Switched to ER605 and now HA can't access internet

Upgrading my ISP to a FTTP service (in aust: NBN) forced a switch to a new router (TP-Link ER605).
And now HA can’t see the outside world any more.
It’s only HA; all other devices on the network are fine.
IP addresses are static, identical and ported over to new setup (AFAICT).
HA can see and manage all devices on the LAN e.g. aircons, it just can’t seem to get beyond the router.
IP6 switched off (seemed to solve for other people, but didn’t fix my problem)
Problem discovered when Mosquitto broker reported no host internet.
From ssh cli, “ping” works on anything in the LAN, but not the WAN. (WTF???)

Anyone had any experience?
I’m pretty sure this is going to be some config detail on the ER605. I’ve tried to keep that as vanilla as possible while I get everything running.

  • No DNS services have been set up, so no DNS Proxy. (Setting DNSSEC and so enabling the proxy didn’t work)
  • No VPN
    It’s just … how can other devices in the house not have a problem, but HA can’t even ping past the Router? e.g. mobile → EAP610 → switch → Router → works fine.

FTTP → ER605 → Unmanaged POE switch → PI 4 (not using POE) → HA
ha network info shows:

  • docker addresses as per normal
  • host_internet: false
  • interfaces → end0 connected:true, gateway set to router, method: static, nameserver 8.8.8 (which I can get to from other devices and the Router is routing to)

If I run ha network reload from the SSH CLI, I get a context deadline exceeded (Client.Timeout exceeded while awaiting headers).

Any suggestions? :frowning:


Can you ping on your HA OS box ?

FWIW I use an ER605 here in the US with no issues for 2 instances of Home Assistant.

My typo. No, I can’t ping anything outside the local network from the HA PI :frowning:

Interesting. Any particular options e.g. around multicasting or DNS that you have turned on?

No, I believe it pretty much out of the box config. I use AdGuard Home for DNS and DHCP so those functions aren’t on the router. Public DNS forwarders go to and (Quad-9 and Cloudflare) as secure (https) DNS connections so the router can’t really decrypt that traffic.

Traceroute is your friend.

For anyone stumbling across this page, in the end I pulled apart the config, factory-reset the ER605 and bought the system back online piece by piece, testing every step of the way.
And everything worked.
So: it could have been an odd setting in the ER605. Or, something odd in the YuanLee unmanaged switch. Maybe even a dodgy cable.
So, if you have an ER605 and are having HA troubles, don’t give up!
(Thanks to everyone for offering support. It was good to know that other people DIDN’T have issues, and I should keep on pushing to find out what was going on).