DIY Smart Home EP5 – Access Your Smart Home Anywhere!
|One of the key advantages of internet connected smart home kit like Philips Hue or Samsung SmartThings is the ability to access and control your smart home tech from anywhere with an internet connection. That’s also a downside, as generally it means a much higher risk of anyone controlling your smart home tech from anywhere. Regardless of that, by default with a self-hosted system like the one we have been setting up in this series you won’t be able to access or control anything if you aren’t connected to your home WiFi or network.
To solve that problem, as always there are an endless number of options you can use, but the two I want to mention here include what I would consider the “easy, but paid” option, and the “a little effort but free” style instead. The former, paid option, is Home Assistant Cloud. It’s made by the founder of Home Assistant, their “sister company” Nabu Casa, and at least appears to be a pretty painless option as they handle everything for you. You can sign up from your Home Assistant dashboard and get a free 31 day trial, then enable the Remote Control setting and hey-presto it’s done! The only catch is after those 31 days are up, you’ll need to part ways with $6.50 per month, or $65 per year if you live in the USA.
If that tradeoff sounds fine to you, that’s perfectly reasonable! I’m no elitist, while personally I’m comfortable setting things up myself and willing to spend a few minutes getting it running, not everyone shares my preferences, so if the time, effort and knowledge requirements of the DIY solution don’t work for you, take a look at Home Assistant Cloud.
On the other