I want to have access to home assistant from anywhere (after laughing at people who want to control their homes without even being there, i now have this desire, too
There is a lot of howtos out there and even a paid subcription from nabu casa.
So I thought about it and just set up a vpn to integrate my mobile (wireguard, buiilt in client in router, took 5 minutes). It just seems to work!
Is there any downside/limitation/security concern - besides i have to activate the vpn if i want to access ha from anywhere? I am a bit confused…
You can always pay for Nabu Casa. You get a secure connection and you help fund development to keep HA going . $60 a year. Just putting it out there as developers have a hard time continuing to develop a system on this scale for free.
Another way is to set up dynamic dns with reverse proxy. I am using the NGINX proxy manager, which gives nice web ui, and takes care of HTTPS certificates. Pretty easy to set up
Wireguard is absolutely fine. It works great for me. You can setup App split on your mobile phone and only run the companion app through wireguard. That way you can have it always turned on. I also run my synology apps through wireguard. Everything is very stable for me and absolutely transparent.
OpenVPN server on your router for example, works fine.
If you own an iOS device, you can configure on-demand vpn, so the whole thing is kind of as seamless as nabucasa, but in your own walled garden.
I’m sure wireguard is similar experience.
I use Traefik + Authelia and bypass authentication when Wireguard traffic is detected. I can always access webinterfaces from untrusted locations that way without the dozend different webapplications at home and their exploitability to the internet directly. Traefik creates most routes directly from docker-compose labels and does the TLS cert fetching, pretty awesome.
I have Wireguard set up, and it works pretty well. I’m planning on paying for Nabu Casa anyway, to support the developers. But I might not use it.
In my mind, Wireguard is more secure. I expect that Nabu Casa doesn’t open any ports to work, but it does create a nice target for hackers. If a hacker gets into Nabu Casa’s servers, then they have a door into all of our networks, instead of just hacking my one measly home network.
I’m not a cyber security guy, or even an IT guy, so I welcome takes on this.
Cloudflare is one of the best ways. However the only drawback is that you require your own domain which I don’t have. However as an alternative im using similar method with ngrok. It gives you a public web address for your locally running services. Only drawbacks is that with free version your web address will change in case your connection to ngrok goes down due to any reason.