I’m running Android 6.0.1 and Orbot 15.1.2. For security, I’d like to stay away from apps which are not available in the Play store.
I did come across the following link which shows one way of doing this:
but it requires a rooted phone, which mine isn’t. Is it possible to do this with the current version of Orbot without a rooted phone?
The new Orbot release will be out shortly.
Otherwise, is your HA running with the authenticated mode on? You will need to add that cookie data to the Orbot->Settings torrc custom section. This is the same as adding it to the Tor Browser’s Tor RC file.
Otherwise, you don’t need the transparent proxy and root feature outlined in that post. Instead, you should use the Orbot Apps VPN feature which routes any app through Tor.
Where you would put the server in Owntracks is where you would enter the .onion address that your HA is running on.
I have an HTTP password and am using the default settings for Mosquitto until I get everything up and running. I’ve followed the instructions set up a tor hidden service. The line in the torrc file is:
HiddenServiceDir /var/lib/tor/mosquitto/
HiddenServicePort 1883 127.0.0.1:1883
HiddenServiceAuthorizeClient stealth haremote1
I checked the cookie and entered it on my torrc file in Orbot. I went into the select apps menu in Orbot and checked the box for Owntracks. Restarted everything, and started Orbot with VPN mode on. Orbot seems to be fine, but I get an error in Owntracks saying that it’s got an Unknown Host Exception.
I used the .onion address in the host field and kept the port as 1883. For authentication details, I’ve used the same details as I have when I’m on the network. I double checked and if I connect to my wifi network and point owntracks at the server directly, it works.
So I’m not sure where the error is coming from.
Is 1883 the port that you access the HA web interface from as well?
If so, can you try installing Orfox browser, and see if you can access the web interface via the onion address?
1883 is not the port used for the web interface, it’s only used for MQTT. HTTP traffic is on port 80; my hidden service for that is a direct copy from the instructions, so the total entry for hidden services is:
HiddenServiceDir /var/lib/tor/homeassistant/
HiddenServicePort 80 127.0.0.1:8123
HiddenServiceAuthorizeClient stealth haremote1
HiddenServiceDir /var/lib/tor/mosquitto/
HiddenServicePort 1883 127.0.0.1:1883
HiddenServiceAuthorizeClient stealth haremote1
I have both cookies saved in Orbot. I checked the web interface with Orfox and it connects regardless of whether I’m connected over VPN.
Yes, Orfox directly connects to Orbot via the SOCKS proxy. It is developed to work that way.
Owntracks must connect through the Orbot VPN connection. I am wondering if the Orbot VPN has a problem resolving dot-onion addresses for some reason. I will do some testing here on the new build and let you know what I see.
Also, since Owntracks is open-source, we could submit a pull request to it to add the direct SOCKS proxying like Orfox.
The update for Orbot came out this weekend and does seem to allow me to connect Owntracks to Mosquitto. I do notice that if I route Owntracks through Orbot, it hangs for for a long time in the connecting state? Is this something anyone has experienced and, if so, is it an issue with Owntracks or Orbot?
A special thanks to the authors of the Home Assistant TOR guide.
The install went smoothly and external access to Home Assistant is now available through my Android phone.
Was thinking of the VPN route and setting up a local server but the TOR solution comfortably runs on a Raspberry Pi 3B that is already running Home Assistant.
The upshot is no extra hardware, no extra power to run another server and super security.
Thanks heaps.
RAWB
Hi! I am trying to use this configuration. I have a windows 10 machine where my HA server is, and where I installed TOR. But I am not sure how to do this change in TOR in Windows
HiddenServiceDir /var/lib/tor/homeassistant/
HiddenServicePort 80 127.0.0.1:8123
HiddenServiceAuthorizeClient stealth haremote1
I put these commands in torcc file but it gives an error and TOR does not even start.
Any ideas?
Sorry newb here
I’m following this topic with great interest. However, being new to Tor, may I know should I use it if I already have a VPN server running in my network? Both methods also need to install an app in my android. What are the advantages it have over each other?
@dbenhart I’m trying to do exaclty what you did. I have a separeate onion adress for connecting to my privat mosquitto server.
But I can’t seem to get it working.
How did you configure owntracks?
here is what I have:
Any help here? how did you manage to make it work? Or maybe I should use a private HTTP? The problem is that I think it requires a CA cert then.
Unfortunately, I never got it working. I’ve checked with the Orbot crew, the HA crew, and the Owntracks people, but it still won’t connect. I’m sure there’s a log file that I could post to show what’s going wrong, but I don’t know which one it would be.
Ok, all hope is not lost.
I got this thing to work!
So the problem here was the hbmqtt server… Aftere switching to mosquitto it works fine.
Be sure to set up the Tor hidden service properly. Meaning - right port in the torrc file.
After this make sure 3 times that you gave the addresses correctly (In the Owntracks CLIENT as well as in the ORBOT config file.
Anyone had any luck with apple phones?
Hi,
I am sure I am doing something silly, but I do not understand what it is. I am trying to access my Home Assistant (0.35.3) hosted on a Pi 3b with the latest Android Orfox (downloaded 09/JAN/2017). Everything works smoothly until I try to access HA with Orfox. The following steps below is the procedure I am not 100% sure I am doing correctly. Could you please review and advise what I may be doing wrong?
1- In Orbot > Settings > Torrc Custom Config typed "HidServAuth asdfghjkl1zx2cv.onion q0wer1RTYrUI+ZXCVBnmas (THIS IS MADE UP)
2- Pressed OK
3- Pressed back button
4- Menu >Exit Orbot
5- Pressed Orbot icon and pressed START
6- Pressed BROWSE
7- Orfox opens
8- In the Orfox address bar i type “http://asdfghjkl1zx2cv.onion”
9- Response “The connection has timed out”
I have also tried “asdfghjkl1zx2cv.onion”; “https//asdfghjkl1zx2cv.onion”; “http://asdfghjkl1zx2cv.onion**:8123**”; “https://asdfghjkl1zx2cv.onion**:8183**” and ""http://asdfghjkl1zx2cv.onion**:8080** without success.
Thank you in advance for your help.
The steps for accessing look allright.
What about the server side?
Can you describe how you configured the Tor on the server?
All,
Since my ISP does not let me do port forwarding I went with Tor Oninon Configuration (https://home-assistant.io/docs/ecosystem/tor/1). Since this in reality has end to end encryption do I need to a SSL Certificate in order to have this work with google home?
N8fr8,
I have installed tor but when I get to creating hostname it gives me no such directory exist, quite similar to vdarkobar.
I followed everything to see just stuck there…any help would be appreciated
I’m new to a lot of this. So if I set up Tor for remote access, then this can only be access via the Tor browser, and not Chrome? Am I understanding that correctly?
Have you tried the Onion Browser 2 public beta? https://www.patreon.com/posts/quick-onion-2-0-12054247
No, you can use the Tor Onion setup without an SSL certificate just fine.