I am trying to set up my HA instance on a RPi 4 for remote access using DuckDNS + Let’s Encrypt. I have set up DuckDNS and can now access my HA system through HTTPS. However, when I try to port forward it on my Xfinity router, it does not seem to show up on the list of devices. There is no way to manually enter an ip address. The RPi is connected via Ethernet to a TP-Link extender, however the HA install is only remotely accessible when connected to the router. It shows up as “homeassistant” in my extender app, but in the Xfinity app I can only find “Bedroom” (technically where it’s located) and two “Generic Brand IoT” devices along with all my other more identifiable devices around the home and the extender. How exactly should I go about this? Should I forward to the extender? Thank you all.
Can you list the name, model number, IP and MAC addresses of all local devices mentioned please. Full (not a security issue to list all numbers as they are local to your LAN, behind the NAT functionality of the router)
Do you have DHCP turned on for your extenders?
Please hold off on port forwarding for now.
Sure! On a closer look, it seems like the two “Generic IoT” devices are actually some ESPs I have connected to the network. Bedroom is a Roku TV. My HA instance is at 10.0.0.212 with MAC address e4:5f:01:0c:fb:13, and the TP Link extender is at 10.0.0.3 with MAC address F6090D50253F (as it shows in the Xfinity app). DHCP on the extender is currently set to “Auto.” I will not forward until further response. Thank you!
Router is 10.0.0.1 - When I go to the “devices” page it lists all of them as DHCP except for 10.0.0.242 which is a reversed IP. I don’t know what that device is.
Whats a ‘reversed IP’?
Does that device have a MAC?
Can you look up the mac to find the manufacturer?
You seem to have your devices all connected Dynamically (that’s what the D in DHCP stands for) so each time they connect they get a different IP address, depending on what’s available.
How are you going to port forward packets from the outside world to a constantly changing internal IP address? You aren’t. You have to fix the IP address of devices to make them Static and consistent, and then you can port forward to the static IP addresses.
Having your extenders vying to allocate IP addresses as well as your router is going to cause confusion, especially if they all use the same IP range. Time to ‘fix’ the addresses for devices you know for faster connection and consistent operations. In this case DHCP is working against you, not for you.
Once that is stable, go ahead and port forward if you need to, carefully following the instructions, keeping in mind you are opening your target to the outside world so be as narrow as possible to reduce your exposure to nasty people and bots that do not have your best interest at heart - there are many.
I’m sorry, I misread it as “reversed IP” when it was really a “reserved IP.” My bad. So from that page now I can set a static IP to whatever device I need to. At a look at the IP address of the device, it looks to be an ESP device. This makes much more sense now. Thank you for all your help!!!
Ah Ok. Good. Now that you can give your LAN a bit of stability and consistency, go ahead and configure your filtering, firewalls, access (both internally and externally), and port forwarding, confidently.
Done - now I can access HA remotely using my DuckDNS domain. However, I cannot access it inside the network from the same domain name - I need to use https://homeassistant.local:8123. I understand this is an issue with not having NAT loopback enabled - I tried to follow guides on how to fix this, but unfortunately Xfinity, being the lovely unrestrictive company they are, does not allow you to change the default DNS. I decided that it’s fine and I’ll just use DuckDNS for external and homeassistant.local for internal. However, I tried to configure this in the app and it is only working externally. I understand that I need to disable https and only use http for my local access on the app - how can I do that while retaining https for DuckDNS?
What static IP address did you allocated for your HomeAssistant server?
Use that in your url instead, not forgetting the port number as well.
What do you have for your external DNS setting for your router (not the dynamic DuckDNS one)? 1.1.1.1, 8.8.8.8 are two that come to mind, if you are not using the ones that are allocated by your ISP.
Static IP for HA is 10.0.0.213. I’ve tried to use that IP via https in the app under the configuration settings, but it won’t connect even when including the port number. It connects perfectly fine in the browser when typing that in though.
My primary DNS for the router is 75.75.75.75 and secondary is 75.75.76.76 - Comcast defaults (and requirements).
Your external DNS entries in your router should be fine. You obviously are able to verify access your HomeAssistant server from outside your LAN via your chosen DuckDNS name, right? It has had time to propagate across the Internet? You can see that it is working on the DuckDNS site from the time last updated?
Sorry - using the official HA iOS app. I can access HA outside my LAN with my DuckDNS name over HTTPS. It’s probably had 1 or 2 days to propagate. And the DuckDNS site shows no errors. Looking at the HA app logs, it shows both “error: Server trust evaluation failed due to reason: Custom trust evaluation failed with error: [DuckDNS domain] certificate name does not match input” and “error: URLSesionTask failed with error: The request timed out.” The former must be when I was trying to connect using my DuckDNS name as the local address.
I thought I added certificates in the configuration.yaml file, but when I try to access locally through the IP address it gives a “not private” warning.