Remote access / geofencing

Recently installed HA in a VM in Proxmox. Still learning a lot. I do not have remote access set up yet.

I know there are various ways to do remote access like through Nabu Casa (which also supports the cause) or a VPN with Wireguard or Tailscale. What I don’t know is if there are advantages to one over the other specifically with regard to the system being aware of my location.

Currently there is a map dashboard and when I am at home it shows me there but when I take the dog for a walk it doesn’t know where I am. I’m not sure how quickly it updates when I get back in WiFi range. It doesn’t seem very useful.

I want to be able to have automations like if I go out of town it turns the AC back on when I get back to the airport so its cool when I get home.

If I set up remote access via a VPN would I have to sign in for the system to know where I am (like if I got back to the airport I would have to sign in so it would determine my location and turn on the AC)?

If I go the cloud route via Nabu Casa would the sign in requirement be eliminated and would the system just keep track of my location at all times (like Apple maps).

Is a better (and somewhat ironic) solution just to connect it to Homekit and rely on Homekit for location services?

Any advice is appreciated before I decide which way to set this up. Thanks.

You will probably be best going with Nabu Casa since it will provide you with an external url that can be accessed over https without the need for a VPN.

An alternative is to set up a reverse proxy such as Nginx Proxy Manager and allow remote access to your HA server via that.

Usually that is up to you depending on the method you use to determine presence.

That’s not quite how it works, but if you’re going as far as signing in why not just hit the on button from the dashboard?

You would still have to have some sort of presence detection enabled. I can’t speak on NC as I’ve used a reverse proxy since day one. Its dead simple and it works. At that point the system only sees you’re logged in, but I’m sure there’s some way to do the work.

Signing in really has nothing to do with it, VPN or otherwise. Its all about what you’re sending back to the mothership. You need a service running (Home assistant) and some location data to give it (your GPS). There’s a lot of ways to do this. I don’t know the ‘golden standard’ these days but Owntracks works well and has geofencing.

Setting up locations in your instance lets HA know when you’ve entered and exited a boundary in order to fire off an automation. You just have to figure out whats best for you to send it what it needs to let it know you’ve come or gone.

I do both. I have a VPN setup, so I can VPN in, ssh into any of the servers (including HA) and do stuff on them or run the HA client.

For location I use Nabu Casa to expose a webhook and run owntracks on my families phones.

I don’t understand what you are trying to tell me here.

I have location services enabled on my iPhone and have it set so location is available to the HA app. Is there some other method or some way to control how quickly this updates?

You are telling me that’s not how it works without saying how it does work. Can you elaborate? Are you suggesting just to leave the VPN tunnel open all the time?

I think that was the point of my question: How to I get it to send my location back to the mothership without me having to do something manually so automations can be triggered (like my example of turning on the AC when I get back to the airport).

I’ll check out web hooks and owntracks. Thanks.

with “presence publisher” you can send MQTT messages to a public MQTT broker. Those messages can be individually configured.

But you aren’t sending anything to HA unless you’ve set it up to receive that data.

It doesn’t work like that, because it doesn’t work like that. Its not complicated. If you’re logging in to the dashboard you hit the “On” button for the entity you want to turn on. HA doesn’t know you’re youre in Atlanta, Hong Kong, or Sydney just because you’re logged in via your VPN, but if you’re going through all the trouble to log in remotely then what is the point of geofencing locations?

You have to have a service enabled in your HA instance that reads the data you send from your phone. HA isn’t smart, it has to be programmed to do what you tell it.

I personally use Owntracks with web sockets. Its easy, its what I’ve used for the last 8+ years, and it just works. I enter a predefined location and HA does something. I leave a predefined location and HA does something else. I arrive home after all the lights go out and it will turn a light on for me so I’m not walking in the dark.

Those things you have to set up yourself. There’s 100 ways of doing it. Some people go the Nabu Casa route, some go DDNS, some register a domain and host their own.

Since you’re already running a VPN (locally I assume) it sounds like you’re halfway there to getting what you want. HA has gotten stupid really easy these past few years so getting up and running is a lot quicker with far fewer issues.

So many confusing posts from people.
They are wrong.

It is not necessary to use an third party service like Owntracks.

Either use Nabu Casa - which is the simplest solution, or use a reverse proxy in front of Home Assistant. When you log in to the app on your phone, it will send your location back to Home Assistant. (and will send the location regularly, when your position has changed a significant amount since the last time it sent your location)

The only reason it isn’t right now, is because obviously when you are away from the house, the app has no ability to reach your Home Assistant instance.

