Homey app stops working correctly after moving Homey to IoT VLAN

I did but that didn’t change anything.

As far as I can see, the only thing is a connection being setup from iPad (app) to Homey on port 80.
No separated traffic back or anything like that.

Indeed I hope somebody knows in more depth how connectivity between app and Homey works.
Thanks for your thoughts! :+1:

Does https://my.homey.app work? If so, you can check the browser’s developer tools to see how it communicates.

Hi Robert, yes, it does. Everything works fine. Just like when I connect with the standard ‘classic’ Homey app , but using the external route i.s.o the local connection.

I think I do not understand what you mean.
Do you mean https://tools.developer.homey.app/ ?
If so, how could I find info there on how the ‘classic’ Homey app connects to my Homey?

Thanks for thinking with me! :+1:

No, all modern browser have developer tools where you can see (amongst other things) which network connections a web page is using.

The web app (and also the “classic” app, by which I assume you mean the mobile app?) first tries to connect to https://A-B-C-D.homey.homeylocal.com, where A-B-C-D are the octets of your Homey’s local IP address (so if your Homey is at 192.168.1.10, it will try and connect to https://192-168-1-10.homey.homeylocal.com).

You can start by checking if that hostname leads anywhere in your network, by opening the URL in a browser for instance.

1 Like

Hi Robert, maybe I have not described my issue clear enough, but making connection to my Homey is not the issue.
In all cases - with ‘classic’ mobile app with external and direct internal connection as well as with the new online app (don’t know how you can see whether it is using the direct internal connection or the external connection) - this works fine.

The issue seems to be in the realtime Homey generated feedback (like updating the status of a lamp in the Devices overview) in the situation with ‘classic’ mobile app and a local connection.

How do you think that analysing the browser data will tell me why this is not working? Thanks for your clarification!

Yes, but does this work in the web app or not?

The developer console may show errors, for example.

FWIW, both the mobile and the web apps use WebSocket connections to Homey for realtime updates.

Yes it works in the webapp (https://my.homey.app/), but my guess is that it works because it always connects via Internet and not locally ( Is there a way to check how it connects?)

If I use the ‘classic’ mobile app on my iPhone via internet (just put it on 4G) it also works fine.

The issue with return traffic starts when using the ‘classic’ app locally and my iPhone ends up in a different VLAN than the Homey.

Yes, with the aforementioned developer tools. It will connect locally if it can.

I understand the problem, but if you can’t debug the issue yourself it’s going to be very hard for people to help you.

Ok, I’ll do some reading/studying and see what I can find!
Thanks for the help so far! :pray:

When homey talks to a device. It’s OK. It will do a request/response thrue the firewall.
When a device sends an update it gets blocked in the firewall.
The only way to solve this is by whitelisting the devices you want to communicate with homey.

So a simple block all outgoing of iot vlan will not work. It should be. Block all except device a:port diviceb:port etc etc

Hi FSW, thanks for suggestion!
The weird thing is however that even without any firewall rules between the IoT and main vlan it still doesn’t work. So it it not purely firewall rule related.

I am currently trying to find out how the realtime traffic from homey back to the Mobile app actualy works.

I guess it is more than just homey replying on a request that the mobile app has done. Especialy since you can have multiple mobile apps that all receive the same realtime updates.

As I found out that my router/firewall (Untangle) does not support mDNS, my suspicion currently goes out to a broadcast/multicast type of issue.

Maybe this is of any use, Homey uses websocket connections for realtime updates.

It doesn’t really make sense that my.homey.app (including realtime updates) is working but the mobile app isn’t, though. Websockets use the same HTTP(S) server on Homey, and when I run the Homey app on my Mac I can see realtime updates being transmitted over the HTTPS connection from Homey back to my Mac.

When I start the my.homey.app with Chrome developper tools on, I see the following messages in the console tab.
(192.168.100.92 is the IP adres of Homey in the IoT vlan)

So I think the my.homey.app connects via internet since it fails to find something inside, explaining why it behaves differently than the mobile app.
Weird thing is that it also does this when all firewall rules are off.
(BTW IP adres looks weird to me: dashes i.s.o. dots)

Check your DNS

nslookup 192-168-100-92.homey.homeylocal.com

It should resolve to a IP from that DNS

Does your router (or the machine that is handling your local DNS) have DNS rebinding protection enabled? Athom’s method of providing “secure” local access depends on that protection being disabled (ironically making your local network less secure, but I’ve given up on trying to explain this to Athom).

Also, it looks like Athom’s nameserver that handles homeylocal.com is something home made; whenever you send it a query that is not simply an A record, it times out :roll_eyes:

Yes it does.
I get the exactly same response as in your screenprint.

and if you leave out the 8.8.8.8 using your own DNS ?

Then it fails.
Timeout. Can’t find 192-168-100-92.homey.homeylocal.com: Server failed

Change your DNS to something that works for this or disable DNS rebinding protection from your Router.