Freebox : ClientConnectorError while setup when router is in bridge mode

[Marsu31]

The problem

I switched my freebox to bridge mode. The freebox integration stopped working from this instant. I tried to create a new fresh configuration but I doesn't work anymore.

What is version of Home Assistant Core has the issue?

core-2021.5.5

What was the last working version of Home Assistant Core?

core-2021.5.5

What type of installation are you running?

Home Assistant Container

Integration causing the issue

freebox

Link to integration documentation on our website

https://www.home-assistant.io/integrations/freebox/

Example YAML snippet

No response

Anything in the logs that might be useful for us?

Nothing in the logs.
But this error message when I click "Soumettre" :
 Erreur inconnue: veuillez réessayer plus tard

Additional information

No response

[probot-home-assistant[bot]]

freebox documentation freebox source _{^{(message by IssueLinks)}}

[flifloo]

Hi,

I also have a Freebox in bridge mode and the integration can't be added.

After allowing Home Assistant in the Freebox Pop I get Failed to connect.

My logs:

Logger: homeassistant.components.freebox.config_flow
Source: components/freebox/config_flow.py:94
Integration: Freebox (documentation, issues)
First occurred: 10:51:14 PM (14 occurrences)
Last logged: 11:03:31 PM

Error connecting to the Freebox router at NOPE.fbxos.fr

[fredleger]

Same here.

Model: freebox v4 with dual stack ip Traces:

from home-assistant inside my network: KO

curl -v4 https://xxxxxxxxxxxx.fbxos.fr:42747
*   Trying 82.65.xxx.xxx:42747...
* connect to 82.65.xxx.xxx port 42747 failed: Connection refused
* Failed to connect to xxxxxxxxxxxx.fbxos.fr port 42747: Connection refused
* Closing connection 0
curl: (7) Failed to connect to xxxxxx.fbxos.fr port 42747: Connection refused

from outside my network (server on OVH): OK

curl -v4k https://xxxxxxxx.fbxos.fr:42747
* Rebuilt URL to: https://xxxxxxxx.fbxos.fr:42747/
* Hostname was NOT found in DNS cache
*   Trying 82.65.xxx.xxx...
* Connected to xxxxxxxx.fbxos.fr (82.65.xxx.xxx) port 42747 (#0)
* successfully set certificate verify locations:
*   CAfile: none
  CApath: /etc/ssl/certs
* SSLv3, TLS handshake, Client hello (1):
* SSLv3, TLS handshake, Server hello (2):
* SSLv3, TLS handshake, CERT (11):
* SSLv3, TLS handshake, Server key exchange (12):
* SSLv3, TLS handshake, Server finished (14):
* SSLv3, TLS handshake, Client key exchange (16):
* SSLv3, TLS change cipher, Client hello (1):
* SSLv3, TLS handshake, Finished (20):
* SSLv3, TLS change cipher, Client hello (1):
* SSLv3, TLS handshake, Finished (20):
* SSL connection using TLSv1.2 / ECDHE-RSA-AES256-GCM-SHA384
* Server certificate:
*        subject: C=FR; CN=xxxxxxxx.fbxos.fr
*        start date: 2021-05-23 02:54:41 GMT
*        expire date: 2021-08-21 02:59:41 GMT
*        issuer: C=FR; ST=France; O=Freebox; CN=Freebox Intermediate CA
*        SSL certificate verify result: unable to get local issuer certificate (20), continuing anyway.
> GET / HTTP/1.1
> User-Agent: curl/7.38.0
> Host: xxxxxxxx.fbxos.fr:42747
> Accept: */*
> 
< HTTP/1.1 302 Found
* Server nginx is not blacklisted
< Server: nginx
< Date: Wed, 04 Aug 2021 13:16:44 GMT
< Content-Type: text/html; charset=utf-8
< Content-Length: 0
< Connection: keep-alive
< Location: /login.php
< Expires: Wed, 04 Aug 2021 13:16:43 GMT
< Cache-Control: no-cache
< Cache-Control: must-revalidate,no-store
< 
* Connection #0 to host xxxxxxxx.fbxos.fr left intact

Conclusion: Seems that api port is not available from inside your network once in bridge mode. I suspect a hairpin nat issue here.

@flifloo @Marsu31 can you confirm you got the same behavior ?

