Can only access Home Assistant laptop from wired LAN device

Hi there,

I have HomeAssistant running on w laptop connected to my OWT router via Wifi.

I am able to access the Home Assistant laptop via the PC that is wired to the router, but unable to access it from any other wifi clients on the same network.

"Isolate guests" is turned off, firewall config at default.

Any tips?

Please connect to your OpenWrt device using ssh and copy the output of the following commands and post it here using the "Preformatted text </> " button:
grafik
Remember to redact passwords, MAC addresses and any public IP addresses you may have:

ubus call system board
cat /etc/config/network
cat /etc/config/wireless
cat /etc/config/dhcp
cat /etc/config/firewall

haha sorry i forgot this, I really should know the drill by now :sweat_smile:

root@routey:~# ubus call system board
{
        "kernel": "6.6.30",
        "hostname": "routey",
        "system": "ARMv8 Processor rev 4",
        "model": "Spectrum SAX1V1K",
        "board_name": "spectrum,sax1v1k",
        "rootfs_type": "squashfs",
        "release": {
                "distribution": "OpenWrt",
                "version": "SNAPSHOT",
                "revision": "r26387-9a11bc3682",
                "target": "qualcommax/ipq807x",
                "description": "OpenWrt SNAPSHOT r26387-9a11bc3682"
        }
}

----

root@routey:~# cat /etc/config/network

config interface 'loopback'
        option device 'lo'
        option proto 'static'
        option ipaddr '127.0.0.1'
        option netmask '255.0.0.0'

config globals 'globals'
        option ula_prefix 'fdb5:499a:bd21::/48'

config device
        option name 'br-lan'
        option type 'bridge'
        list ports 'lan1'
        list ports 'lan2'
        list ports 'lan3'

config interface 'lan'
        option device 'br-lan'
        option proto 'static'
        option ipaddr '192.168.1.1'
        option netmask '255.255.255.0'
        option ip6assign '60'

config interface 'wan'
        option device 'wan'
        option proto 'dhcp'

config interface 'wan6'
        option device 'wan'
        option proto 'dhcpv6'


-----


root@routey:~# cat /etc/config/network

config interface 'loopback'
        option device 'lo'
        option proto 'static'
        option ipaddr '127.0.0.1'
        option netmask '255.0.0.0'

config globals 'globals'
        option ula_prefix 'fdb5:499a:bd21::/48'

config device
        option name 'br-lan'
        option type 'bridge'
        list ports 'lan1'
        list ports 'lan2'
        list ports 'lan3'

config interface 'lan'
        option device 'br-lan'
        option proto 'static'
        option ipaddr '192.168.1.1'
        option netmask '255.255.255.0'
        option ip6assign '60'

config interface 'wan'
        option device 'wan'
        option proto 'dhcp'

config interface 'wan6'
        option device 'wan'
        option proto 'dhcpv6'

root@routey:~# cat /etc/config/wireless

config wifi-device 'radio0'
        option type 'mac80211'
        option path 'platform/soc@0/c000000.wifi'
        option channel '36'
        option band '5g'
        option htmode 'HE80'
        option cell_density '0'
        option country 'US'

config wifi-iface 'default_radio0'
        option device 'radio0'
        option network 'lan'
        option mode 'ap'
        option ssid 'network1'
        option encryption 'psk2'
        option key 'xxxxx'
        option ieee80211r '1'
        option nasid '6969'
        option mobility_domain 'ab15'
        option ft_over_ds '0'
        option ft_psk_generate_local '1'
        option wmm '0'

config wifi-device 'radio1'
        option type 'mac80211'
        option path 'platform/soc@0/c000000.wifi+1'
        option channel '1'
        option band '2g'
        option htmode 'HE20'
        option cell_density '0'
        option legacy_rates '1'
        option country 'US'

config wifi-iface 'default_radio1'
        option device 'radio1'
        option network 'lan'
        option mode 'ap'
        option ssid 'network1'
        option encryption 'psk2'
        option key 'xxxx'
        option ieee80211r '1'
        option nasid '6969'
        option mobility_domain 'ab15'
        option ft_over_ds '0'
        option ft_psk_generate_local '1'
        option disassoc_low_ack '0'

config wifi-iface 'wifinet2'
        option device 'radio1'
        option mode 'ap'
        option ssid 'IOT'
        option encryption 'psk2'
        option key 'xxxx!'


