Cannot connect to Huawei WS7100

[interkelstar]

I'm trying to integrate with my Huawei WiFi AX3 Dual-core WS7100

It is set up on 192.168.2.1

I can easily go by that address, type my password and log in. But providing the same password, url default username admin and default port results for me in "Can not authenticate." message.

[interkelstar]

Logs (tries log in 2 times)

2023-08-17 02:58:18.114 DEBUG (MainThread) [custom_components.huawei_mesh_router.client.coreapi (192.168.2.1)] New instance of HuaweiCoreApi created
2023-08-17 02:58:18.114 DEBUG (MainThread) [custom_components.huawei_mesh_router.client.huaweiapi (192.168.2.1)] New instance of HuaweiApi created
2023-08-17 02:58:18.114 DEBUG (MainThread) [custom_components.huawei_mesh_router.client.coreapi (192.168.2.1)] Authentication started
2023-08-17 02:58:18.115 DEBUG (MainThread) [custom_components.huawei_mesh_router.client.coreapi (192.168.2.1)] Refresh session called
2023-08-17 02:58:18.115 DEBUG (MainThread) [custom_components.huawei_mesh_router.client.coreapi (192.168.2.1)] Session created
2023-08-17 02:58:18.115 DEBUG (MainThread) [custom_components.huawei_mesh_router.client.coreapi (192.168.2.1)] Getting index
2023-08-17 02:58:18.115 DEBUG (MainThread) [custom_components.huawei_mesh_router.client.coreapi (192.168.2.1)] Performing GET to html/index.html#/login
2023-08-17 02:58:23.554 DEBUG (MainThread) [custom_components.huawei_mesh_router.client.coreapi (192.168.2.1)] GET html/index.html#/login failed:
2023-08-17 02:58:23.555 DEBUG (MainThread) [custom_components.huawei_mesh_router.client.coreapi (192.168.2.1)] Authentication failed: {'Can not perform GET request at html/index.html#/login cause of TimeoutError(); code: -3, category: request_error'}
2023-08-17 02:58:23.555 DEBUG (MainThread) [custom_components.huawei_mesh_router.client.coreapi (192.168.2.1)] Disconnecting
2023-08-17 02:58:23.555 DEBUG (MainThread) [custom_components.huawei_mesh_router.client.coreapi (192.168.2.1)] Performing POST to api/system/user_logout
2023-08-17 02:58:29.554 DEBUG (MainThread) [custom_components.huawei_mesh_router.client.coreapi (192.168.2.1)] POST api/system/user_logout failed:
2023-08-17 02:58:29.555 DEBUG (MainThread) [custom_components.huawei_mesh_router.client.coreapi (192.168.2.1)] Error during logout: Can not perform POST request at api/system/user_logout cause of TimeoutError(); code: -3, category: request_error
2023-08-17 03:00:47.764 DEBUG (MainThread) [custom_components.huawei_mesh_router.client.coreapi (192.168.2.1)] New instance of HuaweiCoreApi created
2023-08-17 03:00:47.764 DEBUG (MainThread) [custom_components.huawei_mesh_router.client.huaweiapi (192.168.2.1)] New instance of HuaweiApi created
2023-08-17 03:00:47.764 DEBUG (MainThread) [custom_components.huawei_mesh_router.client.coreapi (192.168.2.1)] Authentication started
2023-08-17 03:00:47.764 DEBUG (MainThread) [custom_components.huawei_mesh_router.client.coreapi (192.168.2.1)] Refresh session called
2023-08-17 03:00:47.765 DEBUG (MainThread) [custom_components.huawei_mesh_router.client.coreapi (192.168.2.1)] Session created
2023-08-17 03:00:47.765 DEBUG (MainThread) [custom_components.huawei_mesh_router.client.coreapi (192.168.2.1)] Getting index
2023-08-17 03:00:47.765 DEBUG (MainThread) [custom_components.huawei_mesh_router.client.coreapi (192.168.2.1)] Performing GET to html/index.html#/login
2023-08-17 03:00:53.554 DEBUG (MainThread) [custom_components.huawei_mesh_router.client.coreapi (192.168.2.1)] GET html/index.html#/login failed:
2023-08-17 03:00:53.555 DEBUG (MainThread) [custom_components.huawei_mesh_router.client.coreapi (192.168.2.1)] Authentication failed: {'Can not perform GET request at html/index.html#/login cause of TimeoutError(); code: -3, category: request_error'}
2023-08-17 03:00:53.555 DEBUG (MainThread) [custom_components.huawei_mesh_router.client.coreapi (192.168.2.1)] Disconnecting
2023-08-17 03:00:53.555 DEBUG (MainThread) [custom_components.huawei_mesh_router.client.coreapi (192.168.2.1)] Performing POST to api/system/user_logout

I can confirm that I can acces http://192.168.2.1/html/index.html#/login from the browser

[vmakeev]

Hi! Is your Home Assistant server connected directly to the AX3 router?

