Home Assistant / HomeKit problem

[krawallovic]

Hello,

i currently have the following environment:

• IKEA Dirigera Hub, which is HomeKit capable
• FRITZ!Box 7590 AX
• Proxmox single node, running a Home Assistant VM
• vmbr0 as a OpenvSwitch Bridge

Right now, i want to connect the Home Assistant via HomeKit with the Dirigera Hub, which... is not working. Home Assistant is not able to locate the hub via HomeKit.

I did some research and was stumbling over mDNS, IGMP snooping etc... Also found this exact guide: https://www.home-assistant.io/integrations/zeroconf/#libvirt-virtual-machine-with-macvtap-adapter

I think that i need to enable "something" on the Proxmox node to allow multicast, but i'm not able to find the correct way of enabling this.

Using the OpenvSwitch is not crucial, i could switch to a Linux bridge, if this helps me any further.

 

[Blueloop]

Homekit is Apple flavoured so mDNS/Bonjour/Avahi are some handy keywords. That lot (Homekit devices) should probably find each other using multicast traffic, which is a layer 3 protocol (TCP/IP) rather than layer 2 which is what bridges worry about.

• Is the Fritzbox also acting as the network switch between Proxmox and the Hub
• Which installation type did you use for HA - HAOS, Supervised, venv, whatevs
• What is the Proxmox network config

The easiest way to answer the network question: Open the shell and type: cat /etc/network/interfaces Copy and paste the lot after the header comments here. I understand you might be worried about leaking information. If any IP addresses in a stanza start with anything apart from 192.168. or 172. or 10. then don't do this. If you know what you are doing then please go ahead. I am being deliberately cautious - I don't know you, nor you: me!

If you want to "see" multicast traffic then you need to use tcpdump or wireshark. That takes some of the guesswork out of diagnosing issues. However, just like a doctor's stethoscope, you need to put it in the right place and know what to listen for! Your stethoscope needs to listen for:

# tcpdup -i enp0 -n "multicast"

I've guessed at the interface name (enp0, after the -i) that's why I need to work out how your network is connected together. Generally I find it quite hard to stop mDNS/Bonjour etc from working on a "single collision domain".

 

[krawallovic]

• Is the Fritzbox also acting as the network switch between Proxmox and the Hub

Yes, both devices are directly connected to the Fritzbox where i disabled IGMP snooping (thats what i think i did by disabling the option for Live-TV optimization)

• Which installation type did you use for HA - HAOS, Supervised, venv, whatevs

I took the HAOS lane, so it is a VM where i imported the qcow2 disk image.

• What is the Proxmox network config

As i do think to know what i'm doing, here is my config:

# network interface settings; autogenerated
# Please do NOT modify this file directly, unless you know what
# you're doing.
#
# If you want to manage parts of the network configuration manually,
# please utilize the 'source' or 'source-directory' directives to do
# so.
# PVE will preserve these directives, but will NOT read its network
# configuration from sourced files, so do not attempt to move any of
# the PVE managed interfaces into external files!


auto lo
iface lo inet loopback


iface wlp0s20f3 inet manual
#disabled|wifi


auto enp2s0
iface enp2s0 inet manual
#active-backup bond0 member


auto enx207bd2b30664
iface enx207bd2b30664 inet manual
#active-backup bond0 member


auto enx7cc2c647e5bb
iface enx7cc2c647e5bb inet static
        address 192.168.179.49/23
        gateway 192.168.178.1
#mgmt


auto bond0
iface bond0 inet manual
        ovs_bonds enp2s0 enx207bd2b30664
        ovs_type OVSBond
        ovs_bridge vmbr0
        ovs_options bond_mode=active-backup
#active-backup


auto vmbr0
iface vmbr0 inet manual
        ovs_type OVSBridge
        ovs_ports bond0
#       post-up /usr/sbin/ethtool --change enp2s0 wol g ; /usr/sbin/ethtool --change enx0050b659422c wol g
#vm


source /etc/network/interfaces.d/*

And here is some output from the command (slightly altered) you gave me:

