Remote connection through DDNS

che · April 14, 2022, 8:49am

Hello everyone, I’m having trouble with configuring remote access to my home assistant with Duck DNS. Prior to tinkering with home assistant I didn’t even know what a home network was, so please bear with me if I make beginner mistakes…

Some basic info:

Running on Raspberry Pi 4
Downloaded and installed from Raspberry Pi - Home Assistant with Balena Etcher
Connected via ethernet cable to a D-Link router (internet comes from a SIM inserted into the router)

To my understanding, I need to do the following steps to set up remote access:

Create a new DuckDNS account and get my token & host name
Install the Duck DNS add-on in HASS
Configure the add-on as follows:

aliases: []
domains:
- xxxxxxxxxx.duckdns.org
lets_encrypt:
accept_terms: true
algo: secp384r1
certfile: fullchain.pem
keyfile: privkey.pem
seconds: 300
token: 08xxxxxxxxxxxxxxxxxxxxxxxx4ec

Set up port forwarding on my router as follows:

Protocol: TCP/UDP (both)
NAT Loopback enabled
Public port: 443 (so that all public connections via https:// will be redirected)
Private IP: 192.168.0.xxx (this is the IP address of my RPi)
Private port: 8123 (so that the public https:// connection is forwarded to internal port 8123)

Update configuration.yaml with the following:

homeassistant:
external_url: https://xxxxxxxx.duckdns.org
internal_url: http://homeassistant.local:8123

Error:
I attempted to access my home assistant instance via the url https://xxxxxxxxx.duckdns.org on my mobile device through 4G data and got a connection timeout error. No issues when it comes to accessing home assistant on the same WiFi/ethernet.

Narrowing down the problem:
I’m unable to get any error logs from RPi (Configuration > Settings > Logs) which suggests that it is not an issue with the Home Assistant installation blocking incoming connections. I’ve configured configuration.yaml with the below code just in case as well.

http:
use_x_forwarded_for: true
trusted_proxies:
- 172.30.33.0/24 #Remote LAN
- 192.168.0.xxx #Your Home assistant IP only
ip_ban_enabled: true
login_attempts_threshold: 5

Could the problem lie in my port forwarding configuration? Or perhaps there’s another possibility. On the home assistant documentation, they’ve stated that

If you cannot access your Home Assistant installation remotely, remember to check if your ISP provides you with a dedicated IP, instead of one shared with other users via a CG-NAT.

I was unable to figure out how to check for this. However, it seems that shared IPs are common nowadays, so this may be the problem I’m facing.

If there were any errors in my configuration, please kindly point them out.
And if my IP is not a dedicated one, what are my options? Should I get a dedicated IP address or purchase Nabu Casa cloud? Or is there some alternative (e.g. OpenVPN, proxy server) for this?

Thank you so much,
Chris

Arh · April 14, 2022, 10:01am

Just a guess

external url needs xxxx.org:8123 and internal needs https://xxxxxx

che · April 18, 2022, 8:29am

Tried those, doesn’t seem to work…

taste · April 18, 2022, 8:57am

@che The config external port 443 internal port 8123 is correct. However I think you have not setup your homeassitant with secure connections Does this work from your internal network?
https://homeassistant.local:8123
If not check the letsencrypt addon for duckdns: addons/duckdns at master · home-assistant/addons · GitHub

The router is not able to convert https traffic into http. If you can connect internally with https the forwarding should work. You will get a certificate error from the internal network since the certificate belongs to the duckdns domain.

che · April 21, 2022, 1:54am

No, https://homeassistant.local:8123 did not work from my internal network. I’ve double-checked my DuckDNS configuration and set-up process (re-flashed the SD card containing HA to start over again in case I unknowingly messed up any configuration/details) and have managed to narrow the problem down to:

My ISP’s usage of CG-NAT
I’m using a cellular (4G) router

One (or both) issues are preventing the DDNS from working correctly. I’m afraid I don’t have the knowledge to go into the technical details here, but…

If you are facing the same problem:

Go to your router’s configuration page (usually http://192.168.0.1/ or http://192.168.1.1/) and check if your WAN IP address is the same as your public IP address by using a public IP checker.
If the 2 addresses are different, it’s likely that there is some Network Address Translation (NAT) going on - either due to CG-NAT on your ISP’s side, your ISP having a proxy server between private and public web, having two or more routers, etc.

What worked for me:

First option is to purchase a Home Assistant Cloud plan, which is a plug-and-play workaround to accessing HA remotely. At this moment, they offer a 31-day free trial for you to test if it’s suitable.
Alternatively, you can also try ZeroTier. This is what I’m currently using. The set-up is really easy, I followed this guide here and managed set up remote access on my phone in less than an hour.

Hope this can help someone struggling with the technical aspects of HA

MZorzy · May 17, 2022, 9:02am

Bonus:
add DuckDNS
generate letsencrypt certificate,
STOP duckdns addon and set to NOT autostart.
change IP on duckdns site to point to local HA’s ip (like 192.16…)
now can use HA app with https://----.duckddns.net

-cos, befor 90 day must renovate letsencrypt certificate, startind duckaddond and then rechange local ip on duck site. take 5 minut