Home Assistant access from outside of your home network

I just opened a port on my router, haven’t bothered with any of the security stuff (except password) since I only access via mobile or known wifi. No doubt somebody will now comment all the risks of this approach :smile:

no one with the same problem?

I think this guide above will hellp you

But I can access from outside my network.
The problem is only if using mobile network

1 Like

okay so I cant find it with localhost:8123? or what every it is call?

Weird one.

Is this on all devices, or just your phone?

ssl-cert-check -b -c /etc/letsencrypt/live/mynamehere.duckdns.org/cert.pem | awk ‘{ print $NF }’

just returns:
exist
valid

and not a numeric day.

if i run it manually from the command line, it does work if i add sudo, and returns a numeric.

Just my phone. :confused:

I would:

  • Delete the Web app shortcut.
  • Clear all app data from Chrome (from settings, not from within chrome itself)
  • reboot the phone
  • try to log in via cellular connection
  • cross fingers
  • if it works, recreate the Web app shortcut.

Have you set the permissions for the letsencrypt folders?

… And put that whole command in double quotes?

yeah it was the permissions. it’s good now.

Super dangerous bro. :wink:

Yeah I deleted it… Imaging low risk of being hacked but since rarely access from outside home network not worth the risk. Ideal solution for me would be some kind of cloud based hosting or mirroring of my hass instance

If you’re running this on a Pi, consider dropping PiVPN on the same box. It’ll give you OpenVPN, and there are OpenVPN clients for most platforms. Dead easy to set up, and gives you nice secure remote access.

I got this setup with all the posts I keep seeing about using a VPN.

In order to do so I removed the duckdns/letsencrypt and stopped forwarding that port.

So I am running local with the occasional need to vpn in remotely.

I am just unsure about if this is what other people are doing, and if not, how to implement the nginx/lets encrypt/dns on top of the vpn

When it comes to Network security it is very hard for me to grasp for some reason.

There are a number of threads on security, which are worth reading through. I’d summarise them as follows:

  1. Don’t expose to the Internet anything you don’t have to - the less you expose, the lower the risk
  2. An appropriately configured VPN allows you to access any service on your home network (and through it the Internet) safely, without having to expose anything else
  3. If you’re using a VPN, then you don’t need to use HTTPS, and it may cause you complications
1 Like

Does your ISP provide you with an ipv6 address? If so, you need a IPv6 to IPv4 bridge, cause your mobile network usually only works with IPv4 and you cannot access the IPv6 network from an IPv4 network.

@Tinkerer Perhaps a fourth point would be, segment your network with a VLAN if you can and isolate less secure things like HA, security cameras etc.

Agreed, but for those who’re struggling already, I doubt they’ve even got kit that’s VLAN capable, never mind knowing what a VLAN is.

I suspect at some point we (the community, not necessarily just you and I :wink: ) need to create documentation that provides that starts off with the “newbie friendly” layer, and works up to the expert layer. Then it can cover what all the options are, and what the implications are of each option.

2 Likes