iOS App - Local vs External

So, I was looking at the IOS app, and the model used for connecting to HASS and I think it is not ideal. From what I see, if I want to enable remote access, I need to setup port forwarding on my external connection. That isnt great, but I can live with that. The problem is that now, I need that external connection (and mostly DNS name to support dynamic ip + certs) to access my local system. This is obviously a gripe, but I would love to see it done in a way where I could specify an internal and external connection point.

What it sounds like you are asking for is an intermediate server “in the cloud” that facilitates the communication between the app and your HA instance. Personally, I see a few issues with this idea.

  1. I don’t want my information in the cloud or passing through a server I do not control. Sure it would be easier, but I want secure, not easy.

  2. For the secure server to communicate back to your local instance, you will likely still have to open ports… unless the local instance was responsible for opening a secure tunnel/connection to the cloud server. This would add complexity to the setup and would take quite a bit of work to implement since it would be specific to the implementation and expectations on the remote server.

  3. Are you willing to pay a subscription for this functionality? Cloud servers aren’t free.

I use quite a few apps that do what you want.

For instance they know when they are on wifi and can connected directly to the instance via IP etc.

Then when remote they know to use the FQDN.

Within your network you can still access the instance using the same FQDN that you set up for external access.

What would your reasoning be for two different urls?

No, I’m not looking for a cloud server to broker the connection. What I am looking for is for the app to detect when it should use my external IP or when it should use my internal.

Sure… but how do those apps do this? There needs to be some logical discovery process to make this work or split DNS - otherwise how does the app discover the internal/external? I dont run an internal DNS server or caching service on my network and I dont really feel like doing so, but I could theoretically solve this with that.

Ah… ok. Misunderstood what you were asking. I think this could be implemented pretty easily.

Yea, that’s what I was thinking too… I think the logic should be that it attempts to connect to the local and if that fails, then it tries the external… The question would be what would constitute a failure.

That being said, to your original point, I am not against a cloud service that would push my https traffic over an SSH reverse tunnel back to my unit. I use that now with Vera and it is very useful and simple (for me…). The obvious concern there would be securing the tunnel and its termination points… I believe the OpenHAB team has started to do this as well. I’ve actually done this at small scale and its not all that complex to setup or manage - the concern comes back to security and “the cloud” as a concept… but that is a whole other topic

1 Like

Not at all - lookup config, ping ip - unreachable assume remote url …

I was looking to add a local and remote url config as I expose HA via a different port via NAT - its best practice bot to use default ports unless its breaks the protocol like http/https on webservers …

I am currently using a VPN instead as the app doesnt give me the option but I would have thought it had this capability.

I’m using VPN (automatic/on demand) for remote access as well. It works somewhat reliable and feels much safer than exposing those services to the interweb.