Connecting Zigbee devices over the internet

I would appreciate this group‘s collective wisdom and experience to figure out how to best connect my remote Zigbee devices:

Objective: Connect some simple water leak Zigbee sensors at my remote parents’ house with my local HA.

Problem: After extensive research, I’ve found various potential solutions, but each with a different flaw

Identified Options:

  1. Tasmota Zigbee hub at parents house + cloud MQTT broker: Suboptimal, as I already have my local broker and don’t want to send all local MQTT traffic over the cloud

  2. Second HA instance at parents house with client/host relationship to my HA instance: Seems like an overkill to have a second HA instance just for a few water leak sensors

  3. Tuya Zigbee hub at parents house + Tuya Cloud Integration on my HA: Tested and didn’t run very stable (status not updated reliably)

  4. Aqara Hub at my parents house + Aqara Cloud integration: Dependent on third party cloud, not sure how reliable

  5. VPN tunnel to my parents house: Requires permanent VPN connection and additional hardware, which seems like an overkill again

  6. Direct MQTT connection from my parents house to my local broker: From what I understood, not great from security perspective

  7. Anything else?

Thanks in advance for any advice you can share! How have you accomplished something similar?

I just started experimenting with the SLZB-06M and it appears to have ability to connect to a Wireguard server if you have any interest in setting that up at your home. Then, you would have access to your home assistant server anywhere; not just from parents. I have not done this.

https://smlight.tech/product/slzb-06m/

It has a web-based control panel:

1 Like

That’s a great suggestion, thank you Stephenn!

I already have a WireGuard setup, definitely worth a shot - Still unsure how stable a VPN will be though, so curious if there are any other suggestions :slightly_smiling_face:

Pi with an SSD and coordinator on a powered USB hub, running Zigbee2MQTT and a local MQTT broker.

Bridge that broker to your main HA broker over a VPN.

That setup will be stable even if the connection between the houses goes down.

You could ditch the SSD if you run Z2M in Docker and ensure that everything logs to RAMdisk.

Second instance of Home Assistant at my parents house is the solution that I have personally gone with.

I did however have some different use cases so needed a solution to solve various other problems:

I ended up setting up a Synology NAS model with virtual machine manager at my parants, (with disk in RAID for redundancy), and that works great because have a NAS model with x86-64 CPU that can run at least one virtual machine with Home Assistant OS (Intel x86-64). In addition I added an external USB-disk for local backups there too.

Since already had an older but not outdated Synology NAS at home I bought a new model for us and moved the older model to my parents house. Not cheap but overkill either I think since it solves multiple needs with one all-in-one solution.

This way can remotley maintain the NAS for syncronized file-backups at my parants house instead of running backup to a cloud and I got a hardware there capable of running HA OS in a virtual machine.

If however wanted a similar but less expensive DIY solution then would suggest looking into setting up either TrueNAS Core with the bare-metal installation on a computer that have at least two harddrives in a disk-mirroring setup (RAID-1) for redundancy + also an external USB-disk for local backups.

Another alternative DIY solution could be to use a Proxmox Virtual Environment bare-metal installation.

+1 for this solution if only need a few sensors. That is, put both an instance of Zigbee2MQTT on a Raspberry Pi at your parenta house and use a Zigbee Coordinator adapter connected directly it (preferably via USB as a networked Zigbee Coordinator makes the solution more complexed).

That is a very bad idea. The same idea was brought up here and I explained there why is such a very bad idea → How to connect Zigbee LAN coordinator and ZHA via WireGuard VPN? (but in summery you should never connect a remote Zigbee Coordinator over a potentially unstable connection because the serial protocol they use are not designed for that, and why WiFi connection is explicitly not recommended).

2 Likes

Hey Manuel,

Have you considered using a Zigbee2MQTT setup at your parents’ house? It would connect to your local MQTT broker nicely and avoid the cloud dependency. Only downside is needing a Raspberry Pi or similar device at your parents’ place.

Thanks a lot Hedda for your advice!

Two quick follow-up questions:

  1. The SLZB-06M Stephenn suggested would run Zigbee2MQTT (Link) and then connect to my MQTT Broker over VPN.
    Why is this such a “bad idea” vs. Tinkerer’s suggestion, which also includes Zigbee2MQTT? Isn’t the model quite similar, as both times a VPN tunnel is used to transmit the MQTT messages from remote sensor to local broker?

  2. In your own set-up, how do you connect the two different HA instances? Are you using remote_homeassistant? What’s your experience with it?

Thank you!

