Home Assistant remote access options?

Forums › Gadgets, robotics, home automation, electronics (including wearables) › Home Assistant remote access options?

1 | 2 | 3

1393 posts

Uber Geek
+1 received by user: 930

#3048670 10-Mar-2023 15:03

Silvrav:

Cloudflare I believe works with CG-NAT as well.

Sure but in practical terms it works about the same as Cloudflare. I just found Tailscale easier to work with. Do you know if they have a way to just expose the port directly in Cloudflare? Having the droplet in Australia is a pain and I presume that CloudFlare has something local.

Silvrav

477 posts

Ultimate Geek
+1 received by user: 174

ID Verified

#3048673 10-Mar-2023 15:08

boosacnoodle:

Silvrav:

Cloudflare I believe works with CG-NAT as well.

Sure but in practical terms it works about the same as Cloudflare. I just found Tailscale easier to work with. Do you know if they have a way to just expose the port directly in Cloudflare? Having the droplet in Australia is a pain and I presume that CloudFlare has something local.

Yip you can and then assign child domans to a specific port - so in theory (I still need to do it) you can have ha.yourdomain.com as your home assistant URL or myha.yourdomain.com etc. I still need to play around with it but this seems to be possible with any port as you can assign it to even RDP into your servers.

Newtown

143 posts

Master Geek
+1 received by user: 61

ID Verified

#3048774 10-Mar-2023 16:35

I use the free tier of Remote.it, which is pretty similar to Tailscale:

https://www.remote.it

Ruphus

471 posts

Ultimate Geek
+1 received by user: 181

#3048830 10-Mar-2023 21:48

For me, I use
- OPNSense as the router and firewall
- Kubernetes for containerisation
- Traefik for reverse proxy (in kubernetes)
- Cloudflare Zero Trust to secure exposed websites
- Home Assistant in a docker container on Unraid.

My future plan is
- Move HA to kubernetes
- Move OPNSense onto VMware

With the update to Android Auto, I can now use HA to open and close my garage door from my car stereo.

Can you tell that I work in IT?

Handle9

12086 posts

Uber Geek
+1 received by user: 9914

Trusted

Lifetime subscriber

#3048832 10-Mar-2023 21:52

Silvrav:

boosacnoodle:

Sure but in practical terms it works about the same as Cloudflare. I just found Tailscale easier to work with. Do you know if they have a way to just expose the port directly in Cloudflare? Having the droplet in Australia is a pain and I presume that CloudFlare has something local.

Yip you can and then assign child domans to a specific port - so in theory (I still need to do it) you can have ha.yourdomain.com as your home assistant URL or myha.yourdomain.com etc. I still need to play around with it but this seems to be possible with any port as you can assign it to even RDP into your servers.

This is exactly how I have it setup for Homeassistant, Nextcloud, Photoprism and a number of other services. It's excellent, the only thing you can't do on the free tier is video.

ANglEAUT

altered-ego
2472 posts

Uber Geek
+1 received by user: 865

Trusted

Lifetime subscriber

#3048879 11-Mar-2023 10:19

Awesome, thanks for all the input of ideas

Please keep this GZ community vibrant by contributing in a constructive & respectful manner.

Dyson

Shop now for Dyson appliances (affiliate link).

mattenz

195 posts

Master Geek
+1 received by user: 48

#3049755 13-Mar-2023 19:34

I'm running it through Nginx Proxy Manager and Cloudflare to a domain. I'd definitely enable 2FA!

andysh

229 posts

Master Geek
+1 received by user: 16

#3049800 14-Mar-2023 00:32

Just moved from port forwarding to Cloudflare for external access, so far so good and nice not having an open port! Even though I am running everything in k3s and have NGINX, found it easier to run sub domains straight to the app(s). Also noticed that I can used the internal Kubernetes FQDN.

Referrals:

Tesla: https://ts.la/andrew897313

Sharesies: https://sharesies.com/r/XRGS77

Paul1977

5229 posts

Uber Geek
+1 received by user: 2221

#3049910 14-Mar-2023 11:09

I run a Wireguard VPN server on a Raspberry Pi at home, and my phone is connected via an always on VPN. Gives me full access to Home Assistant (any anything else I need on my home network) from anywhere. I don't have a static IP as DDNS on my router works perfectly fine.

MarkM536

323 posts

Ultimate Geek
+1 received by user: 147

#3050101 14-Mar-2023 15:00

Paul1977: I run a Wireguard VPN server on a Raspberry Pi at home, and my phone is connected via an always on VPN. Gives me full access to Home Assistant (any anything else I need on my home network) from anywhere.

I'm curious in this thread why many people use remote access tools like CloudFlare directly to their Home Assistant instance, rather than VPN.

Do most people here only needed to remotely connect to Home Assistant or do their systems (like CCTV) already use their own scheme of port forwarding/P2P.
It's a forum full of geeks, surely people here have more than just HA running in their network!

richms

29251 posts

Uber Geek
+1 received by user: 10361

Trusted

Lifetime subscriber

#3050150 14-Mar-2023 16:04

Opening a VPN just to do simple little things becomes tedious.

Richard rich.ms

Mighty Ape

Shop now at Mighty Ape (affiliate link).

boosacnoodle

1393 posts

Uber Geek
+1 received by user: 930

#3050154 14-Mar-2023 16:07

MarkM536: I'm curious in this thread why many people use remote access tools like CloudFlare directly to their Home Assistant instance, rather than VPN.

Do most people here only needed to remotely connect to Home Assistant or do their systems (like CCTV) already use their own scheme of port forwarding/P2P.
It's a forum full of geeks, surely people here have more than just HA running in their network!

Depends how you set it up. I have all my services on different sub-domains but all going back to the same machine on different ports using a reverse proxy. The public reverse proxy server connect to my private home server using Tailscale as the VPN, simply because it is easy.

Paul1977

5229 posts

Uber Geek
+1 received by user: 2221

#3050194 14-Mar-2023 20:05

richms:
Opening a VPN just to do simple little things becomes tedious.

Mine is set to always-on whenever I’m not connected to my home WiFi, so it’s pretty much set and forget. Never have to manually connect or disconnect the VPN.

And if configured in full tunnel mode it has the added benefit of providing secure internet when connecting to insecure or untrusted wifi as all traffic is encrypted and routed through my home connection.

timmmay

20923 posts

Uber Geek
+1 received by user: 5395

Trusted

Lifetime subscriber

#3050198 14-Mar-2023 20:26

With Android 13 WireGuard is / can be a quick toggle. Just pull down from the top menu (the same place you turn WiFi on and off) and you can quickly toggle the VPN on or off.

Does WireGuard increase battery use much? It must increase it a little as the phone is doing additional encryption, but I wonder if it's significant. A quick search suggests an always-on VPN can make a bit of a difference.

Mehrts

1112 posts

Uber Geek
+1 received by user: 984

Trusted

#3050271 15-Mar-2023 09:24

I use Wireguard (installed via PiVPN on a Proxmox VM) as a full tunnel VPN from my mobile devices (phone and laptop) back to my home network.

It was stupidly simple to set up, only took a couple of minutes from installing PiVPN and having remote access.

The best part is that via the iOS Wireguard app, you can configure it to be "on demand". So you can create basic rules to set whether it's on or not based on what wifi SSID you're connected to.

It's a truly seamless experience if I move from home wifi to 4G connection. And the app doesn't hog a lot of battery usage in the background either. According to the battery usage under iOS settings, it's used 8% battery over the last 24 hours. I think that's reasonable for something that's dealing with all of my phone's network traffic while away from home.

1 | 2 | 3