https://github.com/larsklitzke/homeassistant-openvpn-client works,
but now I can’t connect hass.io device through openvpn lan 
That addon does not work for me. I have only CA certificate of the external server and user with password. that addons need private keys.
Why do you need hass.io to connect to a remote vpn server? Why not have your network device do this and setup the required routes?
I need to connect by vpn to another remote server that is in another country where I have sensors to control, it is not safe to establish a route in the local network without vpn. when I just need to connect the hass.io to the remote server.
Hi, sorry, it’s for security, I need that setup, and more people with security and who won’t opening home from outside…
Client OpenVPN to connect outside my network
I need to connect from my hassio to an OpenVPN server. I have to authenticate with username and password. I have the CA certificate.
Hi if you are using raspbian as base os then it is just simply a case of installing openvpn client on raspbian and make sure that it connects to your network. Hass will work as normal as it will be on the same network as the things you wish to control even though it is technically remote
I still don’t understand why this is not doable.
- Have your router connect to the the remote vpn. Most routers can do this.
- Route traffic from hassio to the remote IP over the vpn. So there should not be any need to mess around with custom devices like hassio.
It seems like you are trying to solve the wrong problem.
My HASS setup is only accessible over VPN. And I also have remote location with site to site VPN setup. The internal devices have no clue how they are connected. All they see is an IP or hostname and the router does all the work (what routers do best). By setting up correct route and firewall rules, you can control which devices can talk to each other over your network.
The routing does not have to do anything at all, if I connect from my hass.io by OpenVPN client to work with the sensors in the remote site it must be transparent to the router or any external routing to my hass.io. I just need to open an OpenVPN client in my hass.io. I work with many servers and I connect from my porthole with the OpenVPN client and transparently access any device within the remote networks.
I connect from my laptop with the OpenVPN client like this:
client
dev tap
proto udp
remote 180.210.166.54
resolv-retry infinite
nobind
persist-key
persist-tun
ca mi-cacert.pem
auth-user-pass
comp-lzo
The ip published that he wrote is fictional.
This is what I want to do with my hass.io to be able to monitor temperatures remotely.
Is it possible to install an OpenVPN client in hass.io with the configuration that was written above?
I am doing what is necessary to maintain the encrypted communications between the hass.io and the OpenVPN server where I am connected. It is not correct to make routes on the routers without encrypting the traffic between the two points.
Excuse my English, it’s very bad.
1 I only want to access the remote server only from my hassio and not that the entire local network can route that traffic
2 The OpenVPN client does the routing only without using any router.
3 I am trying to solve this correctly.
4 If you need more information to help me, please request it and I will gladly provide it.
Thank you
1 Like
I think that this conflicts with interest of Nabucasa as it will compete with the cloud service that is provided.
Openvpn doesn’t work with default hass.io 32-bit RPi4 default image because TUN/TAP support is not enabled in Linux kernel. lsmod | grep tun gives nothing and OpenVPN complains ERROR: Cannot open TUN/TAP dev /dev/net/tun: No such file or directory (errno=2)
Is it by design?
I think what you are trying to accomplish may be easier to do with home assistant core installed on raspbian or similar, where you might be able to setup an ovpn client that HA can use.
1 Like
did you resolve this?
I have no access to the router than my internet is provided to me (rental accomodation) which is why i need to connect to an openvpn server, which is a route forward point that i can direct internet traffic to in the same way like duckdns, except that this service routes traffic through a connected vpn connection.
i couldnt get openvpn addon to work at all
This is real shame. Hassio is also locked up so bad, you cannot simply install your own package. I mean, we are talking about Linux here, but it is completely closed.
Any luck? I also want to use HA OpenVPN Client addon but with username & pass rather than client certificate?
Then don’t use it. HA OS is provided for an appliance like experience, for people who specifically do not want to manage the host Linux system (some may not even know what Linux is). If you want to manage your own OS, there are three other installation methods you can choose from. The most flexible and bare metal one (HA core) being just the raw Python code that you can run on pretty much anything. That’s what I use.
I don’t really understand why people are trying to make HA OS do things it was clearly never designed to do, when there are so much easier alternatives readily available.
I’m in the same boat. My HA is in a network with unrestricted outbound traffic but restricted inbound. This network is not administrated by me and no policy to bend here about routers, firewalls, IoT VLANs, etc. The solution I find to remotely administrate the HA is to get either Nabu Casa (NC) or a VPN client on the HA that connects to my external VPN server. The HA runs Hassio for stability reasons (no other option, supervised nor container, to consider). As I understand it, NC is limited to one HA per subscription and so no possible to consolidate multiple HA in one account.
- I’m not familiar with NC but would it be possible to get NC to bridge to multiple MQTT brokers?
Back to the VPN client topic. I understand there is no real interest in getting a VPN client in the Add-on Store because, as mentioned above and by Franck Nijhof, it would defeat the commercial principal behind Nabu Casa. I have full respect for that possible reason because this fantastic solution needs to get financed somehow.
I really hope the people behind Nabu Casa to develop a sort of Nabu Industrial (or Pro) version of it aimed to the professional and industrial market.
As it can be noticed, the few non official add-on VPN clients alternatives have had a relative ephemeral operational life and so not reliable as mid/long-term solution.
Having all this said, my biggest hope relies on a Nabu Industrial solution. That would led me to stop hassling with VPN solutions, homemade consolidations, etc. My vote for it!
1 Like