help with forwarding for home assistant
-
@viragomann
Like this?
-
Why would you want to expose your home assistant to the public internet? Doesn't seem like a very smart thing to do from a security point of view..
-
Maybe use IPSEC or OPENVPN instead of exposing your server directly to the WAN.
-
@wgstarks said in help with forwarding for home assistant:
Like this?
Yes, using pfSense for DNS resolution presumed. So can access the home assistant with the same host name from within your network as well as from outside.
However, security concerns are not regarded with this recommendation. -
Is there really a security concern? I'm asking this as a legitimate question. I only have a basic layman's knowledge regarding network security but I have a very strong password set for HA and would think that it would be adequate. Maybe that's not true?
-
@tman904 said in help with forwarding for home assistant:
Maybe use IPSEC or OPENVPN instead of exposing your server directly to the WAN.
I have OpenVPN setup on my iPhone but at the time I set it up I couldn't find a way to keep it active. Maybe that has changed now (it's been a few years)?
-
Why do you think you even need to open the port? There should be zero reason for opening inbound ports to control your home smart things while outside your home.. They phone home (company servers) and you control via that connection.
I can turn on/off my lights, change the temp on the hvac, etc. without having any ports open.
If your using some home grown thing - that you need to talk to while remote, then yes vpn would be the secure way to do that.. Not opening it up to the whole internet..
-
@johnpoz said in help with forwarding for home assistant:
Why do you think you even need to open the port? There should be zero reason for opening inbound ports to control your home smart things while outside your home.. They phone home (company servers) and you control via that connection.
I can turn on/off my lights, change the temp on the hvac, etc. without having any ports open.
My iOS app fails to connect without a connection to my local network.
Box: SG-4200
-
You are using this?
https://www.home-assistant.io/ -
@wgstarks said in help with forwarding for home assistant:
@johnpoz said in help with forwarding for home assistant:
Why do you think you even need to open the port? There should be zero reason for opening inbound ports to control your home smart things while outside your home.. They phone home (company servers) and you control via that connection.
I can turn on/off my lights, change the temp on the hvac, etc. without having any ports open.
My iOS app fails to connect without a connection to my local network.
Yes
-
Yeah you would want vpn then... If they server doesn't make a connection to outside services, like alexa, google, all the other 3rd brand lights and switches, and etc.. That you can use to control your devices. VPN is the way to do it securely.
https://www.home-assistant.io/docs/configuration/remote/
"Just putting a port up is not secure. "They recommend using ssl - but that still leaves it exposed.. From a security point of view you should setup vpn on your phone to your pfsense box.. Then you can access your remote assistant through the vpn.. This does not expose it to the public internet and anyone hitting that port.
An intelligent man is sometimes forced to be drunk to spend time with his fools
If you get confused: Listen to the Music Play
Please don't Chat/PM me for help, unless mod related
SG-4860 24.11 | Lab VMs 2.8, 24.11 -
@johnpoz said in help with forwarding for home assistant:
Yeah you would want vpn then... If they server doesn't make a connection to outside services, like alexa, google, all the other 3rd brand lights and switches, and etc.. That you can use to control your devices. VPN is the way to do it securely.
They do have a paid service for this but I would rather connect manually (turn the vpn on/off) and save the money if I can't find anyway to keep the vpn active.
-
Well the vpn could be set to always be active.. But turning on and off is just a single click.. On your phone
-
@johnpoz said in help with forwarding for home assistant:
They recommend using ssl - but that still leaves it exposed.. From a security point of view you should setup vpn on your phone to your pfsense box.. Then you can access your remote assistant through the vpn.. This does not expose it to the public internet and anyone hitting that port.
Right now I have ssl (lets encrypt). I have OpenVPN installed on my iPhone but it tends to disconnect when changing networks and won't connect at all when I'm connected to my local network. I see that the OpenVPN app now has functionality to try and re-connect but I'm not sure what those continuous re-connection attempts will do to my battery life and network performance.
-
You don't need it while your on your local network... Just turn it on when your away "and" you want to do something with your home assistant. Its a click to turn it on.
Do what it is you want to do and then disconnect it - click.
I would not suggest you open your home assistant to the public net - it is not secure be it your using https or not..
Here is some info about how often this port is scanned..
https://www.dshield.org/port.html?port=8123
https://www.speedguide.net/port.php?port=8123 -
Can you do what you want with homebridge?
https://homebridge.io/
I can control devices when i’m away from home with out any sort of port forwarding, i run it on a Raspberry Pi 3 and it talks to my Apple TV homekit hub.
Andy
1 x Netgate SG-4860 - 3 x Linksys LGS308P - 1 x Aruba InstantOn AP22
-
^ exactly.. There really should be no reason to port forward for home automation sort stuff.. Not sure exactly how OP is setup and what gear..
If you have to open a port to public internet - its not a secure..
-
@NogBadTheBad said in help with forwarding for home assistant:
Can you do what you want with homebridge?
https://homebridge.io/
I can control devices when i’m away from home with out any sort of port forwarding, i run it on a Raspberry Pi 3 and it talks to my Apple TV homekit hub.
For some reason HomeKit doesn’t show any of my insteon sensors. Only the switches. Regardless, I really don’t want to go through the headache of re-creating all of my automations again.
-
The home assistant iOS app relies on anytime access to the server on my local network for some of its services. I’m going to try the OpenVPN option and see how well that works.
-
Let us know how it goes for you.
