What security do you use to connect from the public?


#21

I use a WireGuard VPN (it’s a new VPN technology, not a product). It’s super fast and lightweight on my phone (well, my home upload is only 10mbps, so download speeds away from home are a little slow, but it connects fast) and I run a Pi-Hole at home so I get the added benefit of ad blocking on any network my phone connects to.


#22

Do u have a need for a dynamic dns update? I want to use wireguard but I wud still need the duckdns add to to update the dns server. I know it can do that without a port open. But can I run duck dns without the letsencrypt? It seems so tightly integrated.


#23

Yeah you need a dynamic DNS, I guess I forgot that in my last post. I use duckdns and I don’t use letsencrypt and I don’t portforward for duckdns. Obviously you still need to port forward to your wireguard server.


#24

Can you explain your setup for on-demand VPN, iOS and HA. Thanks !


#25

I’ve configured a profile for my iOS device to automatically connect via VPN when a specific URL is been connected to. So whenever I open up the iOS app or try to connect to my.homeassistant.url it opens up the VPN tunnel and connects just fine. This of course adds a little delay for establishing the VPN connection first but works otherwise fine.

See guides like this for details on how to set up the profile.


#26

Thanks so much Max. R u running HA on http on ur lan then? That’s the last detail I need to make the jump. I noticed some ppl r installing wireguard on their Ubiquiti edgerouters. I wonder what the performance is like. R u running urs on a pi?


#27

Yeah I just connect to my HA over standard http at MyHassLocalIP:8123.

I was running HA and wireguard on my rpi 3B+ until just recently when I migrated everything to my old desktop. I never had any performance problems, though!


#28

Hass is only one of many services I route through https://traefik.io
A number of which have additional http Auth in front of them.


#29

Last question! Do u run wireguard in a docker container on ur pc tower or just on the base operating system. What’s ur base os? Thank u!


#30

I am running Ubuntu 18.04 and wireguard is installed directly onto the OS. I think it’s the only thing I’ve installed on this system that isn’t in a docker container.

Also, I actually installed Hass.io on this system instead of just the hass docker container because you can install hassio addons with just a couple clicks, and ever better, hassio backs up your addons along with your home assistant backups so everything required to restore my HA server is all included in one backup file!


#31

I’m considering this exact plan. I have so little time to play with this. Thanks so much for letting me know it works and I’m not wasting my time. I am guessing I need to figure out a different presence detection method. I’ve been using nmap but with a vpn, I think i would be marked home whenever I’m connect to the home network through the vpn


#32

I use a subdomain of my private domain, port 443 for hass and 80 for lets encrypt, and namecheap as dynamic DNS provider. All on rpi2


#33

I just set up a zone around my house and work and and disabled the location tracked I didn’t need in the HA app. I don’t know if these settings are available in the non-beta app though. https://imgur.com/a/wFzUWSz