Closed HeedfulCrayon closed 3 years ago
Jc2k
commented
4 years ago @HeedfulCrayon when you create a new issue GitHub should show you a template that you are supposed to fill in. Can you update your ticket to fill it in with the details it asks for. Thanks.
HeedfulCrayon
commented
4 years ago @Jc2k Sorry, for some reason when I first created this, it didn't show the template. I have updated it now
Martinvdm
commented
4 years ago same issue, but i'am not sure, but it has worked before
escoand
commented
4 years ago The timeout is currently set to 1 second. Hard to imagine the packets are longer on the way in the local network. I think you would have more problems. But anyway you could try to increase the timeout in homeassistant/components/samsungtv/bridge.py (search for CONF_TIMEOUT).
HeedfulCrayon
commented
4 years ago The timeout is currently set to 1 second. Hard to imagine the packets are longer on the way in the local network. I think you would have more problems. But anyway you could try to increase the timeout in
homeassistant/components/samsungtv/bridge.py(search for CONF_TIMEOUT).
@escoand You are correct. I just tried it with a significantly longer timeout, and the connection still instantly closes. So it must be something else
HeedfulCrayon
commented
4 years ago Has anyone had time to look at this issue?
escoand
commented
4 years ago @HeedfulCrayon You have a VLAN, you have a Samsung TV, you could be the right person to fix this ;-)
HeedfulCrayon
commented
4 years ago @escoand I have no python experience is the problem. If anyone has ideas I can try, I can try them
stale[bot]
commented
4 years ago There hasn't been any activity on this issue recently. Due to the high number of incoming GitHub notifications, we have to clean some of the old issues, as many of them have already been resolved with the latest updates. Please make sure to update to the latest Home Assistant version and check if that solves the issue. Let us know if that works for you by adding a comment 👍 This issue now has been marked as stale and will be closed if no further activity occurs. Thank you for your contributions.
HeedfulCrayon
commented
4 years ago This is still an issue. Updated to 0.114.4 and it still instantly fails when trying to connect to the TV on a separate VLAN
escoand
commented
4 years ago @HeedfulCrayon You have a VLAN, you have a Samsung TV, you could be the right person to fix this ;-)
lambtho12
commented
4 years ago I do not know if Samsung integration has ever worked with VLANs, but it seems that in general there are issues with Samsung TVs on separate VLANs.
See this post about casting from a phone across VLANs, or this one. Maybe the issue is with Samsung itself and not the integration.
HeedfulCrayon
commented
4 years ago @lambtho12 The samsung integration uses the API, not casting capabilities. Besides, casting capabilities on unifi are the issue in that thread, not the samsung TV
wisdomdevil
commented
3 years ago I have same issue, when I use across VLAN to wifi network and LAN network,my HA don't see Samsung Q60R but when it in one vlan(I checked in native), HA successfully connected to Samsung Q60R.
I tried mani integrations, official and not official, result same
escoand
commented
3 years ago Sorry guys, my private life is quite demanding at the moment. I wont have the time in the near future for long debugging and coding sessions. I could maybe review some code or give comments, but don't expect more.
So I would encourage everybody to look deeper into the code and try to find the fix. I was at the same point some time ago. There was a some kind of working samsungtv integration and I started to hack it.
Martinvdm
commented
3 years ago Most of the time this is an issue with mdns
Josverl
commented
3 years ago Assuming this is dependent on mdns , it will not work across vlans per mdns design, unless you set up a mdns reflector or repeater on a router that is connecting the vlans.
frenck
commented
3 years ago Running more advanced network setups, like using VLANs, often involve configuring things like mDNS reflectors/repeaters or IGMP proxies to make these things work (and that is not just this Samsung integration).
This is not really a Home Assistant issue, to be honest, this is a design/networking issues on the user end. Therefore I think this issue should be closed.
PrplHaz4
commented
3 years ago SSDP (and therefore the Samsung TV integration) relies on multicast for discovery, so will likely not work across a VLAN without a a network-specific configuration.
http://help.airtame.com/en/articles/1257772-set-up-auto-discovery-multicast-routing-between-vlans
HeedfulCrayon
commented
3 years ago @frenck @PrplHaz4 @Josverl that makes sense because I have a Unifi Dream Machine which has issues with mDNS not having the repeater, just a reflector
owlcall
commented
3 years ago @HeedfulCrayon your problem has nothing to do with mdns (mdns is hardly even relevant to your problem, you're not autodiscovering), and your problem has nothing to do with VLANs - but everything to do with your TV and how it handles websockets across subnets (spoiler: evidently it doesn't handle them well).
