Remote Access stopped working overnight

nunopicado · March 2, 2024, 11:38am

Hi people.
I realize this question has been asked many, many times (I probably read them all looking for a solution), but I couldn’t fix it and I’m stuck, so I’m looking for help of those who know more about this.

I have a HA server for about 1.5 years, and it worked flawlessly up until last December. When I set it up, I followed some tutorials and manage to install it on an old computer, having a DuckDNS address (managed by the Duck DNS addon) and HTTPS configured with the Let’s Encrypt add-on. I even managed to have it run as a DNS home server, with the Dnsmasq addon.
I also have a wall panel on an old Samsung android tablet with the app and FullyKiosk. I also accessed the system in several other ways: home computer via browser, work computer via browser, cell phones via App. All working fine using my DuckDNS address.

Last December I woke up and noticed the wall panel wasn’t connecting to the server. My wife and kid also complained their cell phone was the same. My home computer and cell phone were working fine, but work computer also failed.

After some analysis, it became clear the problem was widespread, and the only reason my cell phone and home computer were working (while on my home wifi) was because I was using the HA server IP as DNS server. Using any other DNS would also not connect.
The problem seems to be related with SSL. Using the local IP with HTTP seems to work fine on the home computer, even with other DNS server.

I’ve tried several things, including forcing the generation of a new SSL, removing every SSL configuration (to try to access remotely without meddling with SSL), restoring them again, removing the dnsmasq addon, and lastly, I installed NGINX Home Assistant SSL Proxy, just to check if anything happened (to be honest, I don’t know what this addon was supposed to do). Nothing changes.
At a point I even replaced the server for newer hardware, as I thought maybe the old one was having trouble keeping up with everything. Nothing.

My configuration YAML has just this:

http:
  base_url: https://<myhost>.duckdns.org:8123
  ssl_certificate: /ssl/fullchain.pem
  ssl_key: /ssl/privkey.pem

And when I try to access my server via my cell phone browser, this is what I get:

Couldn’t reach this site.
The web page at https://.duckdns.org:8123/auth/authorize?response_type=code&redirect_uri=https%3A%2F%2F.duckdns.org%3A8123%2F%3Fauth_callback%3D1&client_id=https%3A%2F%2F.duckdns.org%3A8123%2F&state=eyJoYXNzVXJsIjoiaHR0cHM6Ly9oYXBpY2Fkby5kdWNrZG5zLm9yZzo4MTIzIiwiY2xpZW50SWQiOiJodHRwczovL2hhcGljYWRvLmR1Y2tkbnMub3JnOjgxMjMvIn0%3D may be temporarily inactive or could have been permanently moved to a new web address.
ERR_FAILED

Does anyone has any thoughts on what may be the issue?

francisp · March 2, 2024, 11:58am

1/ Check if your port is still open

2/ check if your duckdns address still points to your ip

nunopicado · March 2, 2024, 12:05pm

Hi, thanks for the help.
Yes, my DuckDNS is still pointing to my external IP, and the port is still open.
When I try to connect remotely, HA page shows up and the “Loading Data” message is shown, and only then the error appears.
On some browsers the error is “Connection refused”, others present it as “Could not connect”, but the Loading Data message usually appears, meaning it is reaching the server at least.

I’ve also tried my previous router (I have a new router for about a year, so the old one was still configured to reach the HA) to no avail.

Curiously, on the website you linked, the port appears as closed. What could it mean?

nunopicado · March 3, 2024, 3:57pm

Well, here’s an update for my problem.
@francisp was right, it was a port opening problem.
My router is configured correctly, but my ISP started using CGNAT on my service, which meant my public address is not what my router sees.
As for the “loading data” HomeAssistant message, must’ve been a cache issue, I have no other explanation for it to show up when the port was not reaching the destination.

So how did I solve it (since my ISP showed no interest in fixing the problem they caused themselves)?
I bought a cheap domain name on the internet and using a free CloudFlare account, I set up a tunnel between that domain name and my HomeAssistant server (there’s a CloudFlare add-on that made this work effortlessly).
This was based on this video I found on YT: How I Access Home Assistant Anywhere! No Real IP, No Problem! | CloudFlare Tunnel

I have no remote access through that domain name.
Let’s see if this solution is permanent.
Thank you for your time.