[Marsu31]

Not the same from inside :

$ curl --trace - -4 -k --ssl-reqd https://[my host name].fbxos.fr:[my admin port]
== Info:   Trying [my IP address]:[my admin port]...
== Info: TCP_NODELAY set
== Info: connect to [my IP address] port [my admin port] failed: Connexion terminée par expiration du délai d'attente
== Info: Failed to connect to [my host name].fbxos.fr port [my admin port]: Connexion terminée par expiration du délai d'attente
== Info: Closing connection 0
curl: (28) Failed to connect to [my host name].fbxos.fr port [my admin port]: Connexion terminée par expiration du délai d'attente

[ravens]

I have a similar issue as well (bridge mode, dual stack, revolution v6):

2021-09-21 16:41:10 ERROR (MainThread) [homeassistant.components.freebox.config_flow] Unknown error connecting with Freebox router at XXXXXX.fbxos.fr
Traceback (most recent call last):
File "/usr/local/lib/python3.9/site-packages/aiohttp/connector.py", line 969, in _wrap_create_connection
return await self._loop.create_connection(*args, **kwargs) # type: ignore # noqa
File "/usr/local/lib/python3.9/asyncio/base_events.py", line 1056, in create_connection
raise exceptions[0]
File "/usr/local/lib/python3.9/asyncio/base_events.py", line 1041, in create_connection
sock = await self._connect_sock(
File "/usr/local/lib/python3.9/asyncio/base_events.py", line 955, in _connect_sock
await self.sock_connect(sock, address)
File "/usr/local/lib/python3.9/asyncio/selector_events.py", line 502, in sock_connect
return await fut
File "/usr/local/lib/python3.9/asyncio/selector_events.py", line 537, in _sock_connect_cb
raise OSError(err, f'Connect call failed {address}')
ConnectionRefusedError: [Errno 111] Connect call failed ('PUBLICIPV4FREEBOX', 1234)
aiohttp.client_exceptions.ClientConnectorError: Cannot connect to host XXXXXX.fbxos.fr:1234 ssl:default [Connect call failed ('PUBLICIPV4FREEBOX', 1234)]

However from a computer in the network:

❯ curl -k6 https://XXXXXX.fbxos.fr:1234
<!DOCTYPE HTML>
❯ curl -k4 https://XXXXXX.fbxos.fr:1234
curl: (7) Failed to connect to XXXXXX.fbxos.fr port 1234: Connection refused
❯ curl -k https://PUBLICIPV4FREEBOX:1234
curl: (7) Failed to connect to PUBLICIPV4FREEBOX port 1234: Connection refused

My HA is running as a macvlan docker so it is only v4 atm, so it would explain I ended with a cannot connect call. Looks like this is an hairpin issue specific to IPv4 ?

[github-actions[bot]]

There hasn't been any activity on this issue recently. Due to the high number of incoming GitHub notifications, we have to clean some of the old issues, as many of them have already been resolved with the latest updates. Please make sure to update to the latest Home Assistant version and check if that solves the issue. Let us know if that works for you by adding a comment 👍 This issue has now been marked as stale and will be closed if no further activity occurs. Thank you for your contributions.

[fredleger]

Still up 😉

[github-actions[bot]]

There hasn't been any activity on this issue recently. Due to the high number of incoming GitHub notifications, we have to clean some of the old issues, as many of them have already been resolved with the latest updates. Please make sure to update to the latest Home Assistant version and check if that solves the issue. Let us know if that works for you by adding a comment 👍 This issue has now been marked as stale and will be closed if no further activity occurs. Thank you for your contributions.

[Marsu31]

Up.

[github-actions[bot]]

There hasn't been any activity on this issue recently. Due to the high number of incoming GitHub notifications, we have to clean some of the old issues, as many of them have already been resolved with the latest updates. Please make sure to update to the latest Home Assistant version and check if that solves the issue. Let us know if that works for you by adding a comment 👍 This issue has now been marked as stale and will be closed if no further activity occurs. Thank you for your contributions.

[lalexdotcom]

Same issue here in bridge mode. Since the box firmware is 4.6.4 , it may be caused by #69942 issue...

Traceback (most recent call last):
  File "/usr/local/lib/python3.10/site-packages/aiohttp/connector.py", line 986, in _wrap_create_connection
    return await self._loop.create_connection(*args, **kwargs)  # type: ignore[return-value]  # noqa
  File "/usr/local/lib/python3.10/asyncio/base_events.py", line 1064, in create_connection
    raise exceptions[0]
  File "/usr/local/lib/python3.10/asyncio/base_events.py", line 1049, in create_connection
    sock = await self._connect_sock(
  File "/usr/local/lib/python3.10/asyncio/base_events.py", line 960, in _connect_sock
    await self.sock_connect(sock, address)
  File "/usr/local/lib/python3.10/asyncio/selector_events.py", line 500, in sock_connect
    return await fut
  File "/usr/local/lib/python3.10/asyncio/selector_events.py", line 505, in _sock_connect
    sock.connect(address)
OSError: [Errno 101] Network unreachable

The above exception was the direct cause of the following exception:

