I installed Tailscale since some of my streaming apps do not allow anymore to watch when outside the country⌠I have at home a rpi with homeassistant running so was thinking I could use Tailscale for this. The homeassistant is defined as âexit-nodeâ and on the iPad iâm using this HA als exit node. Seems like I donât have internet anymore when activating exit node, without exit node I still have internet but then streaming apps still detect that iâm outside the countryâŚ
If you guys want to access homeassistant from anywhere and own a domain name, you can also use Cloudflare and a Cloudflared tunnel to do that. There is no need for any sort of VPN connection on any devices, running apps or anything else. HA creates an encrypted tunnel to cloudflare which you can access via your custom subdomain. You can also add an additional layer of security by putting a login with GitHub or another SSO provider in front of it.
I recently created a new addon to use Cloudflare, so feel free to check it out and let me know what you think:
Included in the following addon repository:
this issue with this owning a domain name, which itself will be costly.
Interesting, but you might want to document a bit the cloudflare bits.
I wasnât aware of this capability, and I still donât know where to start 
Ah, nevermind. I was expecting the explanation on the github README
Well there is. Your addon installs the clouflare client rather than the tailscale one
Their way of working is extremely similar, creating a tunnel between your host and a central point acting as a router, although cloudflare seem to be based on a proprietary solution (albeit open-source) rather than the Linux standard wireguard.
Nabu Casa works the same way as well, although limited to HA itself and HA doing the client-side job.
EDIT: Actually, tailscale manages to do p2p connection when possible, so, contrary to what I thought, there is no central router: your connection are peer-to-peer, most of the time, removing a point of failure.
You can use tailscale status to check the connectivity between hosts of your tailscale ring, and see how that connection was made, whether âdirecyâ or through a ârelayâ/router.
Now, Iâd really like to understand how tailscale manages to do a ipv6 connection inside my network without me opening any ports on the firewall 
I recently posted an article about how to get a domain name for free and utilise the different offerings of Cloudflare with it. If you are interested, you can have a look:
Following your excellent guide, I successfully created the domain. Now I need to access home assistant through HTTPS protocol to use home assistant cast. Home Assistant Cast - Home Assistant
I would be careful about Freenom.
Nothing is free in this world (besides open-source done by crazy people 
) and their business model is not clear.
Even if this is paranoia, keep in mind you donât âownâ the free domain you get from them, they just lease it to you and can get it back anytime. You basically have no rights on the domain.
Not much of an issue if this is just for exposing HA, though.
Fronting Home Assistant with Cloudflare Single Sign On wonât work with the mobile apps right?
Tailscale is nice in that you can still use the mobile apps as usual.
Using Cloudflare SSO does work with the mobile app. I am running it with GitHub as ID provider and have no issues at all.
Hmm I need to give this a try then because that sounds very interesting, my understanding of Cloudflare SSO is it just puts an authenticating reverse proxy in front of the backend, which I wouldnât have thought the Home Assistant companion app would support as suddenly all requests need to be authenticated with cookies and not all requests from the companion app originate from the webview.
Hi @stijnd! Have you manage to make your exit node working?
Iâm planning to plug a privacy zigbee button that would start the exit node for each active node on my tailscale network. But first I have to find a way to make it workâŚ
Ok! I found!!! 