Also remember that esphome is the server for API comms, so the connection is made from home assistant to the esp. This means that it is at the esp end that you’d have to punch a hole in a firewall on port 6053.
I have ESPhome devices running on a 4g router with a vpn to the main site. Essentially same network but different subnets.
Why does everyone want to make it hard? Use MQTT and connect your nodes and Home Assistant to a public broker.
Tomato/Tomate-oh
At some stage you will expose something to the baddies, whether by using a public broker, or opening a vpn.
How?
The fear of IOT as a vector for bad operators is way overblown. Can anyone point to a verified report of this ever happening? I don’t mean a kiddie prank where a hacker set your heat to 98°F, but any verified network penetration.
But this got me to thinking- because I do have a need for WAN access to my broker. What if I were to put my MQTT broker on DuckDuckGo?
I agree. How is MQTT over SSL/TLS any worse than a browser using https?
The main problem would be with bad actors gaining access to your data on the network you don’t control, in the broker space.
Easier than deploying a MQTT server in the WWW might be just to call a webhook via nabucasa from the remote esphome node.
Various topics and snippets about this exist in the forum here.
Ether way (MQTT or webhook) the esphome node is able to communicate with HA but all the lovely management features will not be available that way.
Using a site-2-site VPN (like wireguard or tailscale which can directly run on routers) will give full control and allow use of the native api and all other goodies.
Do you have a step by step on how to do it…
- I have hassio on pi
- I have a domain linked through cloudflare that I can I access from anywhere
House 1 has esp with esphome (no hassio)
House 2 has the above 1 & 2
How do I setup mqtt to have house 1 visible on house 2 hassio.
I can re setup the esphome on the esp32 In house 1 when needed.
It’s hard to find a step by step… including .yaml configuration
I don’t want to use VPN.
Other methods are welcome
Sure.
- Use MQTT on a public broker.
Done.
I have no clue what Cloudfare is, and I have never used ESPHome without Home Assistant. More, Your description is remarkably vague. What does the ESP in house 1 do and how do you communicate with it now?
Thanks.
Home 1 has sensors setup with a piezo buzzer as a trigger. I cannot monitor anything at home 1 at the moment. Therefore looking for a solution
I’m only using esphome. I’m not to clued up on MQTT.
Let me know if this is correct:
- Install broker on HA
- Configure home 1 esphome .yaml to include MQTT details.
3.?
Set up an account on a public broker
point the esphome device to it
Use your local mqtt broker on HA to connect to the public one.
How is a buzzer a trigger??
As I said, I’ve never used ESPHome without Home Assistant, but I can’t imagine it would be much different.
Looks like it is now even possible to ‘just’ install (and configure) the wireguard add on in HA and then use wireguard directly on a remote esphome (esp32) node like described in the docs
Wireguard is a great idea, but
Thanks for the tip, I had missed the addition of wg.
Any reason for that? Setting up a public mqtt and securing/hardening it including enrolling https for encrypted traffic is more complicated nowadays then “just” set up a wireguard.
Did you investigate webhooks already? If you have a nabu casa subscription it can’t get much easier.
Also wireguard does not work on esp8266.
Thanks all, i went with the wireguard method. It was a bit tricky for me as a noob and only having mikrotik Router OS6 but I eventually figured it out and I can now access my network remotely with mobile through wireguard app. I then configured my esp32 and got a handshake but only when on LAN, now struggling to figure out how do I connect the esp remotely.
Something I’ve discovered since this thread is ZeroTier. I’ve only done some light testing but it is worth investigating.
So you used a vpn after all.