Home networking expert??

[barsteward]

Hoping someone can help me sort out a networking problem. It's a bit convoluted but here goes.

I have an Huawei router connected to the 3 network which acts as a gateway for my main router a TP link Archer C 80, this is bound to the TP link DDNS sever.
Directly wired (ethernet) to the Tp link is an old lap top that I use for my Home Assistant Supervised instance which is installed on Debian 11 with me so far?

I wanted to control my Home Assistant from outside my local network so I purchased a Cloudflare DN and have now been trying for months with the help of various tutorials to access the HA instance without success.
I have pointed the Cloudflare DN to the HA ip address and local port then set up port forwarding on the router, I have then tried every tutorial I could find to set up ssl/tls certification on HA with errors every time and of course no connection.

I had so many different certificates and setting I decided to do a clean install of Debian and then reinstall HA then I revoked all certification from Cloudflair and tried again

Still no success so I'm beginning to think it may be some thing to do with the router being bound by TPlink or some kind of loop back problem with Debian or maybe because 3 internet uses the carrier grade nat, completly screwed my head in now.

I must point out that I am a complete novice and although I have leaned a little bit over the months I obviously do not understand it.

I roué the day that some one on this forum mentioned not being able to get a smart light bulb working and I flippantly said I use a light switch. looked up what a smart bulb was and have been hooked ever since.

 

[Bolti]

Just a suggestion, have you tried the laptop ethernet connected to the Huawei router. it may point to where the problem may lie.

( I know nothing about computers, my usual fix is to hit it repeatedly)

 

[barsteward]

I am very close to deploying your fix I'll give the Huawei a go first though.

 

[Aireworth]

I'd think you have too many routers, for someone who claims to be a novice. Is there any routing done on the TP router or it just acting as a switch/wifi access point? Can the Huawei not do everything?

 

[Aireworth]

What device are you hoping to use to access the HA on the laptop? Could you not install something like Teamviewer on the laptop to give full remote control? ( or whatever the linux equivalent of Teamviewer is, if Teamviewer istn't Linux native)

^{_{Subscribers  do not see these advertisements}}

 

[Guigsy]

I think the majority of the mobile networks are double-NAT'd, so you can't reach your router via an IP address. I know Vodafone is the same.

I'll admit that I've just taken the easy route with my Home Assistant. I pay the $5 per month for Nabu Casa to give me remote access and voice control via Google Home. No dynDNS or port forwarding required.

 

[Fontie]

I use Nabu Casa for ease of use and to support Home Assistant, everything on my instance works as it should including all my Nest thermostats and camera's

 

[Aireworth]

Just checked, TeamViewer runs on Linux, Windows, Ios, Mac, Android. As I recall dead easy to setup and free for personal use.
In effect what you're trying to do currently is tunnel in through yours routers to the Laptop. Teamviewer (and their like, of which there are many) effectively tunnel out to a secure point (provided by them) which your remote device then connects to complete the tunnel. No ports to forward, no certs to install etc, etc.

 

[Guigsy]

Just checked, TeamViewer runs on Linux, Windows, Ios, Mac, Android. As I recall dead easy to setup and free for personal use.
In effect what you're trying to do currently is tunnel in through yours routers to the Laptop. Teamviewer (and their like, of which there are many) effectively tunnel out to a secure point (provided by them) which your remote device then connects to complete the tunnel. No ports to forward, no certs to install etc, etc.

That works for occasional tinkering. But is a faff every time you want to check you turned the lights off or check the car is still on the driveway from an integrated camera.

 

[Aireworth]

Sure, but perhaps no more of a faff than the way the OP is approaching the problem

^{_{Subscribers  do not see these advertisements}}

 

[Guigsy]

Sure, but perhaps no more of a faff than the way the OP is approaching the problem

Once setup though, he'd be able to access it via webpage or phone app without needing to dial in via the TeamViewer each time. So less faff once it's working. It might also be considered a smaller security risk than allowing full remote client access to a machine in your home network.

 

[barsteward]

Thanks for all your comments ease of access is part of it but I have also done some tinkering with Hacs, some of the add ons and integration's required need non self certified authentication such as for the AWS Iot platform. I know I may sound at times that I know what I'm doing but I really don't. I just follow lots of video tutorials from people that do know( Monkey does as Monkey see)

Hence I haven't yet been able to sort this out I have however been able to follow some of the logs in home assistant and it appears the problem is the communication between Cloudflair and HA I think the hardware sett up is ok.

This is just a very small snippet of the error log.

messages, upgraded, tail = self._request_parser.feed_data(data)
File "aiohttp/_http_parser.pyx", line 551, in aiohttp._http_parser.HttpParser.feed_data
aiohttp.http_exceptions.BadStatusLine: 400, message="Bad status line 'Invalid method encountered'"

looks like I may have to go down the road of NabuCasa but I hate being beat no matter how thick I am.

 

[Guigsy]

Are you sure you can even ping your home router from the internet? Have you got a dynamic DNS service running? If you can't do that, then it's not an issue with your software config. It's because Three's network design makes it impossible to go from the outside in.

 

[barsteward]

I'm using tplink DDNS with cloudflare dns ported through. haven't tried ping so try that next

 

[Aireworth]

Can I ask, why do you need Cloudflare DNS? Does your DDNS from Tplink not also provide DNS services? Or am I missing something.

^{_{Subscribers  do not see these advertisements}}

 

[barsteward]

Its only a partial dns service in so far as you can access all the router capabilities but you can't access any of the attached devices ie computer etc.
After several more hrs this evening I have come to the conclusion that the main problem is the 3 cgnat. in order for Cloudflair and HA to play nicely a private ip address is required to securely access HA with nginx reverse proxy.

So NabuCasa it is although the whole point of HA to me is to become less reliant on the likes of Amazon and Tuya who are shortly bound to introduce a pay for use scheme and whenever the whim takes them they will make the functioning smart devices you already own obsolete.

 

[Gromett]

In this one instance I would possibly suggest a simpler solution would be to use cloud services. A simple service like Digital Ocean $4 a month droplet (VPS). Get this set up with a vpn service so your HA system can connect directly to it. Then you can just use normal DNS pointing to your Droplet.
This would side step any cgNAT and NAT that 3 are doing. Oh and it means you could get rid of cloudflare.

I am not 100% sure I understand what you are doing, so if I am not making any sense just ignore me.

 

[Aireworth]

I still don't understand what you need cloudflare for. And I don't understand what you mean by a partial DNS service. Do you really need a DNS service for your internal network? Can you not just use the actual up addresses?