Hi guys,
when I set up my HA months ago, I followed this guide: Installing TLS/SSL using Lets Encrypt. I’m using Google 2FA to login to my HA. So actually I’m feeling safe.
Now I got a new router (FritzBox), which supports IPSec VPN. I set this up and tried it with my iPhone: Entering my own network works perfectly with that.
My question is:
- Is there a need to secure my HA for a internal-network-usage (so: not directly accessible from internet with port forwarding) with SSL?
If yes: How can I accomplish auto-renewal?
If no (what I guess): When using HA only internal, how can e. g. my GPS position be provided to HA except of manually enabling VPN on my iPhone and open the HA app? - Is there a need at all to make my HA only accessible from intern my network with VPN from extern or is a strong password in combination with 2FA safe enough (=> is the e. g. GUI itself safe enough)?
Since my router only supports IPSec which is properly included in iOS, I don’t really want to use third party apps and integrations (like OpenVPN, WireGuard, …) if not necessary.