I have a similar TV (UN50KU6300) and worked around this issue today. Posting a solution here since I can't be the only one who stumbled upon this issue looking for an answer.
Scouring online, I read somewhere a remark that it's the TV that's unable/refusing to communicate using websockets across subnets, rather than the client having issues or network being unable to route traffic. So, having HA on subnet_1 (vlan_1) and TV on subnet_2 (vlan2), I proceed as follows:
Hypothesis: the TV is unable to communicate using websockets across subnets
Solution: install a server running nginx proxy (port 8001 -> tv:8001 and port 8002 -> tv:8002) on the same subnet/VLAN as your TV (subnet_2/vlan_2). Then from home assistant, during your TV integration setup - use your proxy server IP instead of the TV IP. Theory is that the TV shouldn't have issues talking back to the proxy on the same subnet, and everything should work out fine between proxy and the client being on different subnets because nginx isn't handicapped like the Samsung TVs are.
The path looks like this: HA[subnet_1] <--> NGINX[subnet_2] <--> TV[subnet_2]
Turns out it works exceptionally well, and validates the hypothesis. I am able to add the TV and am able to manipulate it, while HA and TV run on different subnets and different VLANs.
If you use other integrations/protocols/ports for communication with your TV - you may need to change your proxy accordingly.
I have only touched nginx a handful of times before, so the following config may not be ideal but it solves the problem and seems rather conservative (remember to replace IP_OF_YOUR_TV):
http {
map $http_upgrade $connection_upgrade {
default upgrade;
'' close;
}
upstream websocket {
server IP_OF_YOUR_TV:8001;
server IP_OF_YOUR_TV:8002;
}
server {
listen 8001;
listen 8002;
location / {
proxy_pass http://websocket;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
proxy_set_header Host $host;
}
}
}Good luck.
HeedfulCrayon
commented
3 years ago Never thought to run a proxy, that is a good idea. I just put home assistant on both subnets and it fixed the issue
motarek17
commented
3 years ago Hi, I have the same issue, would you mind elaborating on putting home assistant on both subnets? do you mean a two ha instances?
HeedfulCrayon
commented
3 years ago 
Using proxmox I was able to have the home assistant nic be on both subnets (LAN untagged and IoT tagged)
Home assistant needs to then be configured to use both LAN address and IoT address. I don't have the write up handy, but you should be able to find it on the home assistant forums
rundqvist
commented
2 years ago I can't get this to work. Could I please ask for some advice on how to debug this? (@owlcall or anyone else who have got this to work)
Setup: I have HA running on ip 192.168.0.40, the Nginx-proxy on 192.168.30.200 and my Samsung TV on 192.168.30.100. I am using the exact http-config suggested above (with 'IP_OF_YOUR_TV' replaced with '192.168.30.100'), but HA-logs says "Working but unsupported config"
Home Assistant log:
2021-12-11 15:44:34 DEBUG (SyncWorker_3) [homeassistant.components.samsungtv] Try config: {'name': 'HomeAssistant', 'description': 'HomeAssistant', 'id': 'ha.component.samsung', 'host': '192.168.30.200', 'method': 'legacy', 'port': None, 'timeout': 31}
2021-12-11 15:44:34 DEBUG (SyncWorker_3) [homeassistant.components.samsungtv] Failing config: {'name': 'HomeAssistant', 'description': 'HomeAssistant', 'id': 'ha.component.samsung', 'host': '192.168.30.200', 'method': 'legacy', 'port': None, 'timeout': 31}, error: [Errno 111] Connection refused
2021-12-11 15:44:34 DEBUG (SyncWorker_3) [homeassistant.components.samsungtv] Try config: {'name': 'HomeAssistant', 'host': '192.168.30.200', 'method': 'websocket', 'port': 8002, 'timeout': 31}
2021-12-11 15:44:34 DEBUG (SyncWorker_3) [homeassistant.components.samsungtv] Failing config: {'name': 'HomeAssistant', 'host': '192.168.30.200', 'method': 'websocket', 'port': 8002, 'timeout': 31}, error: [SSL: WRONG_VERSION_NUMBER] wrong version number (_ssl.c:1129)
2021-12-11 15:44:34 DEBUG (SyncWorker_3) [homeassistant.components.samsungtv] Try config: {'name': 'HomeAssistant', 'host': '192.168.30.200', 'method': 'websocket', 'port': 8001, 'timeout': 31}
