If, like me, you wish to connect to Home Assistant from your phone while traveling, and you tried to install and configure Duckdns, Let’s Encrypt and Nginx add-on, without success.
Or you succeeded at first (after numerous hours of combing the Web for a complete Howto article) and then suddenly for no apparent reason it stopped working… and you can’t make it work again grrrrrr!
Then this article is for you.
[TL;DR] don’t go the https way at all, install a free VPN appliance server at home, and a client on your phone. As a bonus you’ll be able to access other services in your home network, cameras, Cable TV recordings etc.
What you need:
- A device to use as VPN server appliance:
- a 10$ Raspberry PI zero (If you are lucky enough to have one)
- or an old laptop X86_64
- or (as in my case) an old Intel Compute Stick 1Gb collecting dust.
- Preferably an ethernet cable to physically attach the device to your router
- You will still need a Dynamic DNS service. I use DuckDNS free service and DuckDNS add-on for HA to keep the DDNS record up to date for me.
- Smart phone with Home Assistant, and WireGuard VPN App
A raspberry Pi is ideal because it uses very little power and can be left running 24/7 connected to a UPS if you have one, next to your Modem and router.
Install Ubuntu server on your device: this depends on the device that you have available.
https://ubuntu.com/tutorials/install-ubuntu-server. Make sure you select SSH package so you can connect to Ubuntu server from another computer.
(Remember your device doesn’t have to be a Raspberry Pi. If you have one, this article gives the complete instructions https://restoreprivacy.com/vpn/raspberry-pi/)
After Ubuntu server installation, connect via SSH and follow the instructions for installing PiVPN. https://pivpn.io/
You will have the option of using WireGuard or OpenVPN. In my experience WireGuard was the easiest way to go. It automatically generates all the server side keys and certificate. You can add new client profiles as you require. It even generates a QR code for easy configuration with a SmartPhone.
Configure WireGuard client on your phone or laptop that you will be using for accessing your home VPN
For a smart phone, adding a configuration was as easy as pointing the camera to the QR code generated in the Ubuntu SSH session.
During WireGuard server installation on Ubuntu you specify the URL address for example your-home.duckdns.org) and the port number to use.
IMPORTANT: Configure the router to forward this port (UDP/TCP) to your newly installed VPN device.
Make sure you can activate the VPN with WireGuard App. An error at this point is usually a problem with port forwarding in your modem/router.
Now Install the nice Home Assistant App on your phone, and configure:
- When in the home (when connected via Wifi) the HA server is as usual http://homeassistant.local:8123/lovelace/default_view
- When you’re away: you need to use the IP address of your HA) http://xx.xx.xx.xx:8123/lovelace/default_view . Of course you need to activate the VPN which will open the tunnel to your-home.duckdns.org
Note: I did not try to install WireGuard Addon on HA. I want bare minimum working HA with nothing else that could break when upgrading.