I’m not sure. I think HA is not part of the wireguard.
So it’s not connect as client too.
But never tried it. Will test this to see if I can access device connected via wireguard
Jumping on this thread.
Similar request. HA to have some sort of VPN Client capability (PPTP or L2TP)
My scenario differs slightly. I’m running a site completely on LTE.
It looks like the ISP has some double NATs and making ZT on some occasions slow and unreliable.
I do work from that remote location and can confirm outgoing VPNs are basically unhindered.
I’ve spoken with the ISP and obviously as the LTE plan I am using is consumer grade ($) ; the only way I can have inbound VPN to that site is a LTE cellular plan ($$$$$)
So having HA be able to VPN to an external server (hosted on one of my locations on stock standard FTTH) will allow me remote management without the need for ZT. Bonus ask : Direct Internet Access and Split Tunneling capabilities would be great too ! Wouldn’t want to backhaul everything.
If anyone has thoughts on how to accomplish this on HassOS or if anyone knows of some add-on that can help would be great !
Nabu Casa not working for you?
Hey,
I’m currently using ngrok as a temporary workaround: GitHub - dylrio/hassio-addons: A collection of addons for Hass.io that I've created or modified. (thx @sheminasalam) and using the Terminal & SSH add-on to ssh into other devices on the network. I’m planning to put the devices/services I’d like to access remotely on a VPN (played around with OpenVPN, but their Android app had troubles connecting - maybe an issue with the VPN server, but the Windows client worked fine). Still also thinking about setting up a custom VPS and SSH tunnel.
Oh it would work. Actually have 2 separate Nabu Casa instances where Alexa and Google Home integration is necessary and doing it manually is just not scalable or worth the hassle.
However, for this remote LTE site, I have no need for the nifty features NC offers. Literally just need this for remote management and ZT was my go to solution but caveat was the ISP.
I feel that going with another NC instance just for the remote management piece isn’t worth it for me.
Although have seen multiple asks for a “Pro” version of NC. Pay X amount for Y instances. Wouldn’t mind going on a plan like that.
Yes that would be excellent.
Unfortunately “inbound” connections to this site is not allowed. Hence I won’t be able to setup a VPN server for this site.
Again, outbound is unrestricted.
Similar situation as @Tamadite seen here Client OpenVPN to connect server outside my network - #24 by Tamadite
Actually to be more specific, Pay X amount for Y instances consolidated under 1 account. Would be great for scalability if you’re a MSP. Or a PAYG option 
What caveat? ZT works perfectly in exactly this scenario.
I believe ZT doesn’t quite like Double NATs.
https://zerotier.atlassian.net/wiki/spaces/SD/pages/6815768/Router+Configuration+Tips
My WWAN router performs the 1st NAT and the ISP does the 2nd NAT for them to conserve addresses.
Have you even tried it?
Which ISP do you use for the mobile link? If it’s Telstra maybe you could use IPv6 and avoid NAT…
Unfortunately I’m not in AU and the ISP I’m on restricts consumer grade LTE.
For them to allow access to a public IP from their pool or have IPv6 functionality needs an upgrade to their LTE for business offering which is pricey.
Well that sucks. When you said FTTH I thought you were in Aus.
Yeap it does suck. FFTH is pretty common in other parts of the world as well
Anyway, hence the need for VPN Client functionality on this particular instance of HA.
Thanks for the sanity checks though. Trying to sort through my options, and NC being the last option. Although not keen to be managing multiple logins for multiple instances
It’s odd NC works if ZT doesn’t…
Planning to test this soon as well. But i believe the traffic initiator is the HA rather than NC. Will update once I fire up NC free trial for this site.
Well same with ZT… all devices are clients that log into ZT server which establishes P2P between them all… Maybe NC does it differently…
I mean having a VPN server outside of your network and all clients connecting to it from inside of your home network - I’m on 4G myself, so no inbound connections available either.
I’ve got a seedbox with OpenVPN on it in Europe, but as I said the Android client or the seedbox itself seems unreliable.