-------

root@routey:~# cat /etc/config/dhcp

config dnsmasq
        option domainneeded '1'
        option localise_queries '1'
        option rebind_protection '1'
        option rebind_localhost '1'
        option local '/lan/'
        option domain 'local'
        option expandhosts '1'
        option cachesize '1000'
        option authoritative '1'
        option readethers '1'
        option leasefile '/tmp/dhcp.leases'
        option resolvfile '/tmp/resolv.conf.d/resolv.conf.auto'
        option localservice '1'
        option ednspacket_max '1232'
        option sequential_ip '1'
        list address '/homeassistant.local/homeassistant.lan/192.168.1.157'

config dhcp 'lan'
        option interface 'lan'
        option start '100'
        option limit '150'
        option leasetime '12h'
        option dhcpv4 'server'
        option dhcpv6 'server'
        option ra 'server'
        option ra_slaac '1'
        list ra_flags 'managed-config'
        list ra_flags 'other-config'

config dhcp 'wan'
        option interface 'wan'
        option ignore '1'

config odhcpd 'odhcpd'
        option maindhcp '0'
        option leasefile '/tmp/hosts/odhcpd'
        option leasetrigger '/usr/sbin/odhcpd-update'
        option loglevel '4'

config host
        option name 'HOMEASSISTANTSERVER'
        option ip '192.168.1.157'
        option mac 'XXXXX'

-----

root@routey:~# cat /etc/config/firewall
config defaults
        option syn_flood        1
        option input            REJECT
        option output           ACCEPT
        option forward          REJECT
# Uncomment this line to disable ipv6 rules
#       option disable_ipv6     1

config zone
        option name             lan
        list   network          'lan'
        option input            ACCEPT
        option output           ACCEPT
        option forward          ACCEPT

config zone
        option name             wan
        list   network          'wan'
        list   network          'wan6'
        option input            REJECT
        option output           ACCEPT
        option forward          REJECT
        option masq             1
        option mtu_fix          1

config forwarding
        option src              lan
        option dest             wan

# We need to accept udp packets on port 68,
# see https://dev.openwrt.org/ticket/4108
config rule
        option name             Allow-DHCP-Renew
        option src              wan
        option proto            udp
        option dest_port        68
        option target           ACCEPT
        option family           ipv4

# Allow IPv4 ping
config rule
        option name             Allow-Ping
        option src              wan
        option proto            icmp
        option icmp_type        echo-request
        option family           ipv4
        option target           ACCEPT

config rule
        option name             Allow-IGMP
        option src              wan
        option proto            igmp
        option family           ipv4
        option target           ACCEPT

# Allow DHCPv6 replies
# see https://github.com/openwrt/openwrt/issues/5066
config rule
        option name             Allow-DHCPv6
        option src              wan
        option proto            udp
        option dest_port        546
        option family           ipv6
        option target           ACCEPT

config rule
        option name             Allow-MLD
        option src              wan
        option proto            icmp
        option src_ip           fe80::/10
        list icmp_type          '130/0'
        list icmp_type          '131/0'
        list icmp_type          '132/0'
        list icmp_type          '143/0'
        option family           ipv6
        option target           ACCEPT

# Allow essential incoming IPv6 ICMP traffic
config rule
        option name             Allow-ICMPv6-Input
        option src              wan
        option proto    icmp
        list icmp_type          echo-request
        list icmp_type          echo-reply
        list icmp_type          destination-unreachable
        list icmp_type          packet-too-big
        list icmp_type          time-exceeded
        list icmp_type          bad-header
        list icmp_type          unknown-header-type
        list icmp_type          router-solicitation
        list icmp_type          neighbour-solicitation
        list icmp_type          router-advertisement
        list icmp_type          neighbour-advertisement
        option limit            1000/sec
        option family           ipv6
        option target           ACCEPT

# Allow essential forwarded IPv6 ICMP traffic
config rule
        option name             Allow-ICMPv6-Forward
        option src              wan
        option dest             *
        option proto            icmp
        list icmp_type          echo-request
        list icmp_type          echo-reply
        list icmp_type          destination-unreachable
        list icmp_type          packet-too-big
        list icmp_type          time-exceeded
        list icmp_type          bad-header
        list icmp_type          unknown-header-type
        option limit            1000/sec
        option family           ipv6
        option target           ACCEPT

config rule
        option name             Allow-IPSec-ESP
        option src              wan
        option dest             lan
        option proto            esp
        option target           ACCEPT

config rule
        option name             Allow-ISAKMP
        option src              wan
        option dest             lan
        option dest_port        500
        option proto            udp
        option target           ACCEPT

