Android: Home network does not work

If you need to accept the SSL certificate in a browser when you use your local IP like you have defined then this will not work. Your best bet would be to enable NAT loopback at the router and just use the external URL. This may also be of help: https://companion.home-assistant.io/docs/troubleshooting/networking

I think that there is no way to have an ssl certificate on the FQDN and avoid it in the internal address. If not, please, could you explain me how? Unfortunately my router doesn't allow me to set the NAT loopback.
I think mine is quite a common situation.
I think I will just use just the external address since it will work always 😉
Thank you @dshokouhi anyway

I ran in to the same problem but the fix that worked for me is I have to enable google location. If I have it disabled, only loads remote. If it's enabled, it behaves as expected.

I think this is a bug and makes the app not useful for me. I keep location disabled expect when I'm driving (and it's too inconvenient to keep changing location 'modes' in android).

Is this the only option for the app figuring out it's connected to a certain ssid?

@GreenhouseAU as of right now the only way to determine if you are on the home network is for location services to be enabled. Please file a new issue for this as its not related to this issue.

@pippo73 to my understanding this option is really more for users where the external URL does not resolve locally for them, if the external URL works locally then you don't need to use the feature.

I think that there is no way to have an ssl certificate on the FQDN and avoid it in the internal address. If not, please, could you explain me how?

I do this by fronting my HA instance with a reverse proxy (NGINX, in my case). The proxy takes care of the certificate stuff and HA itself is completely unburdened by that. I can then use the encrypted site by DNS name from outside and my unencrypted site by IP from my LAN.

Hello,

I've got the same issue.
My router (provided by my ISP) does not allow hairpinning (NAT loopback) because they sey it might be a security issue.
My HA is only accessible on HTTPS.
So, in order to access my Home Assistant with the app, I must stay out of my local network.

With the internal URL feature, I thought that it would accept certificates (allow a faulty certificate : Common Name not matching the IP) but it's not.
Maybe to solve this issue a checkbox should be added to accept faulty certificate in the local network provided by the SSID.

This is how I got around the problem :

I've got a Pi-Hole on a Ubuntu server so I added an entry to resolve my domain with the internal IP.
I put my Wi-Fi settings into static and put my Pi-Hole as my first DNS : didn't solved the problem because the Phone mainly contact the DNS with IPv6. So I put it back in automatic.
I can't specify an IPv6 DNS on my phone (One Plus 6T ME : Android 10).
With IPv4 and IPv6 Pi-Hole DNS configured on my computer (for IPv6, I use the local link address (fe80::...)) I managed to access HA with the domain name.

So I've download an app called dnspipe which allow me to specify IPv4 and IP DNS servers.
Connect to my Wi-Fi and configured it with my local info, removed the internal config of HA app (remove the specified SSID) and it works !

_I now need to automate the activation of this app with the app Tasker (the app support it) but I cannot manage to make it work by now._

PS : A simpler way will be to activate the DHCP of Pi-Hole instead of using the routers DHCP (in which I can't change the DNS settings) but my server isn't that much reliable.

Hope this help understand the issue and give people some info.

There hasn't been any activity on this issue recently. Due to the high number of incoming GitHub notifications, we have to clean some of the old issues, as many of them have already been resolved with the latest updates.
Please make sure to update to the latest Home Assistant version and check if that solves the issue. Let us know if that works for you by adding a comment 👍
This issue now has been marked as stale and will be closed if no further activity occurs. Thank you for your contributions.

The local connection should have a option to ignore SSL errors, since usage of the local ip or invalid SSL certificate is normal in this case.

A friend of mine run into the same problem.

I've looked through the code and found out that the internal url will not be used at all (even if the internal url is set).

I did a quick fix for that and also ignored ssl errors for the internal url. After a first test, it looks like it works.

But i don't know if there are any side effects by ignoring ssl errors.

@dshokouhi What is your opinion?

It has been brought up in the past, we can't just simply ignore SSL errors. If we were to ignore SSL errors you are just as vulnerable as someone using unencrypted traffic.

Yes i know. I share your opinion to use https/certificates wherever it is possible. But as we are in an "internal" network maybe an option to ignore ssl errors would be helpful for some users. Home Assistant can be configured unsecured anyway.

The secure option is indeed to force using certificates.

I've looked through the code and found out that the internal url will not be used at all (even if the internal url is set).

I did a quick fix for that

Lets get this fixed if that is case, sounds pretty important on its own and may solve existing issues we see. What was the cause? I know that if GPS is not enabled and location permissions are not granted then we cannot get the SSID and use the internal URL.

Regarding ignoring SSL certificates it not only poses a risk to the user but also a question as to what do we want to support in the app. There are already users having issues around this and some do not as they use Nabu Casa or just use a normal domain with SSL. If we allow this then we will need to consider all of the other certificate cases that have been brought up because we will get asked about it.

We do have an entire section in our companion docs about how the networking works and has helped users: https://companion.home-assistant.io/docs/troubleshooting/networking

Thanks. excellent documentation 👍

Lets get this fixed if that is case, sounds pretty important on its own and may solve existing issues we see.

I think i stumbled upon the missing location permissions which caused the not working internal url. Then my fix will not work as i thought.

I did a quick test. Cleared the storage of the app. Did the onboard without enabling the location tracking (This is also my private use case). After that i tried to enable the internal url. Which worked at first sight. But when i debug is see that wifiHelper.getWifiSsid() returns <unkown ssid> and the external url will be used. The <unkown ssid> is caused by the missing location permissions. Maybe if enabling the wifi settings a permission popup should be shown? To grant the missing permission. Maybe also with a short explanation text.

Thats a good catch, we should definitely add in a permission prompt for that. We also noticed in another bug that if GPS itself is disabled (even with proper location permissions) then we still cannot get the WiFi data to do this so we probably need to check both of them.

Closing as this was solved by #1187