I’m trying to make my home assistant network accessible online and struggling a bit. My connection is over 4g and via NAT so I assume I need to have an external VPN server hosted outside of the local network and connect to it via a client on my home assistant server. Can’t forward any ports.
I’ve followed this tutorial. I’m running a Supervised instance on docker on a raspberry PI 4.
I’m looking at OpenVPN as my seedbox comes with a OpenVPN server.
I’ve installed this OpenVPN addon. It starts, but fails on initializing the openvpn command:
[s6-init] making user provided files available at /var/run/s6/etc...exited 0.
[s6-init] ensuring user provided files have correct perms...exited 0.
[fix-attrs.d] applying ownership & permissions fixes...
[fix-attrs.d] done.
[cont-init.d] executing container initialization scripts...
[cont-init.d] done.
[services.d] starting services
[services.d] done.
Wait until the user uploads the files.
All files available!
Setup the VPN connection with the following OpenVPN configuration.
/run.sh: line 91: openvpn: command not found
[cmd] /run.sh exited 127
[cont-finish.d] executing container finish scripts...
[cont-finish.d] done.
[s6-finish] waiting for services.
[s6-finish] sending all processes the TERM signal.
Here is where I’m stuck after 2 or so days of tinkering. I tried installing OpenVPN on the host but I assume the container doesn’t have access to it (I’m fairly new to containers so my apologies if I’m mixing up concepts, still struggling a bit on where to install things).
Best to worst scenario wishlist:
I’d like to keep the config in Homeasssistant so restoring of backups is more straightforward with OpenVPN or a free alternative
I’m ok with installing a client on the host (Raspbian) system if the above is not possible
I was looking at ZeroTier One but I’d like to avoid having additiona software/apps running on other clients
I can migrate to a different seedbox provider with e.g. wireguard support (~6 EUR / Mnth) with that’s a way forward
Alternatively, if you have any other suggestions how to achieve online access, please do let me know.
Thanks a ton in advance!
ps. Tried even setting up a reverse proxy, which didn’t work I think due to the missing port forwarding capabilities (followed this tutorial):
http-01 challenge for mysubdomain.duckdns.org
Using the webroot path /data/letsencrypt-acme-challenge for all unmatched domains.
Waiting for verification...
Challenge failed for domain mysubdomain.duckdns.org
What do you mean by this? Are you simply wanting your home assistant server able to be accessed from a web client on the internet? What about nabu casa?
Primarily yes, being able to access the client over the internet would be my first objective. Ideally over a VPN as I have a set of other services running and planned to setup in the future. Managing everything over a VPN seems the most secure and most straightforward way.
Nabu casa is great, but it doesn’t seem to solve my other requirements (e.g. will have a NAS which I’d like to access as well).
yes, if you haven’t got a ovpn file in there you get this log
[s6-init] making user provided files available at /var/run/s6/etc...exited 0.
[s6-init] ensuring user provided files have correct perms...exited 0.
[fix-attrs.d] applying ownership & permissions fixes...
[fix-attrs.d] done.
[cont-init.d] executing container initialization scripts...
[cont-init.d] done.
[services.d] starting services
[services.d] done.
Wait until the user uploads the files.
File /share/client.ovpn not found
/run.sh: line 42: break: only meaningful in a `for', `while', or `until' loop
line 91 of run.sh is openvpn --config ${OPENVPN_CONFIG}
${OPENVPN_CONFIG} resolves to client.ovpn, but I think it should be /share/client.ovpn.
So go into the addon configuration and change the setting ovpnfile from client.ovpn to /share/client.ovpn Save it, restart the addon and see what happens.
EDIT: see below, i don’t think I am right in this!!!
[s6-init] making user provided files available at /var/run/s6/etc...exited 0.
[s6-init] ensuring user provided files have correct perms...exited 0.
[fix-attrs.d] applying ownership & permissions fixes...
[fix-attrs.d] done.
[cont-init.d] executing container initialization scripts...
[cont-init.d] done.
[services.d] starting services
[services.d] done.
Wait until the user uploads the files.
File /share//share/openvpn.ovpn not found
/run.sh: line 42: break: only meaningful in a `for', `while', or `until' loop
BTW, the file name is correct, I renamed it to ‘openvpn.ovpn’
Sounds interesting. Is a VPN kind tool? When you connect all devices to it, it will be all in same “network” because I tried it. My HA is connected, my phone is connected. But when I want do a SSH to my local IP (HA) it can’t connect. Phone is over 4G.
When I use WireGuard I can connect without problem.
Every device becomes a client in the ZeroTier network and you can connect between them exactly as you would on your LAN. All devices will be on the same subnet.
Please correct me if I’m wrong but to me it seems like WireGuard requires port forwarding and it’s only the server which is available in the store. I’d happily be wrong