Traceback (most recent call last):
  File "/usr/src/homeassistant/homeassistant/components/freebox/config_flow.py", line 75, in async_step_link
    await fbx.open(self._host, self._port)
  File "/usr/local/lib/python3.10/site-packages/freebox_api/aiofreepybox.py", line 83, in open
    self._access = await self._get_freebox_access(
  File "/usr/local/lib/python3.10/site-packages/freebox_api/aiofreepybox.py", line 162, in _get_freebox_access
    app_token, track_id = await self._get_app_token(base_url, app_desc, timeout)
  File "/usr/local/lib/python3.10/site-packages/freebox_api/aiofreepybox.py", line 226, in _get_app_token
    r = await self._session.post(url, data=data, timeout=timeout)
  File "/usr/local/lib/python3.10/site-packages/aiohttp/client.py", line 535, in _request
    conn = await self._connector.connect(
  File "/usr/local/lib/python3.10/site-packages/aiohttp/connector.py", line 542, in connect
    proto = await self._create_connection(req, traces, timeout)
  File "/usr/local/lib/python3.10/site-packages/aiohttp/connector.py", line 907, in _create_connection
    _, proto = await self._create_direct_connection(req, traces, timeout)
  File "/usr/local/lib/python3.10/site-packages/aiohttp/connector.py", line 1206, in _create_direct_connection
    raise last_exc
  File "/usr/local/lib/python3.10/site-packages/aiohttp/connector.py", line 1175, in _create_direct_connection
    transp, proto = await self._wrap_create_connection(
  File "/usr/local/lib/python3.10/site-packages/aiohttp/connector.py", line 992, in _wrap_create_connection
    raise client_error(req.connection_key, exc) from exc
aiohttp.client_exceptions.ClientConnectorError: Cannot connect to host 62sfxzyo.fbxos.fr:28582 ssl:default [Network unreachable]

[Quentame]

Not stale, I'll try to fix that

[fredleger]

@Quentame nice to read :-) dont hesitate if i can help in any way (testing or understanding networks issues involved)

[JigSawFr]

Still experiencing same problem on my side

[fredleger]

@JigSawFr don't think any changes related to this issue has been made

[Guigui37]

Following documentation: https://dev.freebox.fr/sdk/os/# and trying at home, we should access the API internally (especially when in bridge) through url like http://mafreebox.freebox.fr/api/v4/login/

Documentation says: Building the API request URL

Once you’ve discovered a Freebox on the local network you can access the API at the following URL:

https://[api_domain]:[freebox_port]/[api_base_url]/v[major_api_version]/[api_url]

or for local access

https://mafreebox.freebox.fr/[api_base_url]/v[major_api_version]/[api_url]

But does not solve the problem for now ...

[issue-triage-workflows[bot]]

There hasn't been any activity on this issue recently. Due to the high number of incoming GitHub notifications, we have to clean some of the old issues, as many of them have already been resolved with the latest updates. Please make sure to update to the latest Home Assistant version and check if that solves the issue. Let us know if that works for you by adding a comment 👍 This issue has now been marked as stale and will be closed if no further activity occurs. Thank you for your contributions.

[ravens]

Still up

[vdanjean]

I workaround the problem by having a valid IPv6 address, so that XXX.fbxos.fr:YYYY is done through IPv6. curl --cacert Freebox_ECC_Root_CA.pem -v4 https://XXXX.fbxos.fr:YYYY fails but curl --cacert Freebox_ECC_Root_CA.pem -v6 https://XXXX.fbxos.fr:YYYY succeeds. In bash, I needed to specify the ROOT CA (as shown above) but home assistant seems to already accept it (to be double checked as I did lots of tests before finding the correct way). The PEM can be obtained from https://dev.freebox.fr/sdk/os/#https-access

However, there was still another problem. Even with an IPv6 address reachable from the internal network, the home assistant code calls get_hosts_list from the freebox_api package. However, in bridge mode, the freebox answers:

File "/usr/local/lib/python3.11/site-packages/freebox_api/api/lan.py", line 64, in get_hosts_list
    return await self._access.get(f"lan/browser/{interface}")
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/local/lib/python3.11/site-packages/freebox_api/access.py", line 122, in get
    return await self._perform_request(self.session.get, end_url)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/local/lib/python3.11/site-packages/freebox_api/access.py", line 114, in _perform_request
    raise HttpRequestError(err_msg)
freebox_api.exceptions.HttpRequestError: Request failed (APIResponse: {"msg": "Erreur lors de la r\u00e9cup\u00e9ration de la liste des h\u00f4tes : Interface invalide", "success": false, "error_code": "nodev"})

So, I needed to comment-out the await fbx.lan.get_hosts_list() line in config_flow.py and to replace fbx_devices: list[dict[str, Any]] = await self._api.lan.get_hosts_list() by fbx_devices: list[dict[str, Any]] = [] in router.py (better fixes to be found here, but it seems ok that in bridge mode, no list of hosts exists)

[jflefebvre06]

@vdanjean Instead of configuring IPV6 it is also possible to use host mafreebox.free.fr and port 443.