Home Assistant Community

Solved - Does home-assistant /hassio restrict access based on IP?

james_hiscott (James Hiscott) September 21, 2018, 9:03am 1

This sound like a silly question but i cant work it out so looking for some extra help.

Ok, so i have just setup a VPN to connect to my home network (directly on my router) and can connect to all my local devices other than my hassio RPI3.

When i connect over my VPN i get an up address of 172.17.100.1
All of my local kit has fixed ips in the 10.10.1.xxx range
I can ping my gateway 10.10.1.1 and i can ping my other kit (IP cams, NAS etc all in the 10.10.1.xxx range)
I can browse the http interface on all of the devices (IP Cams, Nas etc as above)
However i cant ping or browse my hassio RPI3 by hostname or IP address (i know the IP is correct and inside the same 10.10.1.xxx range)

Do i need to set something on my Hassio install / home-assistant config to allow access from my VPN users in the 172.17.100.xxx range?

Edit: Just found this: https://www.home-assistant.io/docs/configuration/remote/ but i was assuming being on the local LAN this would not apply?

finity September 21, 2018, 3:20pm 2

I don’t use hassio so I don’t know if what you are experiencing is hassio specific but…

I use HA in docker (similar to how Hassio is setup) and have a VPN set up on my router and I can connect directly to my HA instance without any external access configuration needed.

james_hiscott (James Hiscott) September 21, 2018, 3:30pm 3

When you VPN are you in the same ip range as your home assistant ip?

finity September 21, 2018, 3:36pm 4

Yes.

My router is 192.168.1.1.

My HA is 192.168.1.11.

When on the VPN my phone IP this time is 192.168.1.118

james_hiscott (James Hiscott) September 21, 2018, 7:40pm 5

Humm maybe that is my problem! I feel it should still work though

flamingm0e September 21, 2018, 7:44pm 6

If you cannot ping the device, it isn’t something in your Home Assistant configuration. Are you using HASSIO or have you installed Home Assistant in another way?

If you are using HASSIO, have you manually configured a static IP? Did you forget the gateway for it? Is its subnet correct?

james_hiscott (James Hiscott) September 21, 2018, 7:59pm 7

Yep Hassio, and yep it has a static IP (setup on the router not in hassio). The IP is set as 10.10.1.10, but i can ping 10.10.1.11 and 10.10.1.1 (among others) the only ip cant pint is hassio (10.101.10) hence the confusion.

finity September 22, 2018, 1:04am 8

Can you get to the HA on a browser from inside your network not thru the VPN?

If not then are you sure your HA is even still working?

james_hiscott (James Hiscott) September 22, 2018, 9:11am 9

Oh yes, works locally fine but then I am on a 10.10.1.x IP (same range)

finity September 22, 2018, 12:30pm 10

Maybe post you configuration.yaml sections having to do with http:? Maybe there’s something screwy there.

I’m sorry. I’ve got no other suggestions.

gpbenton (Graham) September 22, 2018, 2:28pm 11

If you can’t ping, traceroute 10.10.1.10 sometimes gives useful information about where the message is lost. You may need to install it first.

Also, route shows routing tables, which may have a special entry for that device.

james_hiscott (James Hiscott) September 27, 2018, 8:34pm 12

Apologes for the slow response. Not had time to test again. As you can see the traceroute to a webcam is working fine, a traceroute to the Hassio box (by ip or hostname) just times out.

Tinkerer (aka DubhAd on GitHub) September 28, 2018, 6:15am 13

Is your VPN server also your default gateway? If not does your VPN server NAT (masquerade) all traffic so that it appears to come from the VPN server?

If not you probably need to tell Hass.io that it has a static route to 172.17.100.0/24 via the 10.10.1.x address of the VPN server.

james_hiscott (James Hiscott) September 28, 2018, 7:11am 14

The VPN server is the default gateway (physically, as in its the same device) but (as far as i know) it does not NAT all traffic as my normal internet traffic still goes out over my clients local connection.

How would i try telling hass.io that it has a static route from 172.17.100.0/24 via the 10.10.1.1 address?

Thanks again for your help, much appreciated.

Tinkerer (aka DubhAd on GitHub) September 28, 2018, 1:19pm 15

If that’s the default gateway, you shouldn’t need to do anything else.

james_hiscott (James Hiscott) September 29, 2018, 7:03pm 16

Well physically they are the same device, but the defult gateway i get from the VPN is 0.0.0.0

The thing i simply cant work out is i can ping and connect to eveything else, webcams, openhab, etc. Just not hassio via IP or hostname.

I even made a brand new hassio install and didnt add or change anything and have the same problem. Both are running at the same time (with different host names) but both dont respond to ping or web requests.

Starting to go a bit mad

james_hiscott (James Hiscott) October 7, 2018, 1:58pm 17

Ok so after a bit of digging, it was caused by my IP range being used by the VPN, which uses 172.17.100.x.

The default network used by hassio, is also on 172.17.0.x causing the problem, moving the VPN to a 10.255.x.x range fixed it!

Thanks to anyone that tried to help. Hope the above helps someone else.

Akovano February 26, 2019, 8:00am 18

Just wanted to say thanks @james_hiscott because I’ve been pulling my hair out trying to figure out the same problem. I had my VPN set to provide addresses on 172.17.x.x and I could not connect to hass.io, but could connect to all my other machines.

I changed my VPN to use 172.18.0.x and then I could connect to hass.io fine on the first attempt!