Have been setup my HA to work on my personal MacBook and iPhone.
Can access it with both https://my-internal-ip:8123 as well as https://xxx.duckdns.org:8123.
However, from my laptop from work they seem to have made some security restrictions that I’m not able to pass. I cannot change any restrictions myself.
I get the message that “your connection to this site isn’t secure” and “This site does not have a certificate.”
What am I missing since I use my work laptop as my main client
It appears your work laptop requires https/ssl when accessing websites online, and you dont have it setup (or its not setup correctly).
It’s not a good idea to just port forward port 8123 and have your connection to Home Assistant be unsecured anyway.
You can either subscribe to the nabu casa service to configure secure temote access
Or you can configure a reverse proxy, like the nginx addon, so you can access Home Assistant remotely, securely, and without needing to specify the port in your url
Or your work place is redirecting you to another site, maybe because you try to access port 8123, which is an uncommon port.
Could be. My employer blocks dynamic DNS services (like DuckDNS). They don’t block Nabu Casa.
To test this, can you access https://www.duckdns.org from a web browser at work?
At work we used to block unknown ports like 8123. Fortunately there were some ports left open for specific applications. I just had to use one of those if I wanted to access something at home. You might have to use a trial and error approach; most Info Security folks don’t talk much about which ports they’ve left open.
If you have ssl keys for your duckdns subdomain and your non standard work browser complains about them, that means that the employer is basically doing man in the middle attack by injecting their ssl keys. If its Windows network, usually is, than by using Edge browser or other MS browser there won’t be SSL warning. Also blocking non standard ports is common in corporate environments.
I have ssh allowed trough the corporate firewall as part of the job, which I use for socks5 proxy to my Firefox browser so I can avoid the MITM.
I would definitely suspect it’s this if ssl is already enabled and it’s not a self signed cert.
If thats the case, the reverse proxy I posted above would solve that though by being able to configure a url without needing to specify a port.