Remote Access - Just use VPN (Wireguard)?

I want to have access to home assistant from anywhere (after laughing at people who want to control their homes without even being there, i now have this desire, too :slight_smile:

There is a lot of howtos out there and even a paid subcription from nabu casa.

So I thought about it and just set up a vpn to integrate my mobile (wireguard, buiilt in client in router, took 5 minutes). It just seems to work!

Is there any downside/limitation/security concern - besides i have to activate the vpn if i want to access ha from anywhere? I am a bit confused…

​

​

​

You can always pay for Nabu Casa. You get a secure connection and you help fund development to keep HA going . $60 a year. Just putting it out there as developers have a hard time continuing to develop a system on this scale for free.

you are doing it right. A nice self hosted solution without any 3rd party.

I use tailscale just for HA remotely and seems very safe and reliable.

Another way is to set up dynamic dns with reverse proxy. I am using the NGINX proxy manager, which gives nice web ui, and takes care of HTTPS certificates. Pretty easy to set up

I use Cloudflare Tunnel and recommend this solution. The service is free, you do however need to have your own web domain.

Yes, VPN does work. It has its downsides though, sometimes impairing normal web use of your devices. In my experience at least.

Let me suggest an alternative: a Cloudflare tunnel.

I use a cloudflare tunnel. Works like a blast and I have also access to my homebridge and NodeRed instance. Especially if you don’t have a fix IP.

Wireguard is absolutely fine. It works great for me. You can setup App split on your mobile phone and only run the companion app through wireguard. That way you can have it always turned on. I also run my synology apps through wireguard. Everything is very stable for me and absolutely transparent.

I used to. Though dynamic, my public IP never seemed to change. … I think I used DuckDNS? To get a fixed address. No trouble or downside.

These days, I pay Nabucasa just to support them financially.

OpenVPN server on your router for example, works fine.
If you own an iOS device, you can configure on-demand vpn, so the whole thing is kind of as seamless as nabucasa, but in your own walled garden.
I’m sure wireguard is similar experience.

I followed a tutorial on the HA site to use duckDNS. I’m monitoring my home as I write this 200 miles away

I use Traefik + Authelia and bypass authentication when Wireguard traffic is detected. I can always access webinterfaces from untrusted locations that way without the dozend different webapplications at home and their exploitability to the internet directly. Traefik creates most routes directly from docker-compose labels and does the TLS cert fetching, pretty awesome.

I have Wireguard set up, and it works pretty well. I’m planning on paying for Nabu Casa anyway, to support the developers. But I might not use it.

In my mind, Wireguard is more secure. I expect that Nabu Casa doesn’t open any ports to work, but it does create a nice target for hackers. If a hacker gets into Nabu Casa’s servers, then they have a door into all of our networks, instead of just hacking my one measly home network.

I’m not a cyber security guy, or even an IT guy, so I welcome takes on this.

I use OpenVPN from my router and love how easy it was to setup and how secure it was. Being free is nice too

Check out Cloudflare Tunnel https://youtu.be/ZvIdFs3M5ic?si=ICLEtAEWwykH931Q

I just use VPN, already have it for other self-hosted stuff.

Cloudflare is one of the best ways. However the only drawback is that you require your own domain which I don’t have. However as an alternative im using similar method with ngrok. It gives you a public web address for your locally running services. Only drawbacks is that with free version your web address will change in case your connection to ngrok goes down due to any reason.

What you have is great. The other options are just that, options….

Tailscale is a nice option