Samsung TV Documentation Update

Configuration
1

Whoever added this section to the Samsung TV integration documentation: THANK YOU!

Samsung SmartTV does not allow WebSocket connections across different subnets or VLANs. If your TV is not on the same subnet as Home Assistant this will fail. It may be possible to bypass this issue by using IP masquerading or a proxy.

This additional information finally enabled me to configure and setup my Samsung TV in Home Assistant. It never worked and it wasn’t clear to me why. My TV is connected to a different subnet than my Home Assistant instance and I was able to fix Home Assistant not being able to connect to the Samsung TV using IP masquerading as the section suggests.

<3

2

You could explain what you did to help others.

3

Thank you for your input. I think I did: I setup IP masquerading between Home Assistant and the Samsung TV host. What exactly that means in your specific situation depends a lot on the specific details of your network setup and deployed router.

Since this issue is caused by a more sophisticated network setup than what most users have (network segmentation with multiple subnets and a router deployed between segments), one can assume that most people running into this problem are more advanced network administrators than your average users and either already familiar with how IP masquerading works, how to set it up for their specific situation and/or able to find that information easily online as it applies to their specific setup.

On a high level, for those that maybe do not run into this problem but are just curious to learn more what this is even about:

I’ve been trying to integrate my Samsung TV into my smart home since I bought it maybe a year ago. While Home Assistant discovered the TV it always failed to connect and integrate it. I have a relatively complex home network setup where I utilize multiple VLANs, subnets and WIFI networks to separate specific parts of my network from each other. Most importantly my IOT devices live on a part of the network that doesn’t have access to my regular home network (like my PC or my NAS).
Since I’ve setup routing and firewall rules between those parts of my network such that Home Assistant can communicate with the Samsung TV, it shouldn’t lead to any issues with the communication between them and Home Assistant can communicate with many other devices on the IOT network no problem. But here we are with communication problems nevertheless.

The Samsung TV Integration documentation has never been really helpful in understanding or solving that problem. It mentioned that the integration had issues communicating with some versions of Samsung TVs and I thought maybe I was just unlucky and got one of those and didn’t bother with it any more.

In one of the more recent Home Assistant updates I noticed some bug fixes in the Samsung TV integration and decided to give it another try. My first attempt failed again as it always had. Home Assistant failed to connect to the Samsung TV. I took another look at the integration documentation and to my surprise found a new section in the documentation (quoted above). The updated documentation said that the TV itself declines any connection attempts from hosts that are not on the same subnet as the TV – exactly my situation! The documentation also suggested two solutions: using a proxy or IP masquerading. While the documentation isn’t explicit about this, in both cases the goal is to make the connection “bounce” off of a host that is on the same subnet as the Samsung TV.

In the proxy case you would install and setup a proxy server (I assume a HTTP proxy, because I believe the connection in question is a HTTP/WebSocket connection – but I’m not sure, so don’t quote me on this) on any host that Home Assistant can connect to on the same subnet as your Samsung TV and have Home Assistant use that proxy server instead of trying to connect directly to the Samsung TV. The proxy will forward the connection to the Samsung TV and to the TV it will look like the connection is coming from the same subnet and accept the connection.

However, I ended up using IP masquerading since it was more convenient in my case. Most non-network nerds are probably unfamiliar with the term IP masquerading, but might have heard of something called NAT (Network Address Translation) that your Internet router is doing. Basically what it does is provide access to multiple clients on your local network to the internet by replacing (“translating” or “masquerading”) the clients local network IP addresses with the routers public internet IP address while communication between your local clients and hosts on the internet passes back and forth. Hosts on the internet will only see your routers IP address and your router becomes responsible for delivering packets to the correct local network IP addresses when it receives them.

In this case, what you need to do is to setup NAT/IP masquerading on the router between the Home Assistant and the Samsung TV networks – or just between the two hosts or even just the relevant connections. Doing this was relatively straight forward on my ER-X running EdgeRouter. It would require a little more console-fu on your average pure Linux router and might not even be possible on your Internet provider’s off-the-shelve plastic router.

Now, when my Home Assistant instance connects to the Samsung TV it will look to the Samsung TV like the connection is coming from the router’s IP address on it’s subnet and will not refuse the connection attempt.

Voila, the integration now works. What in the end allowed me to understand what was going on and allowed me to fix it was the information that the Samsung TV refuses connections from subnets other the one that it is on.

2 Likes
4

Do you know any incompatibility about HA being connected at 2.4GHz and the TV at 5GHz wifi?

Or something about one connected at wired network and the other at wifi?

At least I know Wake-On-Lan only works on TV connected at wired network.

5

If your wifi networks use the same subnet, which on most consumer wifi routers they typically do, then there shouldn’t be a problem. If the IP addresses of your Samsung TV and Home Assistant only differ in the last part (e.g. 192.168.0.XXX), then you are likely on the same subnet.