2021-12-11 15:45:05 DEBUG (SyncWorker_3) [homeassistant.components.samsungtv] Working but unsupported config: {'name': 'HomeAssistant', 'host': '192.168.30.200', 'method': 'websocket', 'port': 8001, 'timeout': 31}, error: timed outNginx error log (debug)
2021/12/11 15:44:34 [info] 48#48: *1 client sent invalid method while reading client request line, client: 192.168.0.40, server: , request: "?vD?k0!\?KR1 ??P"
2021/12/11 15:44:34 [info] 48#48: *1 recv() failed (104: Connection reset by peer) while reading client request line, client: 192.168.0.40, server: , request: "?vD?k0!\?KR1 ??P"Nginx access log
192.168.0.40 - - [11/Dec/2021:15:44:34 +0100] "\x16\x03\x01\x02\x00\x01\x00\x01\xFC\x03\x03\x12vD\x7F\x8Fk0!\x5C\xABKR\x07\x0F1 \xBE\x06\xD7\xAE\xEF\x9AP" 400 157 "-" "-"
192.168.0.40 - - [11/Dec/2021:15:45:05 +0100] "GET /api/v2/channels/samsung.remote.control?name=SG9tZUFzc2lzdGFudA== HTTP/1.1" 101 4 "-" "-"Full Nginx config:
worker_processes 1;
error_log /var/log/error.log;
pid /run/nginx.pid;
worker_rlimit_nofile 8192;
daemon off;
events {
worker_connections 4096;
}
http {
map $http_upgrade $connection_upgrade {
default upgrade;
'' close;
}
upstream websocket {
server 192.168.30.100:8001;
server 192.168.30.100:8002;
}
server {
listen 8001;
listen 8002;
location / {
proxy_pass http://websocket;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
proxy_set_header Host $host;
}
}
}@rundqvist the config I posted works only if you have already "paired" the devices with HA; for discovery, you will need one more port, I'll try to find it (migrated my configs and haven't restored them yet, so I'm unable to look it up).
If you use tcpdump you'll quickly be able to identify the port. Will see if I can restore the old server and extract the nginx config. Will post here if I'm successful, but don't let that stop you from using tcpdump :)
owlcall
commented
2 years ago @rundqvist here you go:
Add the following server to your http config (to exist alongside your existing server):
server {
listen 9197;
location / {
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
proxy_set_header Host $host;
proxy_pass http://192.168.30.100:9197;
}
}Note that I already filled in the IP address of your TV into the config.
This should resolve the issues concerning HA discovering the TV when adding the integration.
dracoqcca
commented
2 years ago @owlcall I've try to have a docker on the same VLAN as the tv and I'm not able to make it work. I have QN70Q6DTAFXZC so model of 2021 at Costco but i'm not able to mak it work. I've try to to tcpdump (i'm not good in analysis those though) and find out that the port for first commnunication port changed in the newer model and seems to be 55000 but even though I've changed the port in the configuration you'Ve posted from 9197 to 55000 but it's not working. Could you help me figure it out? I've try to add a docker of a new instance of Home assistant in the same subnet and then do tcpdump on that instance. What I can see it seems that now that the communication seems to be SSL. When I analyse with wireshark I see some TLS 1.2 packet. Maybe the work around will no longer work, I'm not an expert in NGINX configuration either so maybe a configuration issue there but if you could help me it will be great. Let me know what kind of log you need and I will provide it to you.
Thanks Jo
owlcall
commented
2 years ago If you’re unable to make it work on the same subnet then you’re facing a separate problem and an nginx proxy isn’t going to do anything.
I’d suggest focusing on finding the configuration that works with home assistant in the same subnet first, before attempting to proxy traffic between subnets/vlans.
If you have issues making it work in this base configuration - please reach out to whomever maintains the Samsung tv integration to see if they can assist; it’s beyond the scope of the workaround suggested here.
Once you get it to work, move to a different subnet but don’t change any ports, see if it works. If it doesn’t, then return to this workaround (you may want to look through the integration code to see which ports your integration uses and adjust accordingly).
Good luck.