Hi Matt,

thanks for your suggestion! THe SLZB-06 Stephenn suggested can serve as Zigbee2MQTT device and has WireGuard VPN built-in. Do you see any benefit in going with a Raspberry instead?

Read the other thread I linked to. What is a bad idea is to have the Zigbee Coordinator adapter on one site and try to have it connected over the internet from Zigbee Gateway application running on a different site, no mather if that is Zigbee2MQTT or the ZHA integration.

You need to understand that SLZB-06M is only a so called remote Zigbee Coordinator adapter (a two-chip solution where one chip is a Zigbee radio SoC and the other is more or less just running a serial-over-IP server). It is basically just a Zigbee Coordinator adapter with a very long extension cable. You can not run Zigbee2MQTT on it. It does not contain any Zigbee Gateway software, instead it just allow you you to place your Zigbee Coordinator somewhere else on your local network from the computer running the Zigbee Gateway, thus you still need to run either Zigbee2MQTT on a different computer.

So using it and Zigbee2MQTT on a Raspberry Pi with both at your parents house is not a bad idea.

Oh in my case the two instances are not connected in any way, they are two totally seperate instances.

Thanks for clarifying, then it makes total sense. I misinterpreted the device description, which sounded to me like it could work as a full Zigbee Router (see picture below).

image

Not really, the description is accurate. The SLZB-06 can as either coordinator or router, just like a USB dongle. I don’t think they make any claims it runs z2m.

I agree with others, using the serial over IP is not likely to be the most stable solution when used over a WAN.

Personally. I’d probably use a second HA instance on a Pi or similar, that way everything works with or without active internet. Otherwise, z2m at the remote site on a Pi like device (even a Pi Zero) with a VPN connection back to your house.

Hi Jerrm,

thank you! Agree, this seems to be the best option - will go with a second separate instance.

100% agree with Hedda - that’s a really bad Idea.

Im going with Remote Home Assistant with connection back to yours. It’s designed to handle the case of a loosely connected remote. Whereas Zigbee assumes it is local. By faking ot out you’re introducing unknowns and abnormal operating conditions (which make bad stuff happen)

I get you feel it’s overkill but it’s what you need to do to ensure reliability. You don’t want the internet between the devoand your database and event hub. Stuff will get lost and you will constantly fighting the install. (my time is worth money and constantly fighting an install is not what I want to be doing with that time)

Put zha or Z2M on a (older cheaper) Pi with a Zigbee stick and a small haos install and drop it right next to the sensors. The use remote ha to link it to yours. Won’t even need a powerful box so it should end up inline costwise with any other hub solutions (assuming you’re not deploying a brand new Pi5)

Ok, we all get it! I made a bad suggestions :grin:

I just got that device and saw the Wireguard VPN option so I mentioned it. I did end with a disclaimer that I had no experience actually doing it. :grin:

Us esp32 with a water leak sensor and send a message to your phone via whatsapp. No HA required.

Not sure exactly where you landed on this, but if you dont want to run a fully remote HA instance at your parents house, you could run sometihng a bit skinner, with zigbee2mqtt and a mqtt broker, acting as a local zigbee coordinator.

you can then setup an mqtt bridge between your parents local mqtt instance and a cloud hosted once (on a free tier vm, or there are free cloud mqtt brokers)

you could then setup a second bridge from your local mqtt broker at home, and the cloud one, in order to sync messages between your local HA instance, and the remote z2m controller at the remote location.

Downside – needs a cloud service.
Upside - no VPN required, no open ports or any sort of incoming connections

You are not alonne to misunderstand this. I understand this can be confiaing because it can be changed to be a Zigbee Router instead of a Zigbee Coordinator but in Zigbee Router mode it does not send any traffic from the Zigbee radio chip over over the LAN/IP network, so you can never route Zigbee Router traffic over a LAN or WAN. So in Zigbee Router mode you basically fully disconnect the Zigbee radio chip and that works completly stand-alone from the ESP32 chip that is running the serial-over-IP proxy server software.

Zigbee Router communication will only ever work over Zigbee, you can never bridge that over LAN/IP. Again, check out these community guides before buying anything:

You can review the Wireguard setup manual on the SMLight website.

1 Like

Again, as explained above, that is a terribly bad idea. Really stupid feature to have in a Zigbee Coordinator. No one should be using it like that, and anyone who do will be garanteed to have a bad experince.

1 Like

So I went with the “Second HA instance at parents house” in case anybody is interested. Thank you again to everybody!

Tested it today with Remote Homeassistant and so far all good.

Off-topic: My next issue is now how to make the second instance remotely available - What a bummer that one Nabu Casa account can only accomodate one instance. :roll_eyes: