Hello Everyone,
I’ve a small question. I’ve an automation. if x person left from home and if window/door is open, sent a notification. But looks like if i’m not connected with vpn or nabu case, it’s not working I mean Even though I am away from home, I seem to be at home. Does not update location. If i connected vpn, it’s working. But very strange, other notifcations are working without vpn. I can get notifcations I can receive mobile notifications without access to HA server. What’s wrong? I mean if it can work without vpn/nabu casa account, why location base automation is not working? How can I receive other notifications when I’m not connected with VPN and I don’t have HA access?
The reason this makes sense is because notifications go through Google’s firebase cloud messaging service by default. A direct connection from HA to your phone is not required for these. HA sends notifications to Google’s service and your phone receives them from there. This is a public cloud service so anyone with internet access can see it. For more information on this setup, see here.
However your phone does not send messages to this service, it only receives them. When your phone wants to report a zone change event, a change in a sensor value, a notification action event, etc it calls HA’s API directly. If it can’t reach HA then this fails and HA doesn’t see that event or state change or whatever it was.
1 Like
Thank you so much for details. Now it makes sense. So, location base automations are not working if i’m not using any vpn or nabu casa cloud. Because mobile phone can not sent location information to HA right? For example normally if i’m away, i see still at home my status. Because it can not access to the HA. So it’s normal. Then everyone uses nabu casa, duckdns or vpn for location-based automations am i right.
1 Like
Yep that’s the issue. Your phone must be able to reach HA to use location based automations like that.
1 Like
Many thanks for helping me clarify this. So what is the best solution for this issue? I mean VPN, Duckdns or nabu case, which is good idea for this? Right now i’m using wireguard vpn server at home. But vpn connection must be active all the time in this case. Maybe reverse proxy can be other solution but i need to know what is the best solution for this
So there’s not really a right answer to this question. I can try and lay out some of the pros and cons of each but they all work. It’s up to you to decide what you want to do. Also this is not exhaustive, there’s definitely ways I’m not aware of. I will also link to addons when possible though you can use the services without using the addons obviously.
-
Nabu casa cloud
- pros: very little effort required on your part. No port exposed on your router (security). Works regardless of isp (some don’t give you a public ip address). Also comes with a bunch of other features (trivial setup for Google assistant/Alexa/homekit, TTS service). Can use integrations which require a public URL. Supports the development of HA.
- cons: not free. Relies on a cloud service. Instance is publicly accessible to anyone who knows the url
-
Wireguard
- pros: ha not publicly accessible at all. Only one url to remember (local one). Could probably get away with turning off 2factor auth if you wanted. Free
- cons: must expose a port on your router (wireguards). Will not work on all isps (public ip required). Must toggle vpn on for access. Every device requires setup work (install app, install profile, add device to wireguard). Cannot use HA with Google assistant, alexa and any other integrations which require a public url
- notes: IMO basically only works if you are the only HA user. No family member or roommate will remember to toggle a VPN on and off, you won’t be able to automate off their devices. That being said, for personal use you can automate turning wireguard on and off with tasker. I do this for adblocking. It’s not 100% reliable about turning it on so I wouldn’t want to use it for automation personally.
-
Tailscale/Zerotier
- pros: all pros of wireguard route. Also do not have to expose a port, works on all isps (no public ip required) and not vpn toggling (so actually something a roommate or family member might use). Free (I believe)
- cons: every device requires setup work (install app, install profile, connect to network, etc). Relies on a cloud service (I believe). Cannot use HA with Google assistant, alexa and any other integrations which require a public url
- caveat: I have not tried these, I’ve only read about them. Seems like a better version of the wireguard route but I may have some things wrong. Also have no idea which is better, the two servies seem similar (and there’s probably other competitors). You’ll have to research if you’re interested.
-
Cloudflared
- pros: do not need to expose a port. Works regardless of isp. Free (I believe)
- cons: ha still publicly accessible. Relies on a cloud service (cloudflare). Can use with Google assistant, Alexa and integrations which need a public url but must go through all manual steps yourself.
- Reverse proxy (nginx, nginx proxy manager, caddy 2, others)
- pros: free. Can take much more control over requests, responses and access/auth. No cloud service required.
- cons: must expose a port. Does not work on every isp. Need to get a url yourself or separately set up a dynamic DNS service. Need to manage ssl certificates yourself. Can use with Google assistant, Alexa, etc. but must do all manual steps. Generally the most time consuming path.
1 Like
Thank you very much for this detailed explanation.Vpn doesn’t make sane for us if amazon alexa vs google assistant is to be used. Also, looks like if we are using tailscale or wireguard, still we have to connected these softwares on the mobile phone but if we are using reverse proxy, not needed anything. Just add domain name for ha in the mobile ap (external adress) so if you connected from outside, you can connect directly without any software/vpn app. So your location base automations will work. Just You’re just a little worried as you open HA to the internet.