tcpdump -i enp2s0 -n "multicast" | grep 179.83
tcpdump: verbose output suppressed, use -v[v]... for full protocol decode
listening on enp2s0, link-type EN10MB (Ethernet), snapshot length 262144 bytes
18:15:00.031892 IP 192.168.179.83.5353 > 224.0.0.251.5353: 0*- [0q] 1/0/0 (Cache flush) A 192.168.179.83 (50)

tcpdump -i enx207bd2b30664 -n "multicast" | grep 179.83
tcpdump: verbose output suppressed, use -v[v]... for full protocol decode
listening on enx207bd2b30664, link-type EN10MB (Ethernet), snapshot length 262144 Bytes

tcpdump -i vmbr0 -n "multicast" | grep 179.83
tcpdump: verbose output suppressed, use -v[v]... for full protocol decode
listening on vmbr0, link-type EN10MB (Ethernet), snapshot length 262144 bytes
18:19:00.281263 IP 192.168.179.83.5353 > 224.0.0.251.5353: 0*- [0q] 1/0/0 (Cache flush) A 192.168.179.83 (50)

I chose this specific grep command, as the IP address of the hub is configured as a fix reservation on the Fritzbox DHCP.
The NIC enx207bd2b30664 is currently not connected to trim down the complexity, so i think the output is "normal".

Finally, and i want to highlight this:
Never did i receive such a friendly and helpful first response! Some people should take a leaf out of your book!

 

[Blueloop]

Port 5353 is mDNS and you are seeing packets arriving on the physical network cards that your VMs use. Also 224.0.0.x is multicast. So, I think your Fritz is working fine and so is the Ikea widget.

The next step is to find out if HAOS is seeing that traffic. Download a copy of the systemrescuecd - https://www.system-rescue.org/Download/ give Proxmox the URL for the Fastly link. Create a small VM and boot that .iso on it. It will DHCP itself an address. Stop the firewall on it - systemctl stop iptables. Run tcpdump on it and see if you get that multicast traffic.

Do you have a firewall enabled on Proxmox?

 

[krawallovic]

Well, seems about right i think:


Regarding your firewall request:
I did not configure any kind of firewall on the PVE after installation. The defaults should take effect.

I did check it though, but i this should mean "disabled" in case of the VM's (as far as my unterstanding goes):
Datacenter level --> disabled
Node level --> enabled
VM/NIC level --> enabled

All of this makes me wonder: Is HAOS maybe the problem?

 

[krawallovic]

After writing my last post, i thought: Why not just run tcpdump in HAOS?

I installed tcpdump via:

apk add --no-cache tcpdump

After that i could see some mDNS traffic happening:


So, i think PVE is not the problem maker in this case. Or do you have any other suggestions?

 

[Blueloop]

I see you installed the ssh addon. You've proven that multicast traffic arrives at VMs in your environment. Good job.

I think you are well on your way now. Its probably time to switch over to the Home Assistant forums.

 

[Blueloop]

One last thing. Try installing avahi-tools (that's on Ubuntu, it may or may not have the same name or even exist) in your ssh container and run

# avahi-browse --all

 

[krawallovic]

Thank you for the help, i will indeed look into the forum at home assistant.

And for the sake of this thread: avahi-tools could be installed via

apk add --no-cache avahi-tools

after which Home Assistant will (unfortunately) throw an error if you try to avahi-browse --all:

avahi-browse --all
Failed to create client object: Daemon not running

 

[Blueloop]

Blast, I didn't realize it installs a daemon. That's why you start with tcpdump. You can always write data to a file and transfer it to a box with Wireshark installed. The likes of pfSense have that built in to their web GUI. Wireshark docs regarding tcpdump

Wireshark has a lot of dissectors and frankly unearthly intelligence (UI) built in! None of that artificial bollocks, just good old fashioned engineering. When I was a lad, you paid thousands of pounds for a network probe and then something called Ethereal appeared, became open source and rebadged as Wireshark. Then it all went a bit mad and of course PC hardware became capable of dealing with capturing, decoding and displaying network traffic. The key is in the capture filter - the docs are very good.

Even if you never use it, download it and install it just because you can. You will use it. I've seen the stuff you deploy at home and you simply need a few prods to head off in the right directions.