custom-components / authenticated

A platform which allows you to get information about sucessfull logins to Home Assistant.
MIT License
82 stars 28 forks source link

Issues when exclude range of Google Assistant Server's IPs. #64

Closed stbeep1 closed 2 years ago

stbeep1 commented 3 years ago

I want to exclude the range of Google Assistant Server's IP address that are logged everytime.

I want to exclude a range of IPs. Is that possible?

stbeep1 commented 3 years ago

My HA server: Version core-2021.1.5 Channel: stable Deployment: production Running Hass.io on a Pi4 (2GB of RAM) Let me know if u need more information. Thanks!

DavidFW1960 commented 3 years ago

I have these excluded. They are published by Google. I only use IPv6 so I excluded

stbeep1 commented 3 years ago

I have these excluded. They are published by Google. I only use IPv6 so I excluded

  - 2001:4860:4000::/36      # Google

in the authenticated config. You just need to lookup the IPv4 ones and exclude them.

How do u find those Google assistant IP address? It's it from a trusted source? Thanks.

DavidFW1960 commented 3 years ago

Google it… like I said Google publishes their IP address ranges… they are not secret..

stbeep1 commented 3 years ago

Google it… like I said Google publishes their IP address ranges… they are not secret..

Did you find Google assistant server's IP address from Google's official website? Cloud you please paste the URL here, thanks! I can only find it through some unknown website. 😢

stbeep1 commented 3 years ago

Seems like there is a problem using exclude: (Google iP). Here is my code, when I put exclude: (Google iP) in my configuration.yaml file. Then I check config and restart my HA server. After that, I use ProtonVPN to access my HA server (from the HA app)(a few time on different IP/ different city). I waited for 1 hour and I didn't receive any login notifications (notifications inside the HA dashboard). I have checked that if I remove exclude: (Google iP), and restarted my HA server, notifications will work. Am I doing anything wrong with exclude: (Google iP)? Thank you. Here is my code (/config/configuration.yaml)

image

DavidFW1960 commented 3 years ago

apart from indenting and not putting in the -'s? This is my config:

# Authentication Sensor
  - platform: authenticated
    enable_notification: true
    exclude:
      - !secret my_ipv4_network
      - fd00::/8
      - !secret zerotier_network
      - !secret my_ipv6_network
      - 2001:4860:4000::/36      # Google
stbeep1 commented 3 years ago

apart from indenting and not putting in the -'s? This is my config:

# Authentication Sensor
  - platform: authenticated
    enable_notification: true
    exclude:
      - !secret my_ipv4_network
      - fd00::/8
      - !secret zerotier_network
      - !secret my_ipv6_network
      - 2001:4860:4000::/36      # Google

This is my new config. (screenshot) image

I have followed your instructions. Then I check config and restart my HA server. After that, I use ProtonVPN to access my HA server (from the HA app)(a few time on different IP/ different city). I waited for a few minutes and I didn't receive any login notifications at all. (notifications inside the HA dashboard). Do you know why?

stbeep1 commented 3 years ago

My HA logs: There are no new issues! HA Channel: stable Deployment: production Authenticated version: latest stable release from HACS

DavidFW1960 commented 3 years ago

what does the file .ip_authenticated.yaml show? Have you enabled debug mode for the component? Mine is working as expected here.

DavidFW1960 commented 3 years ago

assuming yoy enabled logging as per the instructions?

logger:
  default: warn  #warn
  logs:
    custom_components.sensor.authenticated: debug
stbeep1 commented 3 years ago

what does the file .ip_authenticated.yaml show? Have you enabled debug mode for the component? Mine is working as expected here.

I deleted all text in .ip_authenticated.yaml before I restart my HA server. And I run the test again, still I don't get any notifications at all. Why ?

stbeep1 commented 3 years ago

Here is how I run the test and the result. I check config and restart my HA server. After that, I use ProtonVPN to access my HA server (from the HA app)(a few time on different IP/ different city). I waited for 30 sec and I didn't receive any login notifications (notifications inside the HA dashboard). I also use Surfshark VPN as an additional test, still I get the same result

I Verify that my ip address was changed every time

DavidFW1960 commented 3 years ago

DO YOU HAVE DEBUG LOGGING ENABLED AS PER MY POST????????

stbeep1 commented 3 years ago

DO YOU HAVE DEBUG LOGGING ENABLED AS PER MY POST????????

Yes I did

DavidFW1960 commented 3 years ago

Are you getting entries in the yaml file? Do you use a reverse proxy?

stbeep1 commented 3 years ago

Inside logs, I get this xtime WARNING (MainThread) [homeassistant.loader] You are using a custom integration for hacs which has not been tested by Home Assistant. This component might cause stability problems, be sure to disable it if you experience issues with Home Assistant.

DavidFW1960 commented 3 years ago

that warning is standard for custom components

stbeep1 commented 3 years ago

that warning is standard for custom components

I only saw that logs. There's nothing else.

