DJDarren

Been trying to figure out how to use a WireGuard VPN to access my #HomeAssistant from outside my home network, and, well, it's beaten me. For now.

I can ping it from other machines connected to the VPN, but I'm damned if I can actually connect to it.

Ultimately the trouble is that I don't know what I'm doing.

Feb 19 at 9:35pmWeb
Show threadDJDarrenFeb 20

TURNS OUT that just using Tailscale works fine for this. Took five minutes to set up.

I will continue trying to figure out WireGuard though, because I like the idea of not having to rely on external services, but for now, and for how often I actually need to access Home Assistant from outside my home network, Tailscale is ok.

Show threadGeoffFeb 19
@DJDarren I too don’t know what I’m doing, and my Home Assistant is deliberately not available Outside, but if I ever change that I’m going to investigate ZeroTier again. I can remember nothing about it from when I looked at it other than it seemed a nice approach. https://www.zerotier.com
ZeroTier | Next-Generation Connectivity and Cybersecurity

Connect everything, from cloud to IoT, with the next-generation global network solution. Simple, resilient, and secure networking in minutes.

ZeroTier
Show threadDJDarrenFeb 19

@OpinionatedGeek Generally I don't *need* it accessible, but if we're at the mother in laws and I need to turn something on/off, it'd be nice to have the ability.

That said, I could just use RustDesk to remote into the server.

Show threadGeoffFeb 19
@DJDarren Yeah, I’d like the ability to use the HA app wherever I was. Just… not enough (yet). (And too many bad sci-fi movies about network intrusion.) I used to have the HA server blocked from accessing the internet completely so I’m gradually coming around to the idea.
Show threadBodgerFeb 19

@OpinionatedGeek @DJDarren I'm brave (or stupid) and have just punched a hole through my home router. I have DDNS address so I can access it even if my ip changes, and it gets a lot of use.

That said, I'm in the process of moving some services to access over tailscale, and this will likely be one of them. I'll still have holes poked for plex and self hosted minecraft servers for my kid, but maybe not the access to all my home systems!!

Show threadGeoffFeb 19
@bodger @DJDarren Nice. I’ve heard others say good things about Tailscale too - I should check it out at some point.
Show threadBodgerFeb 19

@OpinionatedGeek @DJDarren I started investigating it as a way to let my university bound kid keep using spotify and netflix. Didn't work because her uni block tailscale. However... yesterday they made self hosted peer relays available to the free tier, so my plex server is now a peer relay running on port 443 (block that fascist uni IT people!), so we're going to try that this weekend.

Made me sort out my whole config, so now I'm wondering what else I can stick behind it

Show threadGeoffFeb 21
@bodger @DJDarren Just reporting back: Spurred on by this I've now actually tried ZeroTier and... it's not as good as I was expecting. I'll be undoing all of that and going with WireGuard or TailScale - you're both ahead of me now!
Show threadDJDarrenFeb 21
@OpinionatedGeek @bodger Yeah, for my meagre needs, Tailscale works just fine and is free. Took five minutes to set up, and now I can turn shit on and off when I'm out of the house.
Show threadBodgerFeb 21
@DJDarren @OpinionatedGeek my Saturday project has been to flash and resurrect my nest thermostat, get it back into home assistant, and get back to controlling the heating based on actual needs, not a schedule. Mission accomplished. Does happy dance.
Show threadDJDarrenFeb 21
@bodger I thought about doing something like that, particularly now we've got a bunch of little temperature sensors around the house (cheers @OpinionatedGeek), but honestly, the schedule that H put together when we first got the Nest installed has worked a treat.
Show threadBodgerFeb 25
@DJDarren @OpinionatedGeek I kept going with tailscale, and have now managed to turn off all the port forwards except the minecraft servers (UDP and tailscale are not friends). I'm "serving" Home Assistant and KaraKeep (a pocket replacement), and I'm "funnelling" a book server and an audio book server that I run for some friends.I've gone from 17 port forwards, to 4 (I have 4 minecraft servers)
Show threadGeoffFeb 25
@bodger @DJDarren You’ve persuaded me I’m gonna have to play with tailscale! I ordered a ZB-2 doofer to try out Thread and Matter but it hasn’t arrived yet so I have some HA time I’m not using.
Show threadGeoffFeb 26

