How to tunnel ESPHOME native API through an SSH tunnel?

Hello,
I am new on Home Assistant, but some years experienced´with MQTT and Openhab. My last addition to my zoo are three ESP32 CAMs, with ESPHOME. Locally they are working like a charm, but I need to place one or two to my summer site :slight_smile:, connected to my home network through SSH tunnel… I was able to tunnel MQTT traffic from other IoT devices - from my cottage to my home, where is MQTT broker located.
My question is - is there possibility to do similar trick for ESPHOME native API? I am fully aware, the native API works very different way, but I am not sure, how to think about it and how to figure an tunneling way for the ESPHOME native on my cottage and my Hassio on my home.
Please, can someone kick me on any prospective direction?
Thanks a lot!

Well, first of all, esphome supports MQTT as well, so you can just do that. I think you can just tunnel port 6053 though.

I forgot to write the main reason for use the ESPHOME is ESP32 CAM, which is not supporting MQTT, so only native API is the way.

And about your recommendation to tunnel 6053 port - as far a s I understand, the 6053 is open on the ESPHOME side, not on the side of the Home Assistant. What I need is to tunnel the Home Assistant service/interface through the SSH tunnel on the cottage side, but I dont have clue what port or ports are used for the ESPHOME native API. And even after that, the ESPHOME firmware should be set to connect not to hostname vaild in my home network, but to hostname of my cottage router, where teh SSH tunnel ends.

If you’re tunneling Home Assistant, you should just be able to use the camera proxy feature in Home Assistant (e.g. https://homeassistant.duckdns.org/api/camera_proxy/camera.esphome?authSig=blablablablablablablablablablablablablablablablablablablablablablablablablablablablablablablablablablablablablablablablablablablablablabla).

A site-to-site VPN could be the solution, if your routers support it.

My question is about connectiong the ESP32 CAM to Home Assistant, not to proxying output from the Home Assistant. I have two networks, in one is Hassio, in other is ESP32 CAM. I am able to tunnel specific traffic.
But I dont have the specification, what traffic (what ports on what side) to tunnel to make native API work.

Yes, it is really solution. But I am happy to make the two networks mostly separated, only few data flows are transported between the two nets.

I fighted with the site2siteVPN for while and it is bit complex, so I am trying to go less hard way - to figure more details about the native API. Perhaps there is option, how to tunnel the native API. If not, well, I will try something other - perhaps siste2site VPN, perhaps different firmware for ESP32 CAM.

AFAIK esp32cam still uses the API port, ie 6053 by default.

Home assistant will probably use a random port on it’s end to access port 6053 on the esphome device. (Just as your web browser chooses a random port to initiate a web session to port 80 or port 443 on a web server).

As far, as I understand it, the ESPHOME device exposes their service on port 6053, so if I want to tunnel more ESPHOME devices, I need to create more IP adresses on my SSH tunnel gateway and map 1:1 remote ESPHOME devices to these IP adreses.

Well, it should work… but im meantime I found that Tasmota have experimental support for ESP32 devices, including ESP32 CAM. And the support include even static image and some streaming. It is Tasmota, so it can be integrated through the MQTT, only camera output have to be tunneled by separate ports:

ip-of-the-esp:81/stream
ip-of-the-esp:80/wc.jpg

I am testing it now, Tasmota version 8.5.0:1, looks stable.

So thanks for all responses. I am aware my decision is bit step aside, but it fit more to my “architecture” :slight_smile: and experience.

This thread is free now, if somebody want to continue on the ESPHOME direction.