On Fri, Feb 4, 2022 at 21:24 dracoqcca @.***> wrote:
@owlcall https://github.com/owlcall I've try to have a docker on the same VLAN as the tv and I'm not able to make it work. I have QN70Q6DTAFXZC so model of 2021 at Costco but i'm not able to mak it work. I've try to to tcpdump (i'm not good in analysis those though) and find out that the port for first commnunication port changed in the newer model and seems to be 55000 but even though I've changed the port in the configuration you'Ve posted from 9197 to 55000 but it's not working. Could you help me figure it out? I've try to add a docker of a new instance of Home assistant in the same subnet and then do tcpdump on that instance. What I can see it seems that now that the communication seems to be SSL. When I analyse with wireshark I see some TLS 1.2 packet. Maybe the work around will no longer work, I'm not an expert in NGINX configuration either so maybe a configuration issue there but if you could help me it will be great. Let me know what kind of log you need and I will provide it to you.
Thanks Jo
— Reply to this email directly, view it on GitHub https://github.com/home-assistant/core/issues/35049#issuecomment-1030530576, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAB2ZWPWO3Z5HTELG3GJAVDUZSYB3ANCNFSM4MXLYTOA . Triage notifications on the go with GitHub Mobile for iOS https://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675 or Android https://play.google.com/store/apps/details?id=com.github.android&referrer=utm_campaign%3Dnotification-email%26utm_medium%3Demail%26utm_source%3Dgithub.
You are receiving this because you were mentioned.Message ID: @.***>
dracoqcca
commented
2 years ago If you’re unable to make it work on the same subnet then you’re facing a separate problem and an nginx proxy isn’t going to do anything. I’d suggest focusing on finding the configuration that works with home assistant in the same subnet first, before attempting to proxy traffic between subnets/vlans. If you have issues making it work in this base configuration - please reach out to whomever maintains the Samsung tv integration to see if they can assist; it’s beyond the scope of the workaround suggested here. Once you get it to work, move to a different subnet but don’t change any ports, see if it works. If it doesn’t, then return to this workaround (you may want to look through the integration code to see which ports your integration uses and adjust accordingly). Good luck. … On Fri, Feb 4, 2022 at 21:24 dracoqcca @.> wrote: @owlcall https://github.com/owlcall I've try to have a docker on the same VLAN as the tv and I'm not able to make it work. I have QN70Q6DTAFXZC so model of 2021 at Costco but i'm not able to mak it work. I've try to to tcpdump (i'm not good in analysis those though) and find out that the port for first commnunication port changed in the newer model and seems to be 55000 but even though I've changed the port in the configuration you'Ve posted from 9197 to 55000 but it's not working. Could you help me figure it out? I've try to add a docker of a new instance of Home assistant in the same subnet and then do tcpdump on that instance. What I can see it seems that now that the communication seems to be SSL. When I analyse with wireshark I see some TLS 1.2 packet. Maybe the work around will no longer work, I'm not an expert in NGINX configuration either so maybe a configuration issue there but if you could help me it will be great. Let me know what kind of log you need and I will provide it to you. Thanks Jo — Reply to this email directly, view it on GitHub <#35049 (comment)>, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAB2ZWPWO3Z5HTELG3GJAVDUZSYB3ANCNFSM4MXLYTOA . Triage notifications on the go with GitHub Mobile for iOS https://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675 or Android https://play.google.com/store/apps/details?id=com.github.android&referrer=utm_campaign%3Dnotification-email%26utm_medium%3Demail%26utm_source%3Dgithub. You are receiving this because you were mentioned.Message ID: @.>
Hi,
sorry if I miss explain myself. Home assistant on the same subnet is working fine directly on the TV but when I try through the reverse proxy it says unsupported tv model. If I try to go to the url on my computer throught the reverse proxy I see the pop up on the tv to authorised the connection. So I'm confuse there. With a TCP dump the difference that I've seen it's communicating in TLS 1.2 at some point on the TV directly but not on the reverse proxy. Do you know how can I pass through the communication in TLS using NGINX? Thanks for your help.
Idan37S
commented
2 years ago For those using PfSense (or any other pro router), Look at this thread for Masquerading: https://github.com/rytilahti/python-miio/issues/422
It solved all my problems with Samsung TVs in a different VLAN than my HA.
dracoqcca
commented
2 years ago Thank you @Idan37S it solve my issue on my EdgeRouter X
using what it proveded there and adjust it for my need in Outbound Interface I've put switch0.200 (vlan where my Samsung TV is) and adjust my ip addresses.
