Hi,
I am using HA for three months and loving it so far. For security reasons my HA system is not accessible from internet and I would like it to remain like that. Because of that, I then cannot use the companion app to define whether I am home or not.
To I checked out the doc and saw there is a possibility to use the router to look at connected device and use it as a presence detection.
I have a Zyxel VMG8823-B50B but neither thomson nor Keenetic integration seems to work. Is there a list of integration I can try to see if it works ?
how hard would it be if I wanted to implement similar integration for my router ?
What “security reasons” are there? HA has an excellent security model, and you can also setup a reverse proxy using subdomains (google domains charges me £10 a year for all my subdomains where endpoints are my in my raspberry PI server farm on my LAN. Less than £1 per month !
I also run fail2ban on each of the PI servers
And I setup iptables appropriately.
Never had any issues.
Aside , the companion app has a setting for local HA server address , which you can set to your LAN IP of HA server. If you’re not on your WiFi then it won’t connect. If you are, then you can use the geolocation of your phone which will / should always be in your “home” zone. Assuming that you are not using VPNs and the IP always resolves to your LAN IP of the HA server.
@ninjadog : Well I believe no one know all future flows in soft and linking my server to internet is a possible point of attack. If it is not, the only way is to be physically close to the house and when you have physical access you can basically do whatever you want so…
I also have another server on which I run a nextcloud, server, with fail2ban, iptable, etc, but I try to limit the number of sensitive information on it.
In a house, if you have access to the domotic system you know when a person is home, what are their routines etc. this is too much sensitive to me and should not be on the internet.
Not having an issue in the past does not mean it will not happen and certainly does not mean it is the right decision. I invite you to read book like thinking in bets which emphasized one should not use the result of a decision to define if the decision was the good one.
Thanks @Malaga82 Malaga82, I will have a look at it
I’ve been a software developer since 1981 and grown up with the birth of the internet and followed it and contributed to “it” and many companies. I keep a low profile but I think I’m okay with IT thanks all the same.
But hey, Good luck ! You are entitled to your view and you are of course completely free to make whatever descisions you feel are appropriate.
Hey I never though you had no IT skills ; in fact, chances are you are more skilled than I will ever be. IT is just a hobby for me, so it is keep hard to keep up with new technologies as they spread out quickly.
But it is also true exposing a device to internet is more risky than not exposing it.
It is kindda off topic, but I was given the Edward Snowden book and he went as far as purchasing a offline computer that never got connected to the internet that he used for sensitive material, and he requested the journalists he worked with did the same with the file he provided.
Haha
Mate, if you use an ISP router, then you’re’always exposed’
You see, if someone wants to get in to your LAN, they will. Period. But it’s a question of effort vs benefit. Teen hackers and code anoraks, just run bots n brute force. Unless you have something really world superpower interesting , or a vault of millions ££££ , you’re not going to succumb even with basic routers, security and hardware n apps. You’re just not worth it.
And you trust Facebook, Google your ISP, your national security, you’re wifi connection…could go on
I don’t use an ISP router (but it not a great one either) ; also I don’t trust Facebook nor Google
I am OK to connect my HA server to my router for getting the presence detection because it indeed is too much trouble to get in with few benefits, but (and I might be wrong) I do not want the HA to be expose outside my LAN because I think the risk is higher with few to no benefice
as you said, it’s my life, everyone has its own benefice/risk ratio in which they are comfortable
Hi,
I am using keenetic_ndms2 integration for tracking devices on a home network with multiple subnets. But the interface parameter in the integration allows you to specify only one subnet. How can I track devices on multiple subnets?