UI.com / UniFi Network Application connectivity problem - STUN or other traffic blocked?

When I first used this Add-on, I could monitor the status and make changes to my switches and APs both locally via the IP of my HA server and from ui.com. In the last couple months (at least when I became aware of the issue), ui.com just times out and a toast notification says “connecting to site is taking longer than expected”.

There seem to be numerous threads about the issue on Reddit and I think I have tried all the “fixes” to no avail.

I have noticed the log repeatedly has these lines:
:0 Permanent error code on allocate request: 420 - . This was after receiving a valid nonce
:0 TURN instance failed: TURN id: 3; fd: 262 0.0.0.0:58564 → 141.101.90.1:3478 (all_interfaces) DTLS id:
:0 STUN id: 2; fd: 258 172.30.33.5:57897 → 162.159.207.0:3478 (eth0) DTLS id: 0 ()(NATDISCOVERY) timed out
:0 STUN id: 4; fd: 230 172.30.33.5:34546 → 198.177.54.147:55862 (eth0) DTLS id: 0 () (PEER) timed out
:0 STUN id: 5; fd: 230 172.30.33.5:34546 → 104.30.146.60:34102 (eth0) DTLS id: 0 () (PEER) timed out
:0 STUN id: 6; fd: 230 172.30.33.5:34546 → 104.30.144.15:64896 (eth0) DTLS id: 0 () (PEER) timed out
:0 STUN id: 7; fd: 230 172.30.33.5:34546 → 104.30.148.221:11696 (eth0) DTLS id: 0 () (PEER) timed out
:0 STUN id: 8; fd: 230 172.30.33.5:34546 → 104.30.144.13:61015 (eth0) DTLS id: 0 () (PEER) timed out
:0 STUN id: 9; fd: 230 172.30.33.5:34546 → 104.30.147.252:63750 (eth0) DTLS id: 0 () (PEER) timed out
:0 TCP candidates not supported yet

Thought it was a firewall / port forward issue but either I don’t have the rule(s) configured correctly or that isn’t the problem.

Everything else with HA is working fine - VPN, integrations, remote access, reverse proxy, DNS, etc.

For UniFi gear I have a USG-3P a USW-Pro-48-PoE and some UAC-AP-Pro access points. All VLANs have been in place for over a year and the traffic for all devices and subnets is working as desired / expected. I have the latest application release [9.0.108] and current firmware on all devices.

My HA server and the UniFi gear reside on the same VLAN, BTW.

  • Core 2025.1.4
  • Supervisor 2024.12.3
  • Operating System 14.2
  • Frontend 20250109.2