Home Assistant websocket not working

[Linwood]

Is there any way to put the old router back and remove opnsense?

If it still fails the same way you learn a lot.  If it doesn't fail, the packet trace idea is perhaps the best place to go.

You mention running IGMP proxy WAN and LAn, you also talk about a reverse proxy.  Is your access to Home Assistant somehow from the internet and not from your local LAN? What happens if the internet is down (say back with the old router) -- did anything break?

I thought the issue was you can't connect to MQTT -- did that start working?

My suggestion is not at odds with Patrick's but is a different dimension -- pick ONE thing that is a failure you think relates to opnsense, one single thing, and describe it fully, and see if you can get more details including packet traces.   The errors shown look like zigbee related (when I search for bellows for example I get a lot of hits about zigbee).  Are all your poblems actually originating with zigbee?   (The UI -- you mean the HA UI not the Zigbee2MQTT UI?)

Finally, a lot of what you are talking about looks like WAN related stuff.  HA is mostly local (with some cloud integrations of course), and everything you've mentioned should be local.  It would be very helpful if in picking something to concentrate on, pick something unrelated to the internet.  Don't access HA from the internet, access it locally (you are, right?  Not with something thru nabu casa or some proxy?

But... pick one thing that fails and figure out what you can.  MQTT (the service, not zigbee2mqtt) is pretty straightforward -- if HA can't talk to HA, do as I suggested and see if you can, see what happens.   But pick one thing.  And for us to help, try to stick with one specific failure, not jump around.  It will help a lot.

[instantdreams]

@meyergru I don't know if it is a firewall issue, but this behaviour started when opnsense was installed.

@Patrick M. Hausen I will try to packet trace the homeassistant container.

@Linwood Reverting to the original router is possible but disruptive. Let me address your other points:

1. IGMP Proxy on WAN and LAN & Reverse Proxy
I installed the IGMP Proxy, mDNS Repeater, UDP Broadcast Relay, and Universal Plug and Play plugins to get Sonos and Spotify working on my network. They may not be configured correctly, as I only have a WAN and LAN interface active. They may not be needed, as I have floating rules for the various ports needed. Access to Home Assistant is configured to be local. All clients will use the internal IP addresses when connected to the local network.

2. MQTT
The issue is always that Home Assistant fails to connect to MQTT - all the other services that use MQTT report no issues (double-take, frigate, teslamate, zigbee2mqtt, zwave).

3. Zigbee issues
I removed Zigbee Home Assistant (ZHA) and migrated to zigbee2mqtt. This removed the ZHA errors, which I think were a red herring. I suspect some traffic ws blocked and that caused a timeout in the ZHA module.

Other observations

Uptime Kuma, running locally on the same host as Home Assistant, can see that Home Assistant stops responding multiple times.

System : Routes : Log Files notes the following:

