Home Assistant access from outside of your home network

Or you can use TOR. Not that I have done it.

1 Like

You rock! I have spent a couple of days trying to implement SSL with no luck. Your instructions worked first time out. I did have to restart the ssh service after making user ‘homeassistant’ a sudo group member.

1 Like

Thanks for being my first guinea-pig :wink:

Glad that it helped, can I ask how long it took you from start to finish? I’m conscious it’s a long guide so I was thinking of putting a line at the top saying something like “this will take about 40 minutes” or whatever.

I’m new to Pi and Raspbian and was researching users and groups in my journey to implement SSL. I took my time because I didn’t want to blow-up my installation. My best guess for a newbie would be approx. 60 minutes.

1 Like

Cheers :thumbsup:

My guide is now in the official docs, there’s still a few spelling mistakes and minor formatting errors (sorry!) that I’ll fix next week, but it should be all good to follow now.

1 Like

From a security stand point it’s best not to expose your home assistant device to the internet at all, even if you are forwarding through your firewall, encrypting, etc. If your router supports it setup a vpn server. Also password protect home assistant. To access it from outside your network you’ll open a vpn connection then sign in to home assistant. Because you’re traversing a secure vpn tunnel you don’t need to enable https, but you can if you want to.

is there a good way to avoid exposing HA to the internet and still working with IFTTT? I just migrated from openhab and have it set up exactly like you just mentioned (via VPN), but I was hoping to set up triggers and automations via IFTTT for stuff like tracking when the last family member leaves home via Life360…but I’m hesitant to expose it to the internet at all.

My HASS has access out to the internet so I can send to IFTTT but I haven’t sent anything back inside. For now for presence tracking I’m using wifi and cell phones. On wifi = home and off wifi = away. You can group all the devices and if any one of them is home the group = home if all are away the group = away. I’d be curious if you find a different way to do it that’s secure.

Has anyone tried TeamViewer? https://www.teamviewer.com/en/use-cases/remote-access/

I used to use it extensively in the past. Removed it from all my machines after there was a security issue. That was awhile ago though so things may be fixed now.

It was great for providing tech support for the older family members, I could log in from anywhere and troubleshoot their issue. I fixed an issue for my wife once while in a bar using team viewer from my iphone.

3 Likes

Teamviewer might be overkill vs using VPN on your router. Although if your router doesn’t have that feature it’s another option. I would imagine it’s still more secure than exposing your pi to the internet. For me, if I’m just checking the status of the system and sensors and such vpn works well and doesn’t require modifying my pi/hass installation.

1 Like

what about something like setting up an e-mail client somewhere on the network as a bridge, and use an e-mail address that’s only for IFTTT? IFTTT sends an e-mail to that e-mail address when everyone leaves home, client sees that e-mail comes in and fires off some sort of trigger to HA…

how hardened/secure is this? I have been really trying to avoid poking holes in my firewall, but I really would like to use IFTTT …

Hello. I have the same problem.
I can access outside my network but only if it’s an wifi connection.
If I connect for example to my work wifi, I can access the home assistant without any problem but if the mobile connection is 3g or 4g it stops asking password (I also disabled password for testing and it’s the same)

If you are an iOS user then Homebridge is another way to get external control of some HASS features

thank you but i’m using android.
the problem is that it connect’s if i use any wifi connection (not my home one).
It can’t connect only if i’m using the mobile connection.

I just opened a port on my router, haven’t bothered with any of the security stuff (except password) since I only access via mobile or known wifi. No doubt somebody will now comment all the risks of this approach :smile:

no one with the same problem?

I think this guide above will hellp you