What ssid are you connecting to?

network1 (radio 0 and radio 1 (2.4 and 5ghz) are sharing that SSID with 802.11r turned on so it hands off to 2.4 ghz when i get far away.

the "IOT" network is not being used rn, I just forgot to delete it.

i was having trouble with chromecast, alexa, spotify etc last week, but turning off "disconnect on low ack" resolved the issue - so other peer to peer / WAN devices on that network are functioing, I just can't seem to connect from wireless -> wireless at http://homeassistant:8123/... only wired->wireless

That's not what 802.11r is for. This standard (can) improve roaming performance between 2 or more APs. It is not intended as a means of band-steering.

Therefore...
delete all the lines with an x:

And these:

Delete this:

And remove the legacy rates from this:

Then restart and try again.

k, i did that, now my chromecast is not detected on the network.

i think it needed legacy rates and low ack as it is an older device.

No, almost certainly not. Legacy rates sets up for 802.11b compatibility. All Chromecast devices are at least 802.11n capable.

Let's see the latest config (wireless).

hrm, weird well i couldn't get it to work, then i turned off low acknowledge disconnect off and it popped up (i know this is not WMM).

(i followed the first step in these directions) to restore it. btw this chromecast is like gen1 or 2 from many years ago - only does 1080p.

it's always had internet connection and it shows the current time and is accessible from the google home app on the phone, i just couldn't cast to it until i changed those settings. pre regardless, here's the current wireless config - if you think it is ok to turn off disconnect on low ack then i can perhaps have better luck returning to the inital problem of accessing homeassistant (btw homeassistant is in a docker container in ubuntu laptop connected via wifi - lmk if you need anything from that box).

cat /etc/config/wireless

config wifi-device 'radio0'
        option type 'mac80211'
        option path 'platform/soc@0/c000000.wifi'
        option channel '36'
        option band '5g'
        option htmode 'HE80'
        option cell_density '0'
        option country 'US'

config wifi-iface 'default_radio0'
        option device 'radio0'
        option network 'lan'
        option mode 'ap'
        option ssid 'network1'
        option encryption 'psk2'
        option key '[redacted]'

config wifi-device 'radio1'
        option type 'mac80211'
        option path 'platform/soc@0/c000000.wifi+1'
        option channel '1'
        option band '2g'
        option htmode 'HE20'
        option cell_density '0'
        option country 'US'

config wifi-iface 'default_radio1'
        option device 'radio1'
        option network 'lan'
        option mode 'ap'
        option ssid 'network1'
        option encryption 'psk2'
        option key '[redacted]'

This should be VHT80

And this should be HT20.

changes applied - still can't access homeassistant (can ping it from phone, though, but no reply (it must resolve because i have the host saved in openwrt).

~# cat /etc/config/wireless

config wifi-device 'radio0'
        option type 'mac80211'
        option path 'platform/soc@0/c000000.wifi'
        option channel '36'
        option band '5g'
        option htmode 'VHT80'
        option cell_density '0'
        option country 'US'

config wifi-iface 'default_radio0'
        option device 'radio0'
        option network 'lan'
        option mode 'ap'
        option ssid xxx
        option encryption 'psk2'
        option key 'xxxx

config wifi-device 'radio1'
        option type 'mac80211'
        option path 'platform/soc@0/c000000.wifi+1'
        option channel '1'
        option band '2g'
        option htmode 'HT20'
        option cell_density '0'
        option country 'US'

config wifi-iface 'default_radio1'
        option device 'radio1'
        option network 'lan'
        option mode 'ap'
        option ssid 'xxxx
        option encryption 'psk2'
        option key 'txxxx

might it be something on the client side?

getting this when trying to ping from router (via ssh)

root@routey:~# ping homeassistant.local
ping: bad address 'homeassistant.local'
root@routey:~# ping homeassistant.local
ping: bad address 'homeassistant.local'
root@routey:~# ping homeassistant.lan
ping: bad address 'homeassistant.lan'
root@routey:~#

can ping from desktop PC:

Pinging homeassistant.local [192.168.1.157] with 32 bytes of data:
Reply from 192.168.1.157: bytes=32 time=1039ms TTL=64
Reply from 192.168.1.157: bytes=32 time=4ms TTL=64
Reply from 192.168.1.157: bytes=32 time=321ms TTL=64

can also ping from router, but only when using IP address (weird that the TTL is so much longer):