Code Select Expand

2025-10-20T09:03:39-06:00 Warning miniupnpd SSDP packet sender 198.53.116.247:51405 (if_index=1) not from a LAN, ignoring
2025-10-20T09:03:32-06:00 Warning miniupnpd SSDP packet sender 198.53.116.247:45970 (if_index=1) not from a LAN, ignoring
2025-10-20T09:02:46-06:00 Warning miniupnpd SSDP packet sender 198.53.116.247:52417 (if_index=1) not from a LAN, ignoring
2025-10-20T09:02:46-06:00 Warning miniupnpd SSDP packet sender 198.53.116.247:52417 (if_index=1) not from a LAN, ignoring
2025-10-20T09:02:45-06:00 Warning miniupnpd SSDP packet sender 198.53.116.247:52417 (if_index=1) not from a LAN, ignoring
2025-10-20T09:01:05-06:00 Warning miniupnpd SSDP packet sender 198.53.116.247:49463 (if_index=1) not from a LAN, ignoring
2025-10-20T09:01:05-06:00 Warning miniupnpd SSDP packet sender 198.53.116.247:49463 (if_index=1) not from a LAN, ignoring
2025-10-20T09:01:05-06:00 Warning miniupnpd SSDP packet sender 198.53.116.247:49463 (if_index=1) not from a LAN, ignoring
2025-10-20T09:01:03-06:00 Warning miniupnpd SSDP packet sender 198.53.116.247:45605 (if_index=1) not from a LAN, ignoring
2025-10-20T09:01:03-06:00 Warning miniupnpd SSDP packet sender 198.53.116.247:45605 (if_index=1) not from a LAN, ignoring
2025-10-20T09:01:02-06:00 Warning miniupnpd SSDP packet sender 198.53.116.247:45605 (if_index=1) not from a LAN, ignoring
2025-10-20T09:00:38-06:00 Warning miniupnpd SSDP packet sender 198.53.116.247:60255 (if_index=1) not from a LAN, ignoring
2025-10-20T09:00:38-06:00 Warning miniupnpd SSDP packet sender 198.53.116.247:60255 (if_index=1) not from a LAN, ignoring
2025-10-20T09:00:38-06:00 Warning miniupnpd SSDP packet sender 198.53.116.247:60255 (if_index=1) not from a LAN, ignoring
2025-10-20T09:00:07-06:00 Warning miniupnpd SSDP packet sender 198.53.116.247:44025 (if_index=1) not from a LAN, ignoring
2025-10-20T09:00:06-06:00 Warning miniupnpd SSDP packet sender 198.53.116.247:34690 (if_index=1) not from a LAN, ignoring
2025-10-20T08:58:39-06:00 Warning miniupnpd SSDP packet sender 198.53.116.247:51405 (if_index=1) not from a LAN, ignoring
2025-10-20T08:58:32-06:00 Warning miniupnpd SSDP packet sender 198.53.116.247:45970 (if_index=1) not from a LAN, ignoring
2025-10-20T08:57:47-06:00 Warning miniupnpd SSDP packet sender 198.53.116.247:52417 (if_index=1) not from a LAN, ignoring
2025-10-20T08:57:46-06:00 Warning miniupnpd SSDP packet sender 198.53.116.247:52417 (if_index=1) not from a LAN, ignoring
2025-10-20T08:57:46-06:00 Warning miniupnpd SSDP packet sender 198.53.116.247:52417 (if_index=1) not from a LAN, ignoring

These are repeated many times.

I'll try a packet capture on the server that runs my services. I'll also enable debug logs on Home Assistant to see if there's anything that indicates a port, protocol, or ip that has an issue.

[caplam]

I quickly read the topic and have not a clear idea of your whole config.
does your opnsense have the same ip as your former router ? if not  did you update the trusted proxies section in home assistant configuration.yaml
did you reboot all your machines involved in these communications ?

[Linwood]

I probably should just step away as I'm not sure I am being helpful but a few comments.

First, I still do not see an actual problem you want solved, other than saying Home Assistant stops responding. I don't know kuma, but I assume it's doing some kind of web oriented monitoring (as opposed to pings?), but my first suggestion is get down lower and figure out what exactly is not responding -- does it ping steadily for example, and just the web is not responding?  If you have it functionally doing something, let's say you set up a script to turn a light on and off every 3 seconds, does that keep working?  Is the issue that HA is not keeping up, and is hanging -- or just that its user interface is hanging.

And I still don't see why any of this is related to a router if you have only a WAN and LAN.  I presume you have NOTHING on the WAN side other than the ISP gear, so with EVERYTHING else on the LAN side the firewall should not be involved.

If you have a LAN and a WAN and that's it, all that other stuff (IGMP proxy, mDNS repeater, UPnP (a security issue)... all these sound like nonsense, as if you have just one subnet (a LAN) and not  multiple VLAN's (other subnets) there should be no need for any of this stuff. UPnP is when you want to allow someone or some thing OUTSIDE your lan to reach in through your firewall and touch something inside.  Is that where some of your problem lies?

The SSDP packets... not sure, that's a public address, so why it would be appearing on a LAN interface is puzzling, assuming that is even what that means.

Maybe someone else can make sense of this.  I am sorry I have not been able to help more, but my advice is get someone to review the whole configuration, as the bits and pieces that are coming through make no sense.