For those using PfSense (or any other pro router), Look at this thread for Masquerading: rytilahti/python-miio#422
It solved all my problems with Samsung TVs in a different VLAN than my HA.
rosscullen
commented
2 years ago Thank you @Idan37S it solve my issue on my EdgeRouter X
using what it proveded there and adjust it for my need in Outbound Interface I've put switch0.200 (vlan where my Samsung TV is) and adjust my ip addresses.
For those using PfSense (or any other pro router), Look at this thread for Masquerading: rytilahti/python-miio#422 It solved all my problems with Samsung TVs in a different VLAN than my HA.
Worked for me too on Ubiquiti EdgeRouter Lite... thanks for sharing!
epenet
commented
2 years ago I have created a documentation PR: https://github.com/home-assistant/home-assistant.io/pull/22019 If you think that section could be improved upon, then I suggest you open a follow-up PR.
systemofapwne
commented
1 year ago @HeedfulCrayon your problem has nothing to do with mdns (mdns is hardly even relevant to your problem, you're not autodiscovering), and your problem has nothing to do with VLANs - but everything to do with your TV and how it handles websockets across subnets (spoiler: evidently it doesn't handle them well).
I have a similar TV (UN50KU6300) and worked around this issue today. Posting a solution here since I can't be the only one who stumbled upon this issue looking for an answer.
Scouring online, I read somewhere a remark that it's the TV that's unable/refusing to communicate using websockets across subnets, rather than the client having issues or network being unable to route traffic. So, having HA on subnet_1 (vlan_1) and TV on subnet_2 (vlan2), I proceed as follows:
Hypothesis: the TV is unable to communicate using websockets across subnets
Solution: install a server running nginx proxy (port 8001 -> tv:8001 and port 8002 -> tv:8002) on the same subnet/VLAN as your TV (subnet_2/vlan_2). Then from home assistant, during your TV integration setup - use your proxy server IP instead of the TV IP. Theory is that the TV shouldn't have issues talking back to the proxy on the same subnet, and everything should work out fine between proxy and the client being on different subnets because nginx isn't handicapped like the Samsung TVs are.
The path looks like this: HA[subnet_1] <--> NGINX[subnet_2] <--> TV[subnet_2]
Turns out it works exceptionally well, and validates the hypothesis. I am able to add the TV and am able to manipulate it, while HA and TV run on different subnets and different VLANs.
If you use other integrations/protocols/ports for communication with your TV - you may need to change your proxy accordingly.
I have only touched nginx a handful of times before, so the following config may not be ideal but it solves the problem and seems rather conservative (remember to replace IP_OF_YOUR_TV):
http { map $http_upgrade $connection_upgrade { default upgrade; '' close; } upstream websocket { server IP_OF_YOUR_TV:8001; server IP_OF_YOUR_TV:8002; } server { listen 8001; listen 8002; location / { proxy_pass http://websocket; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection $connection_upgrade; proxy_set_header Host $host; } } }Good luck.
I agree on this assesment: Today, I wanted to control my Samsung QN85A via an ioBroker plugin (https://github.com/dahuby/iobroker.samsung_tizen) and fell for the same trap.
Conclusion: Samungs locks down any API access (for security reasons I guess), which arises not from the same network segment. Your solution with a Proxy is beautiful and simple. I however was just shifting the ioBroker plugin to a satellite instance of ioBroker on a RasPi, which also lives in the IoT network, using that guy as some sort of proxy. Now everything works.
nesbeal
commented
1 year ago Hello,
If you have a Unifi UDM:
1- Backup your UDM
2- log in (as root).
3- Switch to shell mode with the command: unifi-os shell
4- download the utility allowing the execution of script at the start of the UDM:
curl -L https://udm-boot.boostchicken.dev -o udm-boot_1.0.5_all.deb
5- install the utility and exit shell mode:
dpkg -i udm-boot_1.0.5_all.deb
exit
6- Check the presence of the on_boot.d folder in /mnt/data
7- Create the script (.sh extension) in the on_boot.d folder:
vi iptables_tvsamsung.sh
Inside :
#!/bin/sh
iptables -t nat -A POSTROUTING -s IP_OF_YOUR_HA -d IP_OF_YOUR_TV -j MASQUERADE
Save and exit: Esc key then :wq!