[interkelstar]

Actually you're right, my main touter to which ha is connected to is 1.1 and huawei router is performing a role of wifi AP in bridge mode on addresses 1.100 and 2.1. But interesting that neither is ok for this integration to work (i suppose i understand why, the page lead to redirection). But it's a bummer you cannot integrate with these network setup (although, I must admit, rather edge cased)

[vmakeev]

Actually, I use a similar connection scheme and also have to solve a number of issues :)

My Home Assistant server is connected to a Mikrotik router. Huawei Mesh 3 routers are also connected to the same router.

Without using a clever trick, I would also not have access to the Huawei router from Home Assistant (the Huawei router perceives the Home Assistant server as something in the WAN, and, accordingly, does not allow access to admin panel).

The tricky trick is that the Raspberry Pi 3 is connected to the Huawei router, on which the reverse proxy server is configured (HAProxy, but you can use anything). The port forwarding is configured on the router itself so that requests from the "WAN" (in fact, from the Mikrotik router and other devices, including the smart home server) are redirected to the Raspberry Pi.

HAProxy on Raspberry Pi redirects incoming requests to it back to the Huawei router, but this time the router already believes that these requests are coming from a trusted LAN network, and allows access to admin panel.

When setting up integration, you need to specify the address of the Huawei router from the point of view of the network in which the Home Assistant server itself is located.

So, for example, my Huawei router has a LAN address of 192.168.3.1, but in the network to which the Home Assistant server is connected, its WAN address is 192.168.0.42.

In the component configuration, I will have to specify exactly 192.168.0.42.

Visually, the connection diagram looks like this:

Part of the HAProxy configuration:

frontend http-80
  mode http
  bind *:80

  acl IsMeshRouter hdr_reg(host) ^mesh\.router\.home$ # Home DNS name
  acl IsMeshRouter hdr_reg(host) ^192\.168\.0\.42$     # WAN router address
  acl IsMeshRouter hdr_reg(host) ^192\.168\.3\.1$      # LAN router address (not required)

  use_backend Mesh if IsMeshRouter

backend Mesh
  mode http
  balance leastconn
  http-request set-header Host 192.168.3.1 # Strongly required!
  server router 192.168.3.1:80

Yes, this interaction scheme looks somewhat cumbersome, but, unfortunately, the configuration capabilities of Huawei routers are very limited. An alternative option would be to connect the smart home server directly to the Huawei router (to its internal LAN network).

---

UPD: if you configure DSTNAT on Mikrotik for addresses in the subnet 192.168.3.0/24, and perform netmap to the WAN address of the Huawei router (192.168.0.42), then it will be possible to specify the "internal" address of the Huawei router (192.168.3.1) in the integration settings, but this will only further complicate the already difficult connection scheme.

However, in my network, I was forced to do exactly this in order to be able to access other routers in the mesh network (192.168.3.2 and 192.168.3.3). Of course, in the HAProxy settings for these addresses there are separate rules on the frontend and separate backends, but they are similar to those described above for the primary Huawei router

[interkelstar]

Thanks for such detailed response! That sounds really complicated but I bet I'll work, I got your idea since you introduced proxy on Pi. However, I ended up just connecting HA host to Huawei itself, that's ok in my case and Integration got working. What I couldn't achieve and you might be able to help I hope (although excuse me for offtop) is have you been able to set up remote aceess to you Huawei router? I have cloudflared as well as ddns with nginx but all my attempts were to no avail, when I try to access the router by external host name which is configured to router's ip:port I see router's ip in the address bar and a blank page! Really don't have any more ideas for now, is it possible to open admin page from outside somehow?

[vmakeev]

It is very unsafe to open access to the management of the router from an external network.

In your case, I would recommend setting up a home VPN server and connecting to it. You can deploy a VPN server on the same Raspberry PI, or any other device that is always on. To be able to connect to this VPN from an external network (Internet), you will need to configure the necessary port forwarding (as in my previous post), or DMZ host (all requests sent to the router from the external network will be redirected to the DMZ host). After connecting to the VPN, you will have the opportunity to use any resources of your home network, including the router admin panel, in a fairly secure way.

If you still prefer to access the router without using a VPN, then the solution is set up a reverse proxy inside your home network, and use port forwarding on the router. In this case, I would recommend using some port other than 80 as an external one to provide at least some weak protection. And remember that if you use an unsecured connection (http instead of https), then any data you transmit, including the router management session, can be intercepted by an attacker.

In general, Huawei routers known to me have rather limited configuration capabilities, which leads to the need to build complex interaction schemes around them in any non-standard use scenarios, That is why I use Mikrotik to interact with the external network.

[interkelstar]

I got it, thanks for the good advice!