DavidFW1960 commented 3 years ago

Are you getting entries in the yaml file? Do you use a reverse proxy?

stbeep1 commented 3 years ago

Are you getting entries in the yaml file? Do you use a reverse proxy?

What do you mean by entries in the yaml file? also, I am not sure what is a reverse proxy, but I use duckdns.

DavidFW1960 commented 3 years ago

I deleted all text in .ip_authenticated.yaml before I restart my HA server. And I run the test again, still I don't get any notifications at all. Why ?

stbeep1 commented 3 years ago

I deleted all text in .ip_authenticated.yaml before I restart my HA server. And I run the test again, still I don't get any notifications at all. Why ?

Yes I did that, just for testing purpose

DavidFW1960 commented 3 years ago

ARE THERE ANY ENTRIES IN IT!!!!!

stbeep1 commented 3 years ago

Yes there is ENTRIES in /config/.ip_authenticated.yaml. I see a lot.

DavidFW1960 commented 3 years ago

So then the component is recording new IP addresses... just not notifying you?

stbeep1 commented 3 years ago

So then the component is recording new IP addresses... just not notifying you?

Yes

DavidFW1960 commented 3 years ago

It will only notify the first time it gets a new address... it won't notify for ones it has seen before

stbeep1 commented 3 years ago

I know that, so I use ProtonVPN to get a new address everytime I run the test.

stbeep1 commented 3 years ago

Here is how I run the test and the result. I check config and restart my HA server. After that, I use ProtonVPN to access my HA server (from the HA app)(a few time on different IP/ different city). I waited for 30 sec and I didn't receive any login notifications (notifications inside the HA dashboard). I also use Surfshark VPN as an additional test, still I get the same result

I Verify that my ip address was changed every time

It will only notify the first time it gets a new address... it won't notify for ones it has seen before

DavidFW1960 commented 3 years ago

do you have a sensor to display the last IP in lovelace?

            entities:
              - sensor.last_successful_authentication
stbeep1 commented 3 years ago

Yes I have

DavidFW1960 commented 3 years ago

I Verify that my ip address was changed every time

doesn't mean it never saw that one before though

So that sensor should show you a multi coloured bar chart (different band for every new auth I only have one here cos I'm on my LAN at the moment but the other day when I was out I was getting other addresses image

stbeep1 commented 3 years ago

doesn't mean it never saw that one before though

No, I can verify that my ip address was changed every time, beacuse I will copy my IP address everytime I connect to a vpn server, I drop down the IP address to Notepad++.

DavidFW1960 commented 3 years ago

Please answer the question! What does the sensor show?

stbeep1 commented 3 years ago

Please answer the question! What does the sensor show?

It shows my VPN location ip address (Proton VPN)

DavidFW1960 commented 3 years ago

does the time match the last login/auth time?

stbeep1 commented 3 years ago

Yes

DavidFW1960 commented 3 years ago

is it always the same ip address from Proton?

stbeep1 commented 3 years ago

By the way I use duckdns to access my HA server when I am outside or inside my network, does it affect authenticated notifications?

DavidFW1960 commented 3 years ago

no duckdns has nothing to do with it If you use a reverse proxy it will never show the 'real' ip address either (unless you set the proxy up right)

Maybe try this

http:
  use_x_forwarded_for: true

in configuration.yaml

stbeep1 commented 3 years ago

is it always the same ip address from Proton?

No

stbeep1 commented 3 years ago

http:
  use_x_forwarded_for: true

May I ask what's this code for ?

DavidFW1960 commented 3 years ago

Normally with a proxy it will reveal the true IP address of an incoming connection instead of the IP address of the proxy.

stbeep1 commented 3 years ago

Normally with a proxy it will reveal the true IP address of an incoming connection instead of the IP address of the proxy.

I don't use any proxy.

stbeep1 commented 3 years ago

http:
  use_x_forwarded_for: true

@DavidFW1960 May I ask what's this code for ?

DavidFW1960 commented 3 years ago

I answered that the first time you asked it yesterday. Did you try it?

stbeep1 commented 3 years ago

I answered that the first time you asked it yesterday. Did you try it?

http: use_x_forwarded_for: true

Tried, still not getting notifications!

phixion commented 3 years ago

Google it… like I said Google publishes their IP address ranges… they are not secret..

Did you find Google assistant server's IP address from Google's official website? Cloud you please paste the URL here, thanks! I can only find it through some unknown website. 😢

you can pull that from:

curl --dns-servers 8.8.8.8 https://www.gstatic.com/ipranges/cloud.json

or

dig @8.8.8.8 +short txt _cloud-netblocks.googleusercontent.com | sed 's/"//g; s/ip4://g; s/ip6://g;' | tr ' ' '\n' | grep include | cut -d ':' -f2 | xargs dig @8.8.8.8 +short txt | sed 's/"//g; s/ip4://g; s/ip6://g;' | tr ' ' '\n' | grep '/'

and then narrow it down to your needs/location, which makes the json probably the better choice to work with