• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

Trying to Access Home Assistant from outside network

General pfSense Questions
remote access webserver home assistant vlan haproxy
5
8
1.7k
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • N
    nfaheem
    last edited by Jan 20, 2024, 4:00 PM

    Hello, I am new here, so please don't mind if the question is too basic. I have been stuck and can't get my head wrapped around this issue.

    TDLR: I want to be able to access my Home Assistant or other services such as Nextcloud, or TrueNas from outside without the need to use a VPN,
    login-to-view

    I am using a mini PC to run pFsense and have use worked for almost 4 years. I never felt the need to mess around with accessing my network and services, but recently tried to migrate to Home Asisstant and using their cloud service, I still cannot using certain services because my network blocks traffic.
    Interfaces:
    WAN
    LAN : Bridged switch consisting of LAN, LAN2, LAN3 It's names (MySwitch)
    VLAN

    login-to-view

    My LAN (192.168.10.0/24)is used primarily for my servers and wired network, and VLAN (192.168.50.0/24)is used for all IoT including Home Bridge, Home Assistant, and Adguard.

    My Home Assistant is on my VLAN on (192.168.50.11:8123)

    I own a domain and have a Cloudflare account. I installed ACME and HAProxy.
    Cloudflare: I have added my domain and added a DNS recorded for the subdomain I want to use for Home Assistant, I am using proxy mode there
    login-to-view
    PfSense: I have added a Dynamic DNS account for the subdomain
    login-to-view
    ACME: I have created AccountKey using Let's Encrypt Staging Server and created and issued certificates for the subdomain. I used the DNS-Clouflare method here using my CloudFlrare API Token
    HAProxy: Created both backend
    login-to-view
    and front end:
    login-to-view
    login-to-view
    login-to-view

    PfSense Firewall Rules:
    WAN:
    login-to-view
    LAN:
    login-to-view
    MySwitch:
    login-to-view
    Vlan:
    login-to-view

    I had some rules that would block VLAN from accessing stuff on my LAN, but I deleted those to see if I can get this to work, but still no luck. Please help as I do know what am I missing here.

    Thanks,

    S S 2 Replies Last reply Jan 20, 2024, 5:27 PM Reply Quote 0
    • S
      SteveITS Galactic Empire @nfaheem
      last edited by Jan 20, 2024, 5:27 PM

      @nfaheem https://www.home-assistant.io/docs/configuration/remote/#port-forwarding

      But note if you forward a port from "any" IP the world can try to log in. Hence a VPN, or another option is to set up a dynamic DNS service on the remote computer, and allow that dyndns hostname as the source on the NAT forward.

      Pre-2.7.2/23.09: Only install packages for your version, or risk breaking it. Select your branch in System/Update/Update Settings.
      When upgrading, allow 10-15 minutes to restart, or more depending on packages and device speed.
      Upvote 👍 helpful posts!

      N 1 Reply Last reply Jan 20, 2024, 5:36 PM Reply Quote 1
      • N
        nfaheem @SteveITS
        last edited by Jan 20, 2024, 5:36 PM

        @SteveITS Thanks for the reply. I did setup DDNS from using cloudflare: login-to-view
        Do you suggest using the host for example hassio.mydomain.app as the source? and do I specify a port r leave it to any port and set one for each service separately?

        S 1 Reply Last reply Jan 20, 2024, 5:41 PM Reply Quote 0
        • S
          SteveITS Galactic Empire @nfaheem
          last edited by Jan 20, 2024, 5:41 PM

          @nfaheem I’ve never used home assistant.

          The source would be the hostname of the remote computer.

          Each device or port forwarded needs a unique port.

          Pre-2.7.2/23.09: Only install packages for your version, or risk breaking it. Select your branch in System/Update/Update Settings.
          When upgrading, allow 10-15 minutes to restart, or more depending on packages and device speed.
          Upvote 👍 helpful posts!

          N 1 Reply Last reply Jan 20, 2024, 5:44 PM Reply Quote 0
          • N
            nfaheem @SteveITS
            last edited by Jan 20, 2024, 5:44 PM

            @SteveITS got it. I have the same problem with every service. For example, TrueNas which details to 80/443 is have the same issue.

            1 Reply Last reply Reply Quote 0
            • P
              planedrop
              last edited by Jan 21, 2024, 7:14 AM

              Just want to chime in here and say you really SHOULD consider using a VPN instead, it's far more secure and just a better way to do this sort of thing. General rule of thumb is that you should only publicly expose things that are actually for the public, like a Plex server that you want a ton of people you know to use, etc... For something like TrueNAS, Home Assistant, etc... you should build a VPN, especially for the management interfaces of those devices like TrueNAS.

              VPNs have gotten really easy to setup now, especially with WireGuard (IPsec is still a clunky thing), so might be worth going down that route. Is there a reason you aren't wanting to do that? It's super risky to expose things when you don't need to and if it's just you accessing it then VPNs are pretty easy. Nextcloud is the only one in this list I would publicly expose but there is still always a risk, general rule is to NEVER expose management interfaces like TrueNAS's over the WAN though.

              Speaking of, do you mean you want to access TrueNAS storage or the webGUI outside of your home network? If you're talking storage, a VPN is also going to be your best friend here, SMB isn't something you should really ever run over the WAN without a VPN on top, same with NFS. Not saying there aren't ways to build this but just not a good idea.

              I know none of this helps your problem directly, and I apologize for that, it's just that this is a mistake I see a lot of people do (wanting to make things easily accessible remotely) and they regret it later.

              N 1 Reply Last reply Jan 21, 2024, 8:51 AM Reply Quote 0
              • N
                NogBadTheBad @planedrop
                last edited by NogBadTheBad Jan 21, 2024, 8:52 AM Jan 21, 2024, 8:51 AM

                I use homebridge with an AppleTV, that works fine without having to punch holes in the firewall.

                Do you have many HA accessories?

                Accessing other services as people have mentioned, set up a VPN.

                Andy

                1 x Netgate SG-4860 - 3 x Linksys LGS308P - 1 x Aruba InstantOn AP22

                1 Reply Last reply Reply Quote 1
                • S
                  stephenw10 Netgate Administrator @nfaheem
                  last edited by Jan 22, 2024, 12:06 AM

                  @nfaheem said in Trying to Access Home Assistant from outside network:

                  but recently tried to migrate to Home Asisstant and using their cloud service, I still cannot using certain services because my network blocks traffic.

                  If Home Assistant has a cloud service then I wouldn't expect any of this to be necessary. Everything would be accessed via the cloud. I could be misreading that though.

                  1 Reply Last reply Reply Quote 0
                  7 out of 8
                  • First post
                    7/8
                    Last post
                  Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.