard, which requires you to perform a “save” in the supervisor’s configuration page before AdGuard starts listening on the proper IP. Until you do this, you’re actually indeed losing access to the internet from all your devices, since no dns resolution is performed.

Has anyone mentioned Nabu Casa?
That should be the easiest route, plus if everything else fails, or if everything else is deemed too much to setup/maintain, Nabu Casa could be a viable option.

This might not work for OP. Correct my if I’m wrong, but his problem statement being “not being able to connect to the HA from outside of the home network”, if I understand correctly:

So likely NAT loopback or DNS server are irrelevant here.

= = = =
But then, @misterobotique , could you help clarify / elaborate a bit on your setup? What’s the IP of your router? the IP of your gateway? the IP of your laptop and HA, and the configuration screen from your companion app, where the HA URL, Home WiFi SSID, Internal Connection URL, etc. are specified??
Also what are the DNS your laptop/PC would get from your DHCP server?

I indeed set my HA machine as the DNS server, or intended to do so by setting [my HA machine IP address as the main and secondary DNS server address on my WiFi router].

That explains why my test with AdGuard Home was unsuccessful.

I considered Nabu Casa solution and gave up when I realized it is not free.
I should have specified that I’m looking for a rather cost free solution. :slight_smile:

In fact, it’s the opposite :sweat_smile:
When using my phone, as long as I’m not connected to my home WiFi remote access works perfectly (via the Companion app). However, once I’m connected to my home WiFi and tried to access HA via the Companion app, it shows the error can’t connect to Home Assistant.

I will reply later today with more details regarding my network configuration.

If you happen to be using an OpenWRT compatible router it’s pretty easy.

In that case, you might want to edit / update / clarify the 1st post of this thread, with all the supporting info about your LAN network, and with boundary conditions (no cost solution, etc.)
The setup screen from your companion app would be key also. Do not omit any detail - otherwise the forum would have to guess and thus might not be helpful.

====
… or maybe… is it just me not understand these sentences…?

I was able to understand quickly but not sure if i have been lingering around too much or it was just clear :slight_smile:

Sorry for the delay.

I tried to summarize my network details as much as I can in the following picture (I omitted some devices on purpose for the sake of clarity).

Companion app on my Android phone is configured with Home Assistant URL set to my DuckDns address (https://_________.duckdns.org:8123/).

To reiterate my problem, when my phone is connected to my home WiFi network Home Assistant Companion can’t connect to Home Assistant and display the error message can’t connect to Home Assistant.

In order to solve this problem, I’m looking for a free solution and won’t mind reconfiguring my network, tweaking Home Assistant or both.

A reverse proxy is the simplest, and free, solution - if you’re using HAOS then the NGINX add-on is what you need.

It could be a quick config change. Like I said, the screenshot (which is still missing) of the setup screen in your Companion app is key. The information below is not enough.

Now,
If you use this address http://192.168.11.4:8123 from the browser of your PC, would you be able to connect to the HA? (Attention: use http, not https)
If you use the same address from the browser of your phone, when it is connected to your home wifi, would you be able to connect to HA?

If yes to both.
Grant location permission to your Companion app. Go into your Companion app, open the setup screen, plug in your Home Network WiFi SSID, and use http://192.168.11.4:8123 as your Internal Connection URL… and maybe play with the Prioritize Internal URL switch and see what works better.

If this works, then you don’t need AdGuard nor Dnsmasq, you don’t need nginx or any reverse proxy, and you don’t need to change your remote access setup (which is already working).

=== may or may not related ===

  1. You might want to change the DNS on your HAOS into 1.1.1.1 or 8.8.8.8.
  2. What’s the primary and secondary DNS, when you setup your DHCP server on your router? Or is your router only give you the option to enable / disable DHCP plus IP range? Note that, depends on your router, this DNS setup under DHCP may not be the same that your router would be using, which is your ISP Gateway.
  3. What exactly is/are the DNS server(s), that your PC obtains automatically?

My bad, as it is the only setting I changed I thought it would be enough.
Here is a capture of Companion settings (sorry, it’s all in Japanese).

I did the following test:

  • from my computer
    http://192.168.11.4:8123 : no access (ERR_EMPTY_RESPONSE)
    https://_________.duckdns.org:8123/ : no access (ERR_CONNECTION_REFUSED)
  • from my phone using the internet browser (when connected to my home WiFi network)
    https://192.168.11.4:8123 : access
    http://192.168.11.4:8123 : no access (ERR_EMPTY_RESPONSE)
    https://_________.duckdns.org:8123/ : no access (ERR_CONNECTION_REFUSED)
  1. By default, the router LAN IP address but but it seems they can be manually configured.

  2. 192.168.11.1

I happen to know a little bit Japanese :slight_smile:

This works? That’s good news. I do not know how you handle certificate from inside your LAN, but if this works, then:
(a) plug in your home wifi SSID into this Home Network WiFi SSID
(b) use https://192.168.11.4:8123/ in the next field, the 内部接続のURL
(c) disable AdGuard and DNSmasq (at least for now) and don’t touch the DNS settings under DHCP just yet.
(d) test around. test the switch of 内部URLを優先 and see which works better.

What were the odds I encounter someone who also understand Japanese on my first post! :open_mouth:

I followed your instructions to the letter and … I’m sorry to report that it didn’t work.
I may have omitted an important information in my previous reply :no_mouth:
I managed to access HA with my phone via https://192.168.11.4:8123 but after I ignored a certificate error message from Chrome.