I want to be able to manage my HA server (and probably my router or a few other devices) from my phone, outside of my house. The largest challenge I can see is my ISP does not offer static IP addresses, which rules out many VPN solutions. I am wondering what other folks are doing to manage their HA server from remote or mobile locations? Is there a secure but fairly easy solution to this? Are there any VPN servers that can run on the HA server itself, or should I be looking at another device?
There are many threads in this forum about topics like:
- dynDNS/DuckDNS Add-On
- Tailscale/Wireguard Add-On
- Nabu Casa and remote access through it
Give it a try and ask for more detailed help in case you need it.
Supporting Nabu Casa also supports HomeAssistant. Just a heads up.
Best wishes with your detailed searches and reading the detailed documentation carefully to arrive at your goal. It is a common solution people strive for to achieve remote access.
A suggestion: Home Automation is a fast moving technology. Being tempted to use ChatGPT and other AI to shortcut your deep understanding of the issues will often backfire, as you will be presented with carefully formatted information that is hopelessly outdated and often just plain wrong. Stick with the actual vendor information, detailed user guides, and go from there.
1 Like
Nabu Casa and at the same time you help HA development.
Supporting Nabu Casa wonât get you everything you asked for. But, it is an easy start.
Nabu Casa comes with a free trial period so you should be able to see if it fits your âfairly easyâ criteria.
Thank you.
I wanted to avoid dynamic dns as I donât think I can automate all of the necessary things to make it robust and I donât want to have to be there to reboot anything to fix it.
I looked at nabu casa but it only helps me manage my home assistant image, but I canât manage my other wifi devices like my router or access my cameras.
I started to look at waveshare - that has some hope. Thanks for summarizing the various approaches. I really hope one day that someone will write a vpn client that can work with a VPN service and host it as an integration on HA. In the meantime I will continue to evaluate waveshare.
I wanted to avoid dynamic dns as I donât think I can automate all of the necessary things
I have owned several routers that have built in support for DDNS so if you pick a pair (DDNS and Router) that support each other there may be very little to do to automate it.
You should also check how often your âDynamicâ IP changes, some providers have timeouts where they donât re-assign the IP as long as your modem has been seen in the past week or so, in which case you may go years without the IP actually changing.
to make it robust and I donât want to have to be there to reboot anything to fix it.
Ultimately all solutions require something on your LAN to reach out.
This is inherent in the problem - if I tell you I have a service running on TCP port 443 âsomewhere on the internetâ there is no way for you to find it easily without some traffic leaving that server/LAN.
Hence itâs not really practical to say one solution is more robust than another without getting into the weeds about exactly how it works / does retries.
PS You can also do VPNs (without DDNS) where both ends are dynamic as long as there is a proxy in the middle with a known IP
1 Like
Sounds like you are aware of the issues, and that each solution has their own unique challenges.
How often does your router change IP Address is your first question? How much do you trust that DDNS wonât provide an easy solution? Most routers support it. Did somebody say free? You only have to set it up once and it just works. No custom networking on the remote end.
I would strongly advise not to allow remote router management. Here be dragons, and exploits are common, even on reputable brands.
I was hoping to only have admin on my router via my network OR the authenticated VPN client. Once I get a VPN set up, I should not have a problem. I want access to other devices too - like the video streams from my cameras.
Go for Tailscale, it not only allows for both ends to be dynamic, but also can work through CGNAT. It uses their own servers as proxy, but there is also option to set up your own proxy, though require to have some device being available at known address, so perhaps using DDNS just for this purpose. If you configure home end (like add-on on HA) as subnet router, you can access all devices on your local network using their local IP addresses and without exposing them to public Internet (like port opening for reverse proxy).
2 Likes
There are ways to do this. I have my video streams in dashboards. So, access to HA (Nabu Casa or other ways) gives that access.
There are ways to get your IP address from HA without DDNS. But, will take a minute to change your settings when wanting to connect to VPN after the IP has changed.
I have DuckDNS set up in my router and can access every device on my network through the Wireguard Add-On and the Wireguard/WGTunnel client on my mobile devices. The WGTunnel client even starts the secure connection automatically when my phone leaves the Home WiFi.
I know that there are routers out there that will even allow you to directly set up Wireguard on the router - so there wouldnât be a need for the HA Add-On, but they require more hands-on configuration.
1 Like