The most reliable way to ensure that you are on the same subnet and not being routed is to use the traceroute command. You can run it on the Home Assistant host.

traceroute <samsung tv ip address>

If the output shows a single hop, then you are not being routed and both devices are on the same subnet, e.g.:

> traceroute 192.168.0.1
traceroute to 192.168.0.1 (192.168.0.1), 30 hops max, 60 byte packets
 1  EdgeRouterX (192.168.0.1)  0.361 ms  0.253 ms  0.312 ms

If the other device is on a different subnet, then the traffic will need to be routed between networks and your traceroute will have (at least) one additional entry, like so:

> traceroute 192.168.107.108
traceroute to 192.168.107.108 (192.168.107.108), 30 hops max, 60 byte packets
 1  EdgeRouterX (192.168.0.1)  0.355 ms  0.263 ms  0.216 ms
 2  192.168.107.108 (192.168.107.108)  36.022 ms  35.994 ms  35.981 ms

Note that at least my Samsung TV does not appear to respond to ICMP messages which are used by traceroute to probe the routes. Because of that, the output of my traceroute to my Samsung TV actually looks a little different:

> traceroute 192.168.107.87                                                                                                                                                                                      
traceroute to 192.168.107.87 (192.168.107.87), 30 hops max, 60 byte packets
 1  EdgeRouterX (192.168.0.1)  0.319 ms  0.322 ms  0.224 ms
 2  EdgeRouterX (192.168.0.1)  3074.094 ms !H  3073.941 ms !H  3074.267 ms !H

The second line indicates that the host being traced didn’t respond to the ICMP messages three times in a row, but since there is a first hope along the router you know that the IP address is in a different subnet.

1 Like
6

Awesome! I’m trying to do exactly this on my ER-X but can’t get my source nat to work.

Do you mind posting a snippet of your SNAT rule?

Best,

Sam

7

These steps are for the ER-X and possibly other EdgeOS based Ubiquity routers only.

  • Login to your ER-X / EdgeOS based router’s web interface.
  • Open “Firewall/NAT” tab
  • Open “NAT” sub-tab
  • Click “Add Source NAT Rule”
  • Set a description of your choosing (e.g. “Masquerade Home Assistant host to Samsung TV”).
  • In the “Outbound Interface” field select the VLAN or Ethernet Interface which is connected to the same subnet as your Samsung TV.
  • Select the “Use Masquerade” option.
  • In Src Address fill in the IP address of your Home Assistant host.
  • In Dest Address fill in the IP address of your Samsung TV.
  • Click save. This should do it for you.

Screen Shot 2022-08-19 at 8.33.26 PM
Screen Shot 2022-08-19 at 8.33.26 PM964×1658 107 KB

2 Likes
8

Hi, any ideas how to accomplish this in unifi dream router?

9

I don’t believe it’s possible to configure masquerading/NAT for any networks other than WAN in Unifi.

I have since also switched to a Unifi router and have not been able to reconfigure NAT. I’ve even asked about it in the Ubiquiti community forum:
https://community.ui.com/questions/Custom-NAT-rules-on-UDM-Pro/8680e605-b04d-41a4-b4fc-253da75b8e16

10

Hah! I was reading this thread at the start of the week but didn’t want to necro!

I’m currently in the same boat, I need to access my Samsung Smart TV, which lies in a different VLAN managed by a Unifi Dream Machine Pro.

So far, I’ve managed to validate this will not be possible from the interface. To do it you’re going to need ssh access, which will allow you to configure IPTables directly.

I’ve only tried one rule so far (below), without success, but I’ll update this thread if I get anywhere.

If you’re not familiar with any of this terminology I’d recommend not proceeding as you can really disrupt your network setup. If you’re going to continue anyway, please run iptables-save once connected with SSH and store the output of the command somewhere safe (local).

192.168.30.200: Home Assistant
192.168.40.5: Samsung Smart TV

IPTables Command:

iptables -t nat -A POSTROUTING -s 192.168.30.200 -d 192.168.40.5 -j MASQUERADE

I suspect my solution may be further complicated by the fact my HA setup is running within Kubernetes, so this solution may work for you!

Edit: Cool, this works. As I am running Home Assistant within a container (Docker, Kubernetes, etc), I needed to make sure my Source Address (-s) was actually the IP of the machine Home Assistant is running on

11

Thank you very much for the answer, I have some idea what ssh is and I have read that changes made that way or not permanent in unifi devices. Is that correct or what when does it change back?

I am also running home assistant in docker and I wont do any changes unless I’m sure I am safe.

12

Yes, thanks to whoever added that piece of documentation and thank you, dev0, for the additional info.