@bodger @DJDarren Sat down to give Tailscale a go, but fell at the first hurdle: setting up a Tailscale account. I'm averse to logging in with Google/Microsoft/Github/Apple/AnythingElse - I just want a username and random 50-character password to log in to places, unconnected to identities used elsewhere, and that's getting more and more out of fashion these days.

Ah well, thanks for the info. The ZBT-2 has arrived so I'll try playing with that.

Show threadGary Feb 26
@bodger @DJDarren @OpinionatedGeek Tailscale is absolutely brilliant for extending services outside of your lan while not actually exposing them to the internet. I use it a *lot*
Show threadjamoMar 7

@bodger @DJDarren @OpinionatedGeek

Did you find multiple services on a single funnel works ok? I tried a while back and could only get it to host a single service on a tunnel, will prod at it again if it's manageable.

Show threadBodgerMar 7
@jamoquanty @DJDarren @OpinionatedGeek you can host 3. One on port 443, one on 8443 and one on 10000
Show threadBodgerMar 7
@jamoquanty @DJDarren @OpinionatedGeek and in answer to your question, yes, I'm doing exactly that successfully now. I have karakeep on 443, booklore on 8443 and audiobookshelf on 10000. All from one box.
Show threadjamoMar 7

@bodger @DJDarren @OpinionatedGeek

Awesome thanks, booklore is what I wanna add.

Will give it a spin soon.

Show threadChock GriebelFeb 20
@DJDarren consider subscribing to #NabuCasa. You’d get remote access and you’d be helping to support the development of #homeassistant
Show threadTobias WichtreyFeb 20

@chockg @DJDarren

Oh, is #HomeAssistant sponsored by #NabuCasa? Didn't know that. I'm pretty new to the game. Then I'll maybe reconsider my choice to go with WireGuard (which works for me, at least for manually checking if everything's ok at home from time to time).

Show threadGreem (Graeme. Not Graham!)Feb 20

@DJDarren "you should do what I do"*

*Actually no, don't. I run haproxy on my border router, with multiple host definitions and certificates that then get forwarded to individual hosts or VMs on my local network.
Home Assistant, Traccar (for my car), some network tools, my cameras, etc etc.

Definitely one of those "I do this at scale at work" things!

Show threadDJDarrenFeb 20
@greem Some of your words made sense, even in that order!
Show threadGary Feb 20
@DJDarren that’s because @greem is highly optimised for Out Of Order Execution pipelining 😆
Show threadGreem (Graeme. Not Graham!)Feb 20
@WiteWulf @DJDarren this is correct. I am frequently bang out of order.
Show threadGary Feb 20
@greem @DJDarren “Bang! Out of order” usually infers release of magic smoke 😀
Show threadGary Feb 20
@greem @DJDarren similar here: nginx proxy manager on my big box in the DC that runs all the Plex stuff, and SWAG (same but smaller) on my home server that runs HA. The HA clients have a feature to let them work out if they need to try and connec to the http or https version of the service depending on the network, which is neat.
Show threadI can’t believe its not @twcauFeb 20
@DJDarren I ended up using Tailscale for this purpose, which is based on Wireguard, and is free for home use cases.
Show threadI can’t believe its not @twcauFeb 20

@DJDarren Forgot to mention, there’s an in built app in HA for Tailscale: https://www.home-assistant.io/integrations/tailscale/

https://tailscale.com/blog/remotely-access-home-assistant

Tailscale

Instructions on how to integrate Tailscale within Home Assistant.

Home Assistant