It would be great for the Android App to provide a sensor to home assistant with the public IP address the phone is currently using.
The use case is, so i can allow that single IP address through my firewall to access services via Nginx into my home network. This will minimise my potential exposure of opening up my firewall. I use Nabu Casa for HA but I would use this feature for other services. I can dynamically update my firewall via API/SSH so i would create an automation that is triggered based on the public IP address changing.
I donât have any use case for this, but I agree that it should be possible and would be a good idea!
The wifi sensor of the mobile app has IP Address as an attribute, but this could also be added for the cellular connection.
Iâm not sure how it would work for multiple SIM cards, if each SIM on a data connection gives the phone a separate IP for each, but that could be added as an attribute per sim just like carrier information is I suppose.
The dual-sim phones I have worked with only use one of the data connections concurrently - so when that is switched, this would be refreshed.
I am uncertain whether this is the case for all dual-sim phones or just the ones Iâve seen. That should be investigated before such is built.
ButâŚ
If your IP is 11.11.11.11 and you connect to a wifi which changes your IP to 22.22.22.22 then your router will still only accept connection from 11⌠Since it canât get the message what your new IP is since 22 is not accepted.
If it checks itâs IP with an external source (such as https://api.ipify.org?format=json) then itâs trivial to see what IP it will appear to be to everything it tries to connect with.
That would work, except youâre sharing that IP with other users who now also have access to your Home Assistant. Better to use a VPN or TLS client certificates instead rather than relying on the firewall.
Not really sure what you mean, at all, by âother users who now also have access to your Home Assistantâ. How does my phones IP give âother usersâ access to my Home Assistant instance? (My HA instance isnât hosted on my phoneâŚ).
What does that, VPN, or TLS, have to do, whatsoever, with having a sensor inside HA that exposes your phoneâs cellular external IP?
Yes, I know that CGNat is used by most Telcos, but allowing a subset of potential devices at a firewall level is much better than everyone. A firewall policy of course wouldnât be the only layer of protection in place, eg certificates, oauth/2fa.
I was thinking that since I use nabu casa, it will be aware of the public ip address of my device, and therefore could provide a sensor.
While I agree there could be a use case for knowing the IP of your phone, such as faster location tracking if you connect to a known network like wifi at work. The use case you are describing would be much better handled by the Wireguard VPN integration. You are asking to be able to access internal resources where your HA instance is located, in my opinion using ip rules for this even with additional layers is extremely insecure and setting up automations to make those ip exemptions based on the sensor updating also sounds unreliable and slow. With a VPN like wireguard you dont need to do any of that. You can just pop open the app on your phone and turn it on, or leave it on 100% of the time. Iâve done both and it is really quite efficient on your battery. Additionally with the VPN you could implement PiHole or another network level ad blocker and have it filter ads on your phone as well.
TLDR: IP sensor seems fine and could be useful. Your use case is better served by other methods already part of HA.
