Title is pretty self explanatory but our mobile phones are running all data (save for the Messages app which requires a split-tunnel due to funkiness on VPN… another topic entirely) through our home VPN.
I see that there’s an option under “People” in HA for each user called “Local access only” that is disabled by default. Since I have no plans to ever try to access our HA app not on the VPN, is there anything I should be aware of before enabling this for users?
The idea is that this will increase the overall security if nobody can access our HA instance from anywhere but the home network as an added layer. I understand that if the VPN ever goes down (unlikely) we’ll lose HA access but that’s an acceptable trade-off for increased security since I don’t anticipate any downtime w/the VPN. If for some reason it goes down it means that our home network is down and I couldn’t access it anyway.
Just making sure there’s no blind spots I’m not thinking of before enabling this option for users.
I don’t really know the answer to your question, but why don’t you enable it for one user and try it out? Make sure it’s not an admin user (yours), so you can revert the change if it doesn’t work.
Because the only other user would be my wife who rarely uses the app. On top of that (despite my best efforts to regularly remind her) she rarely communicates with me anything negative she encounters and just gives up and moves on to something else.
As I’m also newer to HA, I’d rather just have a better understanding of it’s features from a personal knowledge standpoint. I am the defacto
admin of this solution, after all. With this info, I can then make informed decisions on how to properly set the settings. This would also increase the instances where I don’t need to overcomplicate things with her experience.
This is especially important in these early stages of us using HA. I’m trying to get her to more fully adopt using it rather than relying on me for things she can do herself. Example: taking the time to type up a message to me midday to ask if someone has picked up an item on the front porch for a Craigslist porch pickup she arranged. I have no less than three 4k cameras trained on that very spot that she can access anytime just by opening the HA app and going to the cameras page with a single click. The adoption struggle is real.
HA treats local access as “the subnet I’m on and nothing else.” The thing I would check is to see if your VPN traffic is dropping you onto the same subnet as HA is on. With some network appliances, VPN traffic is (or can be) dropped into a different VLAN than the rest of your stuff, and if that’s how you have yours setup, local only access might not work. I have two VLANs in my house (one for IoT, one for “people”). With HA on the IoT VLAN if I set it to local only I could no longer log in from the “people” VLAN even with all the right firewall/routing rules.
