help with forwarding for home assistant

tman904

@johnpoz I agree.

johnpoz

Its not the "encryption" so much as the more secure auth... To auth to vpn - you would need a cert, issues by you.. Same with ssh - you can require public key auth..

These are almost impossible to "brute force" auth.. And way less likely to have some other form of exploit that could allow some user to gain access do some other exploit.

If I can access the http/https service - while it might ask for a username password, those could "guessed" or possible some sort of exploit that could be used to bypassed this auth in the service. This is highly unlikely in something like a vpn or ssh.

wgstarks

I’m testing using OpenVPN. It works fairly well. I’ve only found one app that’s fails to connect when vpn is activated on my phone. Currently I can only connect to the OpenVPN server over WAN which causes some extra battery drain when I’m connected to my LAN network but not really enough to be an issue.

tman904

@Johnpoz Very good point, encryption just hides information doesn't mean that machine is authorized to connect and freely access the servers information just because its using an encrypted connection.

tman904

@wgstarks That's great news glad to hear you got it to working.

wgstarks

Is it possible to allow the OpenVPN client on my phone to connect to the OpenVPN server running on my pfsense appliance when connecting from LAN? I don’t know enough about this to know if that would even be a good idea?

tman904

Your LAN or some other LAN?

wgstarks

@tman904 said in help with forwarding for home assistant:

Your LAN or some other LAN?

My LAN network.

johnpoz

While you can do that - it can be problematic.. Because your on the same network as what your trying to access via the vpn, etc. There is little advantage to doing such a thing.. Just click the vpn on when your remote and you need to do something with your automation system... To be honest - how often would that even be?

tman904

@wgstarks I would only connect to the VPN when somewhere outside my LAN. Reason being is when your inside of your LAN you already have access to every route/network. When outside of it the VPN creates a virtual tunnel network that allows your device to route to the networks inside your LAN even though your not physical there.

wgstarks

@johnpoz said in help with forwarding for home assistant:

While you can do that - it can be problematic.. Because your on the same network as what your trying to access via the vpn, etc. There is little advantage to doing such a thing.. Just click the vpn on when your remote and you need to do something with your automation system... To be honest - how often would that even be?

I haven’t been able to get an exact time schedule for this but it’s every few minutes (and push notifications can happen at any time). I just leave the OpenVPN activated. The settings for the OpenVPN client on my iPhone warn that setting the app to continuously attempt to re-connect may cause increased battery drain but honestly it doesn’t seem to be enough to notice.

JeGr

Are you using OpenVPN Connect on iOS by any chance?

wgstarks

@JeGr said in help with forwarding for home assistant:

Are you using OpenVPN Connect on iOS by any chance?

Yes

JeGr

Perhaps take a look at https://passepartoutvpn.app/

As I don't use apple devices myself I got the hint from one of the more tech-affine people of my german speaking section, that hinted, it can selectively activate the VPN only if you're not at home e.g. you define trusted wifi networks etc.

So if you really do like/need to have VPN always on when NOT at home, you could take a look at that client and try it out as it should have more features that could come in handy.

wgstarks

Thanks

wgstarks

I installed the Passeportout VPN app. Seems to work fairly well (really too soon to be sure). The app is free but some features (including trusted networks and pre-configured VPN providers) require a small one-time fee.

johnpoz

@wgstarks said in help with forwarding for home assistant:

Passeportout VPN app

Why? Just use the FREE app from openvpn
https://apps.apple.com/us/app/openvpn-connect/id590379981

wgstarks

@johnpoz said in help with forwarding for home assistant:

@wgstarks said in help with forwarding for home assistant:

Passeportout VPN app

Why? Just use the FREE app from openvpn
https://apps.apple.com/us/app/openvpn-connect/id590379981

No support for trusted networks. That was the primary reason for the switch.

johnpoz

Trusted networks does what exactly? Clicking connect or not seems pretty much like a FREE option to me.. But if you want to pay $ for that - ok..

wgstarks

@johnpoz said in help with forwarding for home assistant:

Trusted networks does what exactly? Clicking connect or not seems pretty much like a FREE option to me.. But if you want to pay $ for that - ok..

That doesnt fit my particular use case though. I’m sure I would forget to click connect when leaving my house or forget to click disconnect when I got home. That’s why Passepartout was recommended.