Why switch to Remote UI from DuckDNS?

I’ve seen some posts about the Remote UI addon from 0.90 and I’m still confused why people would be interested in migrating to use the Remote UI option over DuckDNS, especially if they have DuckDNS working.

What are the benefits to using Remote UI that make it worth a monthly charge over using DuckDNS for free?

Thanks,
-Greg

Basically paranoia about opening router ports (not needed with remote-ui).

I think they are planning on adding things like Alexa integration. Some people think that subscribing to the cloud service is benefiting HA development.

I am choosing to stay on DuckDNS, myself.

1 Like

It’s not just random people thinking that. It’s actually helping to fund the project.

4 Likes

That’s already been done a long time ago.

That’s a big reason I switched to the cloud even before the remote UI availability. It just seemed to work more seamlessly than the other cobbled together options for exposing your devices to Alexa. However, Haaska was working pretty well for me for a long time before I switched. But getting Haaska set up initially was fairly complicated and required an open port.

I eventually stopped using duckdns/letsencrypt for external access and began using a VPN since the security process in HA was pretty woefully inadequate and required yet another couple of open ports. The auth inadequacies have been addressed in the recent versions of HA with the new auth systems. But now that I already have the HA cloud setup moving to the remote UI is pretty much a no-brainer. And I still have the VPN option if I feel that the remote ui poses a security risk in the future.

Right now I have no manually configured open ports at all in my router. The less openings you have in your network the safer you are. I wouldn’t say I’m “paranoid” about open ports. I would call it “a healthy respect for security”. And even then I’m sure that I’m still vulnerable to a degree.

2 Likes

That’s already been done; for a long ass time now… Alexa and Google Home are both already done and work great.

Yeah… “Some people think if you pay the developers, that helps fund what they do”… Duh.

I don’t personally use any feature of Nabu Casa (I still use duckdns/letsencrypt for external access, and don’t trust Amazon or Google enough to let them inside my house), but I still pay for it because the project is worth at least (much more, in actuality) $5 a month. If this were a retail project it would cost at least $150 and not have nearly as much support or integration options. Just look at Hubitat, $150 fo what? $35 in hardware and lack luster support and integration options.

And OpenHAB cloud is free. Some complain about slowness but their cloud code is open do you can setup your personal one. I believe Vera cloud is free but you need yo buy their hardware. both these systems focus on local processing like HA but all have their strengths and weaknesses IMHO.

i was using DuckDNS in the past, but switched to the remoteUI mostly so I didn’t have to forward ports on router. and as others have said, paying for the service helps support HA and considering how much HA has done for me and my home, I’m happy to pay the $5/month.

I’ve been using remoteUI since it became available, and have an automation setup so the remote connection is only active when I’m away from home.

1 Like

I already subscribe to Nabu Casa.for Alexa/Google Assistant voice interfaces and to support development.

I have a different DDNS service in conjunction with an OpenVPN server for access my home network and didn’t want to switch/add DuckDNS.

It allowed for simple integration with SmartThings without requiring the addition of DuckDNS/Lets Encrypt.

If I’m away from home without access to my normal devices, I can log on and access my home automation without no additional setup.

That’s an even better idea. I’ll have to look into that. Thanks for the tip!

That seems like a great idea and just may push me over the edge to sign up to Nabu Casa. Would you mind sharing how this automation works? I do have presence setup So I assume that I would just need to figure out what is the action to trigger.

I just set it up and these are my automations:

- alias: 'Remote UI Disconnect'
  initial_state: 'on'
  trigger:
    - platform: state
      entity_id: 
        - device_tracker.galaxys8
        - device_tracker.iphone
      to: home
  condition:
    - condition: state
      entity_id:  device_tracker.galaxys8
      state: home
    - condition: state
      entity_id:  device_tracker.iphone
      state: home
  action:
    service: cloud.remote_disconnect
    
- alias: 'Remote UI Connect'
  initial_state: 'on'
  trigger:
    platform: state
    entity_id:
      - device_tracker.galaxys8
      - device_tracker.iphone
    to: not_home
  action:
    service: cloud.remote_connect

If either of us leave then the connection is turned on so we can have remote access. after the last of us arrives home then the remote access is turned off.

3 Likes

Does the Nabu Casa Remote UI also work for Hass.io add-ons that have their own web interfaces (and typically use different ports)? Things like VSC/IDE/Configurator, Node-Red, Grafana, etc.?

Not yet but that’s next. They are working on something called ingress to take care of that

What about if the cloud service gets hacked, then they have direct access to your local service.

One thing I would like to do is have a PKCS12 client certificate. For my Tiny Tiny RSS server (TT-RSS), I set SSLVerifyClient to require in Apache and SSLVerifyDepth to 2. If I don’t have a client certificate, I won’t be able to login to Tiny Tiny RSS.

I would like to see verification of client certificates as an option for Home Assistant and for Remote UI. The client certificate should be well-guarded and there’s no way for hackers to log right into my Home Assistant without a client certificate. Let’s Encrypt is great and all, but I like having control using my own certificates. And yes, I already have a Certificate Authority in my pfSense virtual machine so I can manage certificates from there.

Alas, my post would go in Feature Requests.

Yes, that’s a possibility. But they would still need my username and password for the HA system to access anything. And it would generally be limited to my HA install so aside from playing with my lights there wouldn’t be much to gain.

I grant that it’s not as safe as a VPN that uses an encrypted key file plus a username/password plus a HA username/password but I really doubt there is too much concern. And if for some reason that reality changes I can flip a switch in my HA and I’m right back to using my VPN for remote access.

1 Like

Anything can get hacked if the hacker has enough skills. The only 100% secure protection is no internet access. At the same time the question must be asked what the interest would be for this superskilled hacker. There is no fame to win to hack a HA network.

You are home alone, asleep in bed. The heating gets turned up to maximum. The kettle is turned on and boils constantly, filling the house with steam. The garage doors start opening and closing. The cuckoo clock chimes start playing big ben. Your TV turns on, but is tuned off channel so you get only static. Lights begin to flash.

You wake up from that deep sleep, horribly confused. The whole house is unbearably hot, so you throw open the doors to your deck and step out to face …

1 Like

And who will be famous?? Hardly the hacker. Sorry but a lot of this is paranoia in my opinion. There is many more serious threats. But no one seems to bother about how much info is collectedabout everyone when you are online. F.ex. download everythinf that Google store about you. Its gigabytes of info. https://www.hongkiat.com/blog/download-and-delete-everything-google-knows-about-you/