If anyone is still having issues after implementing NAT (IP masquerading), packet captures showed the Samsung sending an ARP request for the NAT’d IP, but no response. So I also had to add Proxy ARP on my firewall/router to get this integration to work across subnets.

13

In one of the recent Updates, NAT came to the GUI…

Its not only related to Samsung TVs - Like in this Post: https://community.ui.com/releases/UniFi-Network-Application-8-3-20/663314c3-fc7d-4c50-863f-6969f24a3b77#comment/5255e8d1-1e7c-464a-9ffd-88c37aebb6c2

But i cant get it to work through the gui… :confused:

14

Instructions to integrate a Samsung TV when it is on a different VLAN than the Home Assistant

Overview

This example is specific for the UniFi Cloud Gateway Controller. I am no expert, but I believe there are parallel concepts with other networking devices.

Prerequisites

  • UniFi Network Controller with UniFi OS v4.0.6 and Network 8.3.32
  • Two VLANs configured (e.g., VLAN_A and VLAN_B)
  • IP addresses of the devices involved (e.g., Device_A on VLAN_A and Device_B on VLAN_B)

I just completed this and it was very easy ONCE you have a NAT’d VLAN. I am new to HA and only have a couple of sensors and a whole bunch of Hue lights and a Hue Dimmer (V2). Here is my configuration:

My setup for this example

  • VLAN_A: This is my home VLAN for my laptop, printer, NAS, HA, etc.
  • VLAN_B: This is my IoT VLAN for my TV, Apple TV, door and window sensors, etc.
  • Home Assistant: 192.168.1.200
  • Samsung TV: 192.168.2.116 (we won’t need this because I set up a NAT rule for the entire VLAN)

Configuring NAT (Masquerade) to Enable Cross-VLAN Communication in UniFi

These instructions will guide you through setting up a NAT rule to allow a device on one VLAN to communicate with a device on another VLAN as if they are on the same VLAN. This is useful in scenarios where devices need to interact but are restricted by VLAN segmentation.

Step-by-Step Guide

  1. Access UniFi Network Controller:
    • Open your web browser and log in to your UniFi Network Controller.
  2. Navigate to Networks:
    • Click on Settings in the left navigation menu.
    • Select Networks from the list.
    • Ensure that VLAN_A (e.g., 192.168.1.0/24) and VLAN_B (e.g., 192.168.2.0/24) are configured correctly.
  3. Create Firewall Rule to Allow Specific Traffic:
    • Click on Settings in the left navigation menu.
    • Select Security.
    • Go to the Traffic & Firewall Rules section.
    • Select Advanced.
    • Click on Create Entry.
  4. Configure the Rule to Allow Traffic from VLAN_A to VLAN_B:
    • Type: LAN IN
    • Name: Allow Home Assistant to VLAN_B
    • Action: Accept
    • Protocol: Any
    • Before Predefined: Should be checked
    • Source:
      • Source Type: IP Address
      • Address: 192.168.1.200 (IP address of Device_A on VLAN_A)
    • Destination:
      • Destination Type: Network (We want HA to connect to anything on VLAN_B, right?)
      • Network: VLAN_B
      • Netwrork Type: IPv4 Subnet
    • Click Save.
  5. Create NAT Rule:
    • Click on Settings in the left navigation menu.
    • Select Routing.
    • Select NAT in the top Nav. Go to the NAT section and choose Create Entry and in the Masquerade section:
      • Name: NAT Home Assistant to VLAN_B
      • Protocol: All
      • Interface: VLAN_B
      • Translated Port: Leave blank
      • Source: Check the box and choose IPv4 Address / Subnet and enter the IP address of the device you want to NAT (
        Address: 192.168.1.200
    • Source Port: Leave blank
    • Destination: Leave blank
    • Advanced: Auto
    • Click Add when done (Apply Changes if editing an existing rule).

Verification and Testing

  • Testing Connectivity: Ensure that Device_B can communicate with Device_A as expected.
  • Security Considerations: Verify that only the intended traffic is allowed and that no unintended access is permitted.

By following these steps, you should be able to configure your UniFi Cloud Gateway Ultra to allow cross-VLAN communication using NAT, making Device_B think that Device_A is on the same VLAN. If you need further assistance or encounter any issues, feel free to ask!

15

Hey Gary,
thanks for your Answer!

That doesnt seem to work for me - Did everything like you said and checked it twice… The Samsung Integration doesnt “connect” to the TV (i removed the “old” Connection from Device Manager on the TV) and the TV doesnt ask for “access” like it should.

It was working before, with this line in the UDMP

iptables -t nat -A POSTROUTING -s 192.168.1.100 -d 192.168.2.50 -j MASQUERADE

Where Source is HA and Destination was the TV…