Using Tor with Home Assistant for extra secure+private remote access

dbenhart · October 31, 2016, 4:24pm

The update for Orbot came out this weekend and does seem to allow me to connect Owntracks to Mosquitto. I do notice that if I route Owntracks through Orbot, it hangs for for a long time in the connecting state? Is this something anyone has experienced and, if so, is it an issue with Owntracks or Orbot?

RAWB · November 7, 2016, 6:40am

A special thanks to the authors of the Home Assistant TOR guide.
The install went smoothly and external access to Home Assistant is now available through my Android phone.
Was thinking of the VPN route and setting up a local server but the TOR solution comfortably runs on a Raspberry Pi 3B that is already running Home Assistant.
The upshot is no extra hardware, no extra power to run another server and super security.
Thanks heaps.
RAWB

anon35356645 · November 16, 2016, 2:59pm

n8fr8:

Hi everyone. Just wanted to check-in here, and open the discussion on some of the recent work I have been leading up trying to see how Tor (aka the Onion Router aka a security privacy tool and network) could be integrated with Home Assistant.

We have a cookbook example up here: Tor Onion Service Configuration - Community Guides - Home Assistant Community that I hope is self explanatory.

We were fortunate this week to have Wired write up a story on this, thanks to their interest in IoT security:
https://www.wired. com/2016/07/now-can-hide-smart-home-darknet/

Happy to answer any questions, or hear your ideas or suggestions about what we can do next. I am actually working on both making the client access setup easier through a HA component and QR code generation system.

I am also working to access the ODB2 port in my car through a CHIP computer connected to it no matter where it happens to be, by also running Tor Hidden Services. This will show how Tor can be used to safely connect remote devices into your HA hub, be it your car, another house, remote farm equipment, and so on. Stay tuned for that!

Look forward to talking with everyone more

Hi! I am trying to use this configuration. I have a windows 10 machine where my HA server is, and where I installed TOR. But I am not sure how to do this change in TOR in Windows

HiddenServiceDir /var/lib/tor/homeassistant/
HiddenServicePort 80 127.0.0.1:8123
HiddenServiceAuthorizeClient stealth haremote1

I put these commands in torcc file but it gives an error and TOR does not even start.

Any ideas?

Sorry newb here

masterkenobi · November 20, 2016, 3:03pm

I’m following this topic with great interest. However, being new to Tor, may I know should I use it if I already have a VPN server running in my network? Both methods also need to install an app in my android. What are the advantages it have over each other?

wolass · December 4, 2016, 2:34am

@dbenhart I’m trying to do exaclty what you did. I have a separeate onion adress for connecting to my privat mosquitto server.

But I can’t seem to get it working.

How did you configure owntracks?
here is what I have:

Connection: Private MQTT
host - my mosquitto onion address
port 1883
no websockets
IDENTIFICATION::authentication OFF
SECURITY:: NO TLS
7.PARAMETERS:: clean session OFF

Any help here? how did you manage to make it work? Or maybe I should use a private HTTP? The problem is that I think it requires a CA cert then.

dbenhart · December 20, 2016, 12:18am

Unfortunately, I never got it working. I’ve checked with the Orbot crew, the HA crew, and the Owntracks people, but it still won’t connect. I’m sure there’s a log file that I could post to show what’s going wrong, but I don’t know which one it would be.

wolass · December 20, 2016, 6:21am

Ok, all hope is not lost.

I got this thing to work!

I only checked this on an android phone.
INSTALL MOSQUITTO as a MQTT server on your machine. The hbmqtt does not work with Owntracks.
The config from my previous post works perfectly.

So the problem here was the hbmqtt server… Aftere switching to mosquitto it works fine.

Be sure to set up the Tor hidden service properly. Meaning - right port in the torrc file.

After this make sure 3 times that you gave the addresses correctly (In the Owntracks CLIENT as well as in the ORBOT config file.

Anyone had any luck with apple phones?

