I’m building a vacation home that’ll be used about 50/50 with our main home, and I’m trying to figure out the best way to manage both with Home Assistant.
Most people seem to recommend running a separate HA at each location and adding both to the companion app. There’s also the Remote Home Assistant add-on, but it doesn’t look actively maintained anymore.
What I’d really like is one central Home Assistant at the main home, and the vacation home connected over a site-to-site VPN. I keep seeing people say that’s not recommended — but I don’t really understand why.
I’m a BMS engineer, and in that world we always have a centralized supervisor (in the cloud) with local logic controllers over VPN. It’s rock solid — uptime basically 100%, latency in milliseconds. So why would this be a problem for Home Assistant in 2025?
For context, I haven’t had a power or network outage at either location in years.
Has anyone actually done this successfully, or found a better way to link two homes under one HA instance?
One thing is the reliance on the VPNs, which can be mostly ignored if you are in an area with stable power and internet supply.
The other thing is that many of the protocols used for discovering devices are broadcasts or non-routable protocols, so you will have to find other ways to discover devices or route those protocols.
Building Management Systems — Programming of HVAC, lighting, data collection, and energy optimization for campuses, hospitals, and similar facilities.
Avoiding the cloud is still my goal, but in my opinion, connecting devices through a site-to-site VPN is no different from connecting, from your phone to your Home Assistant instance.
That should be manageable at the network level.
What I’m really looking for is someone who has experimented with this kind of setup.
That really depends on your devices.
There are not just one discovery protocol. There are many and some of them are proprietary and closed.
Some might be easy to handle like mDNS, where some routers have a mDNS forwarder or reflector available.
Some are more tricky, because you need to proxy the devices between the networks.
On top of that you might also run into IPv6, which is among others used for Matter.
That is a whole other can of worms and cause issues even with just VLANs.
But you can absolutely lash two HA instances together over a VPN and each controls its own dn one supervises the other. Should be similar to how you do BMS.
You don’t want the state data round tripping g the network across the Wan for control signals the latency will drive you batty because all the things Wally says and multiple vlans still freaks out consumer gear. There’s an integration in HACS to bind the installs called remote home assistant designed for this case.
I think the answer to this question really depends on what you want to use home assistant for.
With a bms typically the supervisor does not perform low level control. It may coordinate scheduling etc but most of the control is done on controllers in the field. If there is a network outage control continues as normal and data may even buffer to be sent to the supervisor when it comes back online.
If you have controllers at your houses and you are just using home assistant to supervise this is fine.
Most of us are using lights, blinds, hvac etc that do not have the capability for advanced logic and control. This is done in home assistant.
Therefore home assistant is not only supervising, it is control as well. Hence it’s better to have two instances and not lose control when there is a network outage.
My approach is also along those lines — Home Assistant is mainly for supervision and perhaps some more “advanced” control.
But the basic logic should preferably reside in the device itself (e.g. Shelly, Kincony, etc.).
I have a similar situation with one installation in our house in Spain and a second in our flat in Germany. I’m running two separate instances of Home Assistant because I need local automation to control the solar installation, the irrigation, air conditioners and security cameras.
Pictures and videos of the security cams are also stored on the server for Home Assistant.
I also have different automations running, depending on being present or not.
The two sites are connected via site-to-site wireguard VPN.
I spent a lot of effort to secure remote access to the house in Spain.
The router is a Gl-Inet XE300 with battery backup and an installed SIM card for internet access via 5G mobile network. There is no other option, except Starlink as of lately.
I’ve installed a PiKVM to have access to the server in case it can’t restart all services after a power outage. There is a separate access channel to the PiKVM via tailscale.
I have a lot of shelly devices to be able to control power and measure energy consumption.
All shelly devices are also accessible via the Shelly Cloud in case the Home Assistant server is not running correctly. The server has its own shelly plug which I can use to switch it on and off via the Shelly Cloud in this case.
I’d like to see them adopt a method sort of like the Nx Witness (or DW Spectrum) CCTV software system. Each system will function as standalone from it’s local IP address, but you can also pair them together in a sort of hive group where they act like a single system. Any or all information gets synced back and forth as needed. No matter which system you log into, you can still interact with the others.
Depends on your devices. “Cloud” devices probably don’t care where the HA endpoint is. Local devices might.
I’ve been doing this for nearly 10 years now. My HA instance manages my mom’s house as well. Sites are connected via site-to-site VPN. Been flawless the entire time.
But, and this is a BIG BUT, all my devices are MQTT. As long as they can make a connection to the broker (on HA VM), which is dependent on the VPN routing the traffic, they will work.
Consumer level stuff, probably anything “app” based, will likely have issues cross-subnet and without broadcast. Of course you can absolutely route these things over the VPN but then there’s the MDNS issue. You’d probably need to run an MDNS proxy/reflector at each end and those aren’t reliable because the protocol was never designed to be anything but broadcast in one subnet.
The post I replied to said HA should handle the network side too and that can only be done reliably with a cloud service, if you want it to work for all users.
You have configured a VPN yourself, so you handled the network side yourself.
With different firewalls, routers and ISPs (especially those with CGNat) only a cloud service where connections are going to an external server is a somewhat universal possible option, if no user configuration is allowed.
CGNAT isn’t a problem as long as at least one side has a world routable IP. Most good VPN routers will support a dialup profile. The router behind CGNAT makes the connection to the other site.
I know that, but the post stated that HA should handle the network part and that means no port forwarding then and some will also have two internet connection that are both behind CGNat.
You know your own setup, but the HA devs would have to make such a feature without knowing the actual setup and therefore have to cater to as many setups as possible.
They also do not know the users knowledge level, so at that point they will also have to cater to as many levels as possible.
