Home Assistant access from outside of your home network

How to access your Home Assistant from outside of your home (on Mobile network). I can access on wifi but not out side of wifi network.

Thereā€™s existing documentation that summarises the process. If you want to have authentication (and SSL) remotely, but not internally, then youā€™d want to use something like nginx.

2 Likes

Iā€™ve created a comprehensive guide to external access with SSL that will be part of the documentation in the near future. Thereā€™s still a few minor formatting issues with the page but it should be sufficient to follow at this pointā€¦

link removed, scroll down for new link

Hope this helps.

4 Likes

Or you can use TOR. Not that I have done it.

1 Like

You rock! I have spent a couple of days trying to implement SSL with no luck. Your instructions worked first time out. I did have to restart the ssh service after making user ā€˜homeassistantā€™ a sudo group member.

1 Like

Thanks for being my first guinea-pig :wink:

Glad that it helped, can I ask how long it took you from start to finish? Iā€™m conscious itā€™s a long guide so I was thinking of putting a line at the top saying something like ā€œthis will take about 40 minutesā€ or whatever.

Iā€™m new to Pi and Raspbian and was researching users and groups in my journey to implement SSL. I took my time because I didnā€™t want to blow-up my installation. My best guess for a newbie would be approx. 60 minutes.

1 Like

Cheers :thumbsup:

My guide is now in the official docs, thereā€™s still a few spelling mistakes and minor formatting errors (sorry!) that Iā€™ll fix next week, but it should be all good to follow now.

1 Like

From a security stand point itā€™s best not to expose your home assistant device to the internet at all, even if you are forwarding through your firewall, encrypting, etc. If your router supports it setup a vpn server. Also password protect home assistant. To access it from outside your network youā€™ll open a vpn connection then sign in to home assistant. Because youā€™re traversing a secure vpn tunnel you donā€™t need to enable https, but you can if you want to.

is there a good way to avoid exposing HA to the internet and still working with IFTTT? I just migrated from openhab and have it set up exactly like you just mentioned (via VPN), but I was hoping to set up triggers and automations via IFTTT for stuff like tracking when the last family member leaves home via Life360ā€¦but Iā€™m hesitant to expose it to the internet at all.

My HASS has access out to the internet so I can send to IFTTT but I havenā€™t sent anything back inside. For now for presence tracking Iā€™m using wifi and cell phones. On wifi = home and off wifi = away. You can group all the devices and if any one of them is home the group = home if all are away the group = away. Iā€™d be curious if you find a different way to do it thatā€™s secure.

Has anyone tried TeamViewer? https://www.teamviewer.com/en/use-cases/remote-access/

I used to use it extensively in the past. Removed it from all my machines after there was a security issue. That was awhile ago though so things may be fixed now.

It was great for providing tech support for the older family members, I could log in from anywhere and troubleshoot their issue. I fixed an issue for my wife once while in a bar using team viewer from my iphone.

3 Likes

Teamviewer might be overkill vs using VPN on your router. Although if your router doesnā€™t have that feature itā€™s another option. I would imagine itā€™s still more secure than exposing your pi to the internet. For me, if Iā€™m just checking the status of the system and sensors and such vpn works well and doesnā€™t require modifying my pi/hass installation.

1 Like

what about something like setting up an e-mail client somewhere on the network as a bridge, and use an e-mail address thatā€™s only for IFTTT? IFTTT sends an e-mail to that e-mail address when everyone leaves home, client sees that e-mail comes in and fires off some sort of trigger to HAā€¦

how hardened/secure is this? I have been really trying to avoid poking holes in my firewall, but I really would like to use IFTTT ā€¦

Hello. I have the same problem.
I can access outside my network but only if itā€™s an wifi connection.
If I connect for example to my work wifi, I can access the home assistant without any problem but if the mobile connection is 3g or 4g it stops asking password (I also disabled password for testing and itā€™s the same)

If you are an iOS user then Homebridge is another way to get external control of some HASS features

thank you but iā€™m using android.
the problem is that it connectā€™s if i use any wifi connection (not my home one).
It canā€™t connect only if iā€™m using the mobile connection.