Give the rights and make it executable:
chmod 775 iptables_tvsamsung.sh
Restart the UDM:
reboot
systemofapwne
commented
1 year ago Hello, If you have a Unifi UDM: 1- Backup your UDM 2- log in (as root). 3- Switch to shell mode with the command:
unifi-os shell4- download the utility allowing the execution of script at the start of the UDM:curl -L https://udm-boot.boostchicken.dev -o udm-boot_1.0.5_all.deb5- install the utility and exit shell mode:dpkg -i udm-boot_1.0.5_all.debexit6- Check the presence of theon_boot.dfolder in/mnt/data7- Create the script (.sh extension) in theon_boot.dfolder:vi iptables_tvsamsung.shInside :#!/bin/shiptables -t nat -A POSTROUTING -s IP_OF_YOUR_HA -d IP_OF_YOUR_TV -j MASQUERADESave and exit: Esc key then:wq!Give the rights and make it executable:chmod 775 iptables_tvsamsung.shRestart the UDM:reboot
This is even more minimalistic & beautiful: Tricking the TV into thinking, it speaks with an IP from the same net-segment by using NAT. I replicated something similar with my pfSense Firewall.
Navigate to Firewall/NAT/Outbound and create a new rule (assuming, you use "Hybrid Outbound NAT rule generation")
All settings in the rule look like this:
The "IOT" interface is my VLAN "100" for IoT devices, supplying this network: 10.100.100.0/24
The network "Network_Private" is an alias to my "private network" for trusted devices. IP Range is 192.168.0.0/24
The network "Network_SamsungTVs" is an alias to IPs of Samsung TVs living in the IoT Network (currently just one): 10.100.100.40
Running a pairing request from my private network to the TV in the IoT network now works:
pepsonEL
commented
1 year ago @HeedfulCrayon can you describe step by step how you resolved this problem... I search solution....
pepsonEL
commented
1 year ago @HeedfulCrayon your problem has nothing to do with mdns (mdns is hardly even relevant to your problem, you're not autodiscovering), and your problem has nothing to do with VLANs - but everything to do with your TV and how it handles websockets across subnets (spoiler: evidently it doesn't handle them well).
I have a similar TV (UN50KU6300) and worked around this issue today. Posting a solution here since I can't be the only one who stumbled upon this issue looking for an answer.
Scouring online, I read somewhere a remark that it's the TV that's unable/refusing to communicate using websockets across subnets, rather than the client having issues or network being unable to route traffic. So, having HA on subnet_1 (vlan_1) and TV on subnet_2 (vlan2), I proceed as follows:
Hypothesis: the TV is unable to communicate using websockets across subnets
Solution: install a server running nginx proxy (port 8001 -> tv:8001 and port 8002 -> tv:8002) on the same subnet/VLAN as your TV (subnet_2/vlan_2). Then from home assistant, during your TV integration setup - use your proxy server IP instead of the TV IP. Theory is that the TV shouldn't have issues talking back to the proxy on the same subnet, and everything should work out fine between proxy and the client being on different subnets because nginx isn't handicapped like the Samsung TVs are.
The path looks like this: HA[subnet_1] <--> NGINX[subnet_2] <--> TV[subnet_2]
Turns out it works exceptionally well, and validates the hypothesis. I am able to add the TV and am able to manipulate it, while HA and TV run on different subnets and different VLANs.
If you use other integrations/protocols/ports for communication with your TV - you may need to change your proxy accordingly.
I have only touched nginx a handful of times before, so the following config may not be ideal but it solves the problem and seems rather conservative (remember to replace IP_OF_YOUR_TV):
http { map $http_upgrade $connection_upgrade { default upgrade; '' close; } upstream websocket { server IP_OF_YOUR_TV:8001; server IP_OF_YOUR_TV:8002; } server { listen 8001; listen 8002; location / { proxy_pass http://websocket; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection $connection_upgrade; proxy_set_header Host $host; } } }Good luck.
