You and I don’t disagree. There are multiple methods to lock access, but based on the traffic I see, it should be folks #1 priority if going outside Nabu.
TBH, Nabu is exactly the same as Cloudflare tunnels, so I don’t consider that option as secure as Tailscale or other similar “p2p”/wireguard-based VPN, either.
2 Likes
That’s a good point!
I just went fine domain name + cloudflare route. Is it possible to access HA through the HA phone App when not connected to local WiFi?
I acess all my various remote servers via Tailscape. You can install it on HA and then acess it from PC/Phone
Does it allow bidirectional usage of Google Assistant?
No. Google is not on your tailscale (or any) VPN, obviously.
I just use the nginx proxy manager on an LXC in proxmox, and get my free subdomains from afraid which has been rock solid (far more so thatn DuckDNS which seems to regularly have issues).
The proxy manager also makes it super easy to integrate lets Encrypt SSL certs.
hmmm! so what is the best solution for cg-nat situation?
tq
i am trying to setup duckdns with cloudflare…is that even possible?
1 Like
cool. so the “renews at 11$” on the cloudflare is per yearly?! that sounds like a reasonable! option
Tailscale. It bypasses CGNAT for both server (like LTE modem connection from home) and clinent (mobile phone).
1 Like
Also experiencing issues with my DuckDNS setup, almost all the time I need to turn off WiFi on my phone to access HA via the Companion App. Not a DuckDns issue but still an issue.
Trying to understand how to move to something else but I’m lost. Please help me understand:
-
Tailscale is a VPN option, does it mean that I need to connect via a VPN app before opening Home Assistant companion app on my phone / Apple Watch? I check HA way to often for that.
-
Cloudflare is similar to DuckDNS, I add the integration and register an account. Seems like a complicated setup? ANy guidance on the workload to move from DuckDns to Cloudflare?
Any other easy but secure options that works on iPhone, Android and Apple Watch?
I use Tailscale and enable the Funnel option which allows me to access my HA without connecting to the VPN first. You can google it to see how it works.
1 Like
I’m using client VPN to my opnsense firewall (have static IPv4, but also working with DynDNS). Secured with Client Certificates.
On my Android I’m using tasker to automate login, when I’m leaving home WLAN.
For Homeassistant App I 'm therefore always using the internal IP/Name.
I’m trying to understand the VPN concept. If you are using a VPN (Tailscale, OPNVpn etc) on your phone, are you constantly connected to that VPN on the phone when you are outside of your home WiFi? Otherwise if you are just connecting to the VPN when you need to manipulate HA companion, you will not get access to the phone sensors, am I correct?
thank you
You are constantly connected to the VPN.
It is like a wired connection from you phone to your local network.
Depending on the setup of the VPN client it can be all network connections or it can be specific ones, where only like the companion app use the VPN.
Thx. As far as the network connection you mention, is that a setting in the VPN app on my phone (specifically opnvpn app)?
Thx
The app specific VPN connection is a client feature in some clients, so it is in the VPN app on your phone, if it is supported.
I use strongSwan VPN app.
So going the VPN route is the most secure from what I understand? Is tailscale a good option for a vpn?