Darby_HA · January 10, 2017, 4:04am

Hi,

I am sure I am doing something silly, but I do not understand what it is. I am trying to access my Home Assistant (0.35.3) hosted on a Pi 3b with the latest Android Orfox (downloaded 09/JAN/2017). Everything works smoothly until I try to access HA with Orfox. The following steps below is the procedure I am not 100% sure I am doing correctly. Could you please review and advise what I may be doing wrong?

1- In Orbot > Settings > Torrc Custom Config typed "HidServAuth asdfghjkl1zx2cv.onion q0wer1RTYrUI+ZXCVBnmas (THIS IS MADE UP)

2- Pressed OK

3- Pressed back button

4- Menu >Exit Orbot

5- Pressed Orbot icon and pressed START

6- Pressed BROWSE

7- Orfox opens

8- In the Orfox address bar i type “http://asdfghjkl1zx2cv.onion”

9- Response “The connection has timed out”

I have also tried “asdfghjkl1zx2cv.onion”; “https//asdfghjkl1zx2cv.onion”; “http://asdfghjkl1zx2cv.onion**:8123**”; “https://asdfghjkl1zx2cv.onion**:8183**” and ""http://asdfghjkl1zx2cv.onion**:8080** without success.

Thank you in advance for your help.

wolass · March 22, 2017, 6:36pm

The steps for accessing look allright.
What about the server side?
Can you describe how you configured the Tor on the server?

Norik_Krasniqi · November 18, 2017, 1:45pm

All,

Since my ISP does not let me do port forwarding I went with Tor Oninon Configuration (https://home-assistant.io/docs/ecosystem/tor/1). Since this in reality has end to end encryption do I need to a SSL Certificate in order to have this work with google home?

ian611 · November 23, 2017, 2:46am

N8fr8,

I have installed tor but when I get to creating hostname it gives me no such directory exist, quite similar to vdarkobar.
I followed everything to see just stuck there…any help would be appreciated

acdown87 · November 27, 2017, 3:22pm

I’m new to a lot of this. So if I set up Tor for remote access, then this can only be access via the Tor browser, and not Chrome? Am I understanding that correctly?

n8fr8 · November 28, 2017, 12:07pm

Have you tried the Onion Browser 2 public beta? https://www.patreon.com/posts/quick-onion-2-0-12054247

n8fr8 · November 28, 2017, 12:08pm

No, you can use the Tor Onion setup without an SSL certificate just fine.

n8fr8 · November 28, 2017, 12:09pm

Using Tor Browser or Orfox on Android is the easiest approach, since they are setup for Tor access. That said, since your goal is access, and not anonymity, you can use Chrome, as long as it is setup to be proxied through Tor’s SOCKS proxy port.

Are you using a laptop or mobile to access?

n8fr8 · November 28, 2017, 12:12pm

You need to change the HiddenServiceDir to something that will work on windows

HiddenServiceDir /var/lib/tor/homeassistant/

should be changed to something like

HiddenServiceDir c:\ha\tor

or whatever path you want on Windows

n8fr8 · November 28, 2017, 12:12pm

Is this on Windows? Does the folder you are specifying exist?

mentok · February 4, 2018, 10:00pm

I’ve been using the Tor service successfully for a few weeks but I notice that the event times on the faceplates and graphs are offset incorrectly. In my case the times are shown at GMT, but i’m at GMT +11hrs so the times are incorrect.

When accessed on my home network all times are correct for my local time zone.

My Home Assistant system is running on hassio on a raspberry pi3 with no unusual network connections.

Is this an issue with Tor/Orbot/Orfox not knowing my local time zone? Or is this a Home Assistant issue? Any ideas to correct this?

TiA
Mentok

anon43302295 · February 4, 2018, 10:11pm

At a guess it’s because the tor endpoint is working on gmt, which they probably all do as part of the anonymity package.

revz · July 27, 2018, 2:00pm

omg of course! for some reason I thought that was a means of block commenting I was not aware of…