Can you show in GUI Nginx how setup it ?
brettinternet
commented
8 months ago Here's one way to solve this issue for those using a firewall like opnsense/pfsense:
https://github.com/home-assistant/home-assistant.io/pull/23714/files
alimdi
commented
4 months ago Hi, I came across the same problem and was happy to find this post to understand how HA and the TV communicates. Instead of using nginx as a proxy between the 2 vlans, I preferred to use NAT with nftables and I'm sharing the configuration Let's say HA is 192.168.1.2 and the TV 192.168.2.2 and having a linux router witch nftables and having an ip on both networks, one them is eth0 with an ip 192.168.2.1 In nftables (on the router) create a postrouting chain
table ip nat {
chain postrouting {
type nat hook postrouting priority 100; policy accept;
ip saddr 192.168.1.2 ip daddr 192.168.2.2 oifname eth0 masquerade
}
}
gmcinalli
commented
2 months ago For those with Ubiquiti devices: it seems that is now possible to masquerade NAT with the new version of Network Application. But I haven’t tried it yet.
voc0der
commented
2 months ago For those with Ubiquiti devices: it seems that is now possible to masquerade NAT with the new version of Network Application. But I haven’t tried it yet.
Been following when this gets to stable to give it a shot. So far, it appears to be working for my TV.
markgaze
commented
2 months ago For those with Ubiquiti devices: it seems that is now possible to masquerade NAT with the new version of Network Application. But I haven’t tried it yet. community.ui.com/releases/UniFi-Network-Application-8-3-32/54f3b506-afcf-4a7c-aba6-01a884dd9003
Been following when this gets to stable to give it a shot. So far, it appears to be working for my TV.
Trying to set this up too, just wondering what the IPs are as it didn't work for me! Is one of them Home Assistant and the other the TV? If so, which way round is it? Thanks in advance!
voc0der
commented
2 months ago Pictured, source (10.2.3.50) is my HomeAssistant box, and of course, 10.2.6.20 is the Samsung TV.
markgaze
commented
2 months ago Pictured, source (10.2.3.50) is my
HomeAssistantbox, and of course, 10.2.6.20 is the Samsung TV.
Great stuff, thank you! If anyone else comes here for the same setup, I had the Interface incorrect, it needs to be the one that the TV is on rather that HA 🙂
gmcinalli
commented
2 months ago Works like a charm! 🚀
crack-kitty
commented
1 week ago Navigate to Firewall/NAT/Outbound and create a new rule (assuming, you use "Hybrid Outbound NAT rule generation")
I started down NAT, mDNS, all the firewall rules... over complicated. however, IF you have: 1) proxmox 2) HA running as a VM in pmox
The solution from @HeedfulCrayon works perfectly.
Add 2nd network to VM, tag your vlan. Restart the host (not just HA) Navigate to settings, system, network where you will see "Configure network interfaces" you should now have 2 entries with ENPXXXX click the 3 dots, IP Information check to see if the IP address is as expected... if not, click the other ENP (click 3 dots etc). (optional: if you have pfsense or alternate go set yourself a static map for the IP address, then restart home assistant)
proceed back to integrations, add (recommend the API token) worked perfectly for me.
(if you don't have 1 and 2 above, then I think the proxy idea is awesome).
kitkat270
commented
5 days ago Pictured, source (10.2.3.50) is my
HomeAssistantbox, and of course, 10.2.6.20 is the Samsung TV.Great stuff, thank you! If anyone else comes here for the same setup, I had the
Interfaceincorrect, it needs to be the one that the TV is on rather that HA 🙂
Brilliant, thank you. Been fiddling with masquarade rules for a little while, but didn't quite get it right until I read these posts.
The problem
I recently bought a router that supports VLANs, so I have segregated my network using VLANs and firewall rules to allow home assistant to communicate with all devices freely, but devices on a different subnet cannot initiate connection. Since I have done so, all of my integrations have been working except for the Samsung Smart TV integration. When I try to set up this integration in the UI, it immediately says "Unable to connect to this device", and I believe this is an issue of connection timeout because of the process of traversing VLANs to make the websocket handshake. This is just speculation as I have not tested this, however I have found that my Home Assistant can access the rest API using
http://192.168.107.11:8001/api/v2My home assistant is on the
192.168.0.0/24VLAN and the Samsung TV is on the192.168.107.0/24VLANEnvironment
Problem-relevant
configuration.yamlAttempted to using the integration via the UI with the same result.
Traceback/Error logs
Additional information
The rules in my firewall allow connections on any port from my
192.168.0.0/24VLAN to the192.168.107.0/24VLAN. I have also tried setting the firewall rules so that just my TV (192.168.107.11) can connect to my home assistant (192.168.0.26) to no avail. I have set up my network to broadcast mDNS, and since doing so, all my chromecast devices function just fine, it's just the TV that is not working. The TV Model is UN65KU6300