Trusted networks makes mqtt auth fail

tom_l · October 19, 2019, 1:15am

I wanted to enable trusted networks to prevent v1.5 of the iOS app triggering ipban every time it first starts. So I added this to the home assistant section of my configuration.yaml file:

  auth_providers:
    - type: homeassistant
    - type: trusted_networks
      trusted_networks:
        - 10.1.1.0/24
        - 127.0.0.1

Right after a restart my mqtt clients failed to connect to the mqtt broker. Restarting the broker or clients did not help.

Removing the auth providers and restarting home assitant enabled the clients to connect to the broker again.

I’m using the hassio Mosquitto addon with a home assistant user (not local user) and a working ACL.

What have I missed?

DavidFW1960 · October 19, 2019, 2:54am

Nothing I can see. I have the exact same and it works. Do you use a reverse proxy?
I do also use trusted users…

  auth_providers:
    - type: trusted_networks
      trusted_networks:
        - 127.0.0.1
        - ::1
        - 10.90.11.0/24
        - fd00::/8
        - !secret zerotier_network
        - !secret my_ipv6_network
      trusted_users:
        127.0.0.1: !secret user_id
        "::1": !secret user_id
        10.90.11.0/24: !secret user_id
        "fd00::/8": !secret user_id
        !secret trusted_ipv6: !secret user_id
        !secret zerotier_network: !secret user_id
      allow_bypass_login: true
    - type: homeassistant

I wonder if not having a trusted user causes the problem? The MQTT addon can’t login?

tom_l · October 19, 2019, 3:07am

Hi David. No Not using a reverse proxy.

I’ll give trusted users a go when I get back home.

DavidFW1960 · October 19, 2019, 3:20am

Clutching at straws. I doubt it will help.

mattch · December 7, 2019, 6:27pm

I just discover this myself, on 102.3 troubleshooting the error so decide to test and learn trusted network auth provider. ha is used locally only and ip only.
ERROR (MainThread) [hassio.api.proxy] Client error on WebSocket API Cannot

After I added the trusted networks my mqtt devices stop connecting using mosquito broker.
After digging, the mosquito addon config was reset to default so my login username info was missing. I added login info back to mosquito addon and starts working but which defeats everything for me LOL

DavidFW1960 · December 7, 2019, 10:59pm

So if you create a Home Assistant user with the same username and password default works perfectly.

mattch · December 7, 2019, 11:13pm

My HA user/password is the same that was configured in mosquitto login already, perhaps my install is not connecting to ha auth system, I have to do some more digging the problems are usually on my side of the table.

Seems by design adding trusted network removes mosquitto addon login section because it consistently happens to me when undo and add auth/trusted network section back to configuration.yaml

DavidFW1960 · December 7, 2019, 11:31pm

I use trusted networks and trusted users and it has nothing to do with the mosquitto addon. The default settings will work if you have a user defined in HA that is also the one you define for MQTT in your devices.