this post was submitted on 04 Jul 2023
10 points (91.7% liked)

homeassistant

11703 readers
101 users here now

Home Assistant is open source home automation that puts local control and privacy first. Powered by a worldwide community of tinkerers and DIY enthusiasts. Perfect to run on a Raspberry Pi or a local server. Available for free at home-assistant.io

founded 1 year ago
MODERATORS
[email protected]
10
Secure way to allow external access to Home Assistant (lemmy.ca)
submitted 1 year ago by [email protected] to c/homeassistant
29 comments fedilink hide all child comments
 

Hey all!

I'm fairly new to Home Assistant and have just created a few dashboards to be able to view my router statistics and be able to restart them via REST if need be. Love being able to do this seamlessly from one place.

It got me thinking however, that I can only really access the dashboard when I'm on my internal network. I know that there is a paid Home Assistant cloud that would enable me to view my dashboards and such publicly and securely, but I was wondering if this community has set it up themselves for free and securely.

Would anyone be able to guide me in the right direction?

you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 3 points 1 year ago* (last edited 1 year ago) (2 children)

For years, I used Wireguard as my only way to access it remotely. Worked well but always annoying toggling that on/off since all my traffic went over WG and some apps (bank, Pokemon Go, Netflix) didn't like that my source IP was a VPS.

I set up Authelia a year or two ago and now have HA exposed behind that with 2FA. I don't know if the HA app will work with that, but I use the PWA and it works great.

Haven't had any intrusions (yet?) and my HA is "always on" so long as my Authelia session is valid. Other apps are also behind Authelia, so signing into one signs me into all.

[–] [email protected] 4 points 1 year ago* (last edited 1 year ago) (1 children)

Worked well but always annoying toggling that on/off since all my traffic went over WG and some apps (bank, Pokemon Go, Netflix) didn’t like that my source IP was a VPS.

For the record, with wireguard you can configure AllowedIPs on the client such that internet traffic isn't routed through the tunnel. Basically, don't use the wildcard 0.0.0.0/0 and instead set the wireguard network and the LAN subnet that Home Assistant is on if you need to access other devices.

[–] [email protected] 1 points 1 year ago

Yep, and I eventually set up a separate WG profile that had just my LAN route and set the DNS to my PiHole.

The full route was more useful most of the time so I still tended to use that more often. Cell signal at the office was nonexistent toward the middle of the building (where the bathrooms are) and the guest WiFi blocked "time waster" sites like Reddit.