I’ve run into the same security level problem after confirming the higher level when prompted by the companion app.
No problem at home while hooked up to the house WiFi, but HA refuses a connection when my phone is connected via VPN. Where can I set “VPN connected”?
The comment you replied to said they don’t get an IPv4 address, not that it’s dynamic. Sounds like their ISP uses CGNAT - in which case DuckDNS is useless.
yes I know there is some exposure to open ports and I would rather not do it. But the main question is whether Tailscale will be an option again for accessing HA (OS) remotely via the companion app.
If not, what are my options for a secure remote connection?
The short answer is yes. With “most secure” option, I believe those are the conditions:
And then it should/would work. The companion app would connect to HA via the same http ip address as if you are home.
With all that being said, it cannot be the only way. Right? I’m also interested to know what other approaches out there, along with the pros and cons…
This works best when the VPN can be configured on the router: there’s no need to manually open a port, and the router switches network packets between the LAN and the VPN.
The second requirement is that the VPN reliably activates on the phone when it distonnects from the home WiFi. On iPhones with Wireguard, it works very well without any additional software. On Android (I think) you need an additional program.
I’m not sure what you mean by “again” - tailscale never ceased to be an option.
If you’re running HAOS, all you need to do is install the tailscale add-on and log it in to your tailnet. Your home assistant server will then have a tailscale IP address which your can use in the Home Assistant companion app. You’ll need to set the new security option to “Less secure” unless you want to set up HTTPS certificates, but there’s no need with a VPN.
I had something misconfigured before or right after the update that triggered the hickup with the remote connection and I was looking at the wrong place to fix it. But things are working for me again.
Thanks a lot for the input @k8gg & @D661
unless your wife sees the words “more secure” chooses that, checks it doesn’t work, tries the less secure and it won’t toggle.
Don’t ask me how I know it.
Normally i use nabu case cloud and turned off the local server in the app. today nabu went down and i couldn’t remote access, but was still getting notifications etc.
I connected tailscale on my phone and put in the local IP and i could get back in… phew!
Now I’m thinking about the VPN setting, is there a way to lock it to one particular VPN? i only want it when tailscale is the VPN, not when adguard VPN is active? i really only connect tailscale when i need to actually do something at home when I’m away… but i use adguard VPN when I’m on public networks when there is no phone signal.
now that nabu is back up i will remove the local IP and just go with could… seems to be more reliable when coming and going from home and changing between wifi and mobile
You can force to use your ipv6 of your home assistant, as it is always public. This what I have done and it works like a charm.
That can be both a good thing and a bad thing.