Secure remote access to Home Assistant using Tor

frenck · June 16, 2018, 7:50am

I’ve just tested it, fresh installation, with Home Assistant (Hass.io), the latest Tor add-on and the latest Node-RED add-on.

Next I’ve used the following configuration:

{
  "log_level": "info",
  "socks": false,
  "hidden_services": true,
  "stealth": false,
  "client_names": [],
  "ports": [
    "8123:80",
    "1880"
  ]
}

Could access it via Tor just fine.

sam_uk · June 16, 2018, 9:24am

Thanks! That is working now.

I guess I had a network problem between me and the Pi previously.

IoTmessenger · June 16, 2018, 12:11pm

@frenck
Franck, many thanks for this great add-on!

Made my HASS IO installation much more secure (using stealth mode) while still having remote access to all ports/services I need using the VPN mode and hidden services. No more port forwarding needed on my router as well.

danielperez505 · July 24, 2018, 11:37pm

Hi guys,
is there any easy option to access my tor address from my Iphone?

henninne · August 7, 2018, 10:27am

Same here, anyone found a way to access via tor on iPhone?

blaksec · August 9, 2018, 2:32pm

I have no problems accessing my HA onion link using my Tor Browser on the iphone. What issue are you having?

henninne · August 9, 2018, 4:53pm

@blaksec How di you configure the onion Browser? I did not find anyway to configure torrc. Which Browser/app are you using?

blaksec · August 9, 2018, 6:19pm

I did not have to do anything to configure browser. All I do on the browser side is type in my .onion address. I’m using “Tor Browser” which is available via Appstore

You are supposed to configure torrc on the HA side, not browser side. Here’re the steps I followed: https://www.home-assistant.io/docs/ecosystem/tor/

henninne · August 9, 2018, 8:42pm

Not sure I understand. If I just put in the .onion address I get nothing. I bough the Red Onion app, $3. That one you can add to the torrc file and I am able to load the login site to my HA, but I cannot login. It says “unable to connect”. Not sure what’s the problem.

ahzazou · August 10, 2018, 2:04pm

What isthe tor app you are using from app store!?

ahzazou · August 10, 2018, 2:05pm

Im facing the same issue you are facing a problem to login even if i use HA without authentication http password i mean

ahzazou · August 16, 2018, 1:30pm

To be able to use tor on iphone most application gives errore for login , there is one i tried called red onion ll
That one does not allow you to edit torrc file , but if you disable stealth mode , you can use this browser without editting torrc but this mode is less secured than stealth mode.

This is the appstore app
Red Onion II - Next Generation by Omar Mody

What i like in this app it works as vpn on your iphone , so you can use .onion site on safari or chrome

daneboom · August 28, 2018, 1:06pm

When I try to connect to my Hass.io Tor install I get Error the operation couldn’t be completed (kCFErrorDomainCFNetwork error 120.) Any ideas why? I haven’t restarted Hass so obviously when I get home that will be my first step, but I got no indication from the log or the install process I needed to do this. Everything seemed to be up and running.

henninne · September 14, 2018, 7:31am

@ahzazou Could you describe how you get this to work? Which version of HA do you run. I run 0.77.3 and cannot access the login screen anymore in the Red onion app either. I tested the Red onion II app and I cannot get this to load the site at all.

ahzazou · September 19, 2018, 5:40am

@henninne Red onion II app does not support editing torrc file , so to make it work , you need to disable stealth mode in TOR configuration , so it will load perfectly , just to be in safe side just be sure at least you have password for you hass instance as this address will be reachable from all Torr network.

in this section

############### This section is just for location-hidden services ###

## Once you have configured a hidden service, you can look at the
## contents of the file ".../hidden_service/hostname" for the address
## to tell people.
...
HiddenServiceDir /var/lib/tor/homeassistant/
HiddenServicePort 80 127.0.0.1:8123
HiddenServiceAuthorizeClient stealth haremote1    <--remove this line to disable stealthmode
...

Qubit · January 22, 2019, 10:08am

I setup HA tor onion service but get an error on logni, displayed on the page:

Logging in with Home Assistant Local .
Error: Message format incorrect: required key not provided @ data[‘client_id’]

Any help would be appreciated
Setup:
pi1 b+
hasbian

Possibly relates to
https://github.com/home-assistant/home-assistant/issues/17528
as TOR Browser is Firefox based

Argo · January 22, 2019, 10:39am

Hi! Could you be more precise on that?

How to fo that, I mean have you any links? Where can I read about hass through open vpn?

Robbrad · January 22, 2019, 12:19pm

Argo · January 22, 2019, 1:14pm

Do I understand right:
I do not need static Ip for that and even if my provider uses cgnat, I will be ok with that? And things like google assistant and ios tracker will work just fine?

Robbrad · January 22, 2019, 1:44pm

You don’t need a static IP - you can use a free dyndns service.

However you will need the cloud service for home assistant for google assistant to work. I pay 5 dollars a month for it