I personally use Nabu Casa - there is literally nothing to setup, create an account, pay the monthly fee and it all works, there is no having to manually set Home Assistant up to receive your location - the receiver on Home Assistant’s side of things, is the mobile app integration.

For a friend in Aberdeen, a friend in the Scottish Borders and a friend in the US - I have set them all up using the Reverse Proxy option with Duck DNS handling the pointing a domain name to your external IP address.

For my boyfriend - we used the Cloudflare tunnel option, which is very very quick and easy, but does require you to have bought a domain name.

what’s wrong?

We’re pointing at Owntracks because he was asking for something with geofencing.

You’re talking about front end access?

I agree with a previous poster that this thread is confusing especially with the mention of Owntracks and excuse that it is because you were asking for something with geofencing.

Firstly, as the OP has said they installed HA in a VM on Proxmox but have not set-up remote access. My advice would be to investigate the options for remote access.

The OP mentions the map dashboard and the fact it works when they are at home but not when taking the dog for a walk; is a clear indication that they have installed the mobile companion app which is updating their location when they are connected via their wifi as the HA server can be reached.

The OP asks if they setup a VPN for remote access would they need to sign in for the system to know where they are, and the simple answer to this would be yes - basically the VPN would need to be active.

So, that really leaves only three choices:

1). Get a Nabu Casa account to provide remote access. This has the advantage in that you do not need to open your internal network at your router and that it supports the developers.

2). Allow connections in directly to your HA server (or if using other software such as a reverse proxy or Owntracks potentially a different server). There are many ways to do this from simply just forwarding port 8123 from your router to your HA server certainly not recommended as it would expose your HA server to the Internet, to using cloudflare tunnels. As the OP has HA in a Proxmox VM, I would suggest they test out Nginx Proxy Manager as a reverse proxy should they feel they want to go this route as it can be installed in a LXC from Proxmox VE Helper-Scripts

3). Use a VPN - realistically this should only be considered if the OP wants to access other services / machines on the internal network. Whilst it will work for just accessing HA, the OP will need to be connected to the VPN in order for the mobile app to update the data.

For what the OP wants I believe using Zones set-up in HA would be suitable, therefore, I do not see the point in recommending Owntracks. Owntracks will provide more features, but at the cost of complicating the overall installation. Owntracks requires a server and hence most would need to follow option 2 above anyway (I am aware that you could host a Owntracks server on a public cloud VPS and connect your HA to it remotely without port forwarding on your router - but you will still need to manage and secure your public VPS).

I would add here that using options 1 and 2 also allows integration with other third-parties such as Amazon Alexa or Google Assistant that require their servers to talk to the HA server.

I’m beginning to feel like this message board should be called,

“Just pay for the service already”

Thank you for the very clear and informative response. That’s just what I was looking for.

Why? Especially as you will not that I recommended Nginx Proxy Manager for Option 2.

Personally I feel OP should look at option 2 as in the longer term it would prove to be the most flexible and is relatively simple to set-up:

1). Set-up Dynamic DNS - hopefully the router supports it, if not should be able to find a suitable client depending on provider.
2). Use helper script to install Nginx Proxy Manager in an lxc and either reserve the IP in DHCP or give it a static IP
3). On the router set forwarding for ports 80 and 443 to the Nginx Proxy Manager IP.
4). Configure the Host on Nginx Proxy Manager to provide reverse proxy to HA - use the LetsEncrypt plugin to create a certificate for the hostname so that access would be in the form https://host.from.ddns

A point to note is that the above 4 steps will expose your HA server to the Internet, so you should make sure that user accounts have reasonable passwords at a very minimum.

If OP wants they can opt to try Owntracks - follow above but instead of installing Nginx Proxy Manager install Mosquitto (Proxmox VE Helper-Scripts) and port forward 1883 to the Mosquitto LXC. An additional step would be to add the MQTT integration in Home Assistant and provide the LXC details. Then use the Owntracks client on mobile in MQTT mode. Same caveat that the MQTT server is open to the Internet and should be secured accordingly.

However, the real question should be why was Owntracks even recommended? What features would the OP need over what the Mobile App provide? Simple fact is most HA users probably use the HA mobile app anyway, so a bit pointless having a second app to track your location when it is already available.

I would argue that it would in fact be better to use HA and device_trackers since you can assign several device_trackers to a person, thereby tracking a person over a variety of devices and not just the mobile app.

It does not. I use it directly from my phone to a webhook created by the owntracks integration. Works well it’s simple, lightweight and does one thing.

Shhhhh… shhhhh. just walk away… walk away…

OK, I stand corrected - as I do not use Owntracks I wasn’t aware it creates a Webhook. However, this means your Home Assistant Server is accessible would need to be configured for remote access. So goes back to the question as to why bother if most users would use the HA mobile App which includes the ability to update tracking information.

Waking this up as I’m in a similar position as the OP and want to clarify. I have DDNS using OpenWrt and my domain provider’s API. So I can access my home IP (though it’s a bit more complicated as I’m using mobile b/b - more shortly).

Next I’m going to mess with sensors to make sure I can access everything on the home network. And then I’ll be coming to remote access, hence this post.

It’s Complicated - Mobile b/b
My internet at home is via mobile b/b so I’m going to use a regular phone to provide a WiFi hotspot and have configured my router to connect to that. The phone will have the HA app on it purely so I can monitor mobile data usage (otherwise I’d use a MiFi dongle to provide the hotspot).

The router provides wired ethernet to a micro PC with Proxmox and HAOS in a VM.

So before remote access I’ll be testing if this allows sensors both attached via the hotspot/WiFi (a Glow CAD for energy use monitoring), and connected to a ZigBee usb Dongle on the micro PC, to be accessed by HA OS. (If not maybe I’ll need a second router to provide a local network with both a second WiFi and wired connections).

Remote Access
I’m not sure how important location tracking/geofencing will be but I’d like to play with it, as well as set up secure remote access to HAOS web interface at home. I need the latter rather than just the phone app so I can work on the dashboard using a laptop from a remote location.

So I think I can have this with the above setup and:

• Wiregaurd server on micro PC (VM or LXC?) to provide secure remote access to HA OS
• Nginx (or Caddy?) on micro PC (VM or LXC?)
• install the HA app on any mobiles I wish to track, each set up to connect via Wiregaurd

Goals:

• remote access using HA app on personal phone (secured by Wiregaurd)
• remote access to, HA dashboard using browser on laptop (secured by Wiregaurd)
• location tracking using data sent home by the app
• avoid using third party services, including VPS

Does this sound feasible? Thanks for reading!

The tricky bit will be getting the inbound data via the mobile as it will most likely be on CGNAT. In which case your best bet is to look at setting up Tailscale.

I would probably do:

Nginx Proxy Manager in LXC (or other proxy) with tailscale. Allowing port 80 and 443 traffic only. Then Home Assistant configured to accept proxy requests from the NPM LXC. You use the Tailscale IP to connect to your Proxy which in turn gets you to your Home Assistant.

If you can do get incoming on your router directly, then you could just forward port 80 and 443 to NPM LXC and not bother with tailscale.

If you want something a bit simpler you could just use the tailscale app on home assistant

Thanks. It’s good to know of that option but I forgot to include avoiding third party services in my goals (will update). So I’d like to avoid cloud services such as Tailgate, and self hosting anything on VPS.

So far all I’m relying on is an API to update the DNS record for my domain.

The Proxmox PC can access internet, either wired to the router (or to an Eth hub that is wired to the router). So it feels like I’m nearly there.

But maybe the issue you’re talking about is when making a connection from a remote device? I’ve not done this stuff before, and was assuming that this would work with some port or proxy settings to get a connection through to the Wiregaurd server, and from there to any home network services I want exposed, such as HAOS dashboard (in a Proxmox VM).

Does that sound wrong?

EDIT: having done some research I see my assumption was wrong. I won’t be able to reach my home network from outside because CGNAT presents a different public IP for inbound traffic (and also likely to block certain ports).

The options for getting around this seem expensive, and essentially either involve paying the provider for a fixed IP (not sure this is available on UK mobile b/b though), or paying a third party service though I’m not clear how they work exactly.

I was using mobile b/b to avoid the higher cost of a cable service, but one which offers fixed IP would probably be cheaper than any ways I can see to achieve this over mobile.

@SJ20035 thanks for putting me on the right track for this. I guess my options are:

• Tailscale as you originally suggested, or to
• find a suitable cable/fibre service and pay for a fixed IP.