PING 192.168.1.157 (192.168.1.157): 56 data bytes
64 bytes from 192.168.1.157: seq=0 ttl=64 time=205.265 ms
64 bytes from 192.168.1.157: seq=1 ttl=64 time=126.844 ms
64 bytes from 192.168.1.157: seq=2 ttl=64 time=202.289 ms
64 bytes from 192.168.1.157: seq=3 ttl=64 time=127.908 ms
64 bytes from 192.168.1.157: seq=4 ttl=64 time=44.810 ms
64 bytes from 192.168.1.157: seq=5 ttl=64 time=187.371 ms
64 bytes from 192.168.1.157: seq=6 ttl=64 time=606.658 ms

That is a very high ping response time.

I doubt these thigns will affect anything, but try this:

Remove these things from your DHCP config:

and

Then restart and test again.

applied, i can access homeassistant now via IP address from LAN and WLAN device - but i cannot resolve the hostname (homeassistant.local / lan). autodiscovery doesn't work for the official apps so need to do the IP address.

here's the rest of that config:

image|644x500

thank you very much for your help - is it possible to restore connectivity using the hostname?

(EDIT: turning dissociate on low ack restored casting to the chromecast - is this setting ok?)

let's see the latest config of your dhcp and wireless files.

config wifi-device 'radio0'
        option type 'mac80211'
        option path 'platform/soc@0/c000000.wifi'
        option channel '36'
        option band '5g'
        option htmode 'VHT80'
        option cell_density '0'
        option country 'US'

config wifi-iface 'default_radio0'
        option device 'radio0'
        option network 'lan'
        option mode 'ap'
        option ssid '[redacted]'
        option encryption 'psk2'
        option key '[redacted]'
        option disassoc_low_ack '0'

config wifi-device 'radio1'
        option type 'mac80211'
        option path 'platform/soc@0/c000000.wifi+1'
        option channel '1'
        option band '2g'
        option htmode 'HT20'
        option cell_density '0'
        option country 'US'

config wifi-iface 'default_radio1'
        option device 'radio1'
        option network 'lan'
        option mode 'ap'
        option ssid '[redacted]'
        option encryption 'psk2'
        option key '[redacted]'
        option disassoc_low_ack '0'

DHCP

root@routey:~# cat /etc/config/dhcp

config dnsmasq
        option domainneeded '1'
        option localise_queries '1'
        option rebind_protection '1'
        option rebind_localhost '1'
        option local '/lan/'
        option expandhosts '1'
        option cachesize '1000'
        option authoritative '1'
        option readethers '1'
        option leasefile '/tmp/dhcp.leases'
        option resolvfile '/tmp/resolv.conf.d/resolv.conf.auto'
        option localservice '1'
        option ednspacket_max '1232'
        option sequential_ip '1'

config dhcp 'lan'
        option interface 'lan'
        option start '100'
        option limit '150'
        option leasetime '12h'
        option dhcpv4 'server'
        option dhcpv6 'server'
        option ra 'server'
        option ra_slaac '1'
        list ra_flags 'managed-config'
        list ra_flags 'other-config'

config dhcp 'wan'
        option interface 'wan'
        option ignore '1'

config odhcpd 'odhcpd'
        option maindhcp '0'
        option leasefile '/tmp/hosts/odhcpd'
        option leasetrigger '/usr/sbin/odhcpd-update'
        option loglevel '4'

config host
        option name 'homeassistantlaptop'
        option ip '192.168.1.157'
        option mac 'redacted'

config host
        option name 'phone'
        option ip '192.168.1.234'
        option mac 'redacted'

Edit this:

to look like this:

config host
        option name 'homeassistant'
        option ip '192.168.1.157'
        option mac 'redacted'
        option dns '1'

it actually has a different hostname i just got rid of it - it was "ubuntulaptop".

the docker container uses a different hostname for the home assistant service

so instead of pinging or going to "ubuntulaptop.local", it would be "homeassistant.local"

i suppose the problem here is that i have once machine with a VM / container inside of it and they're both sharing the IP?

.local is specific to mdns and the router doesn't play a part here.

That might be part of the issue. On my Home Assistant VM, I have it configured (at the VM host environment level) as a bridged network adapter. This makes it possible for it to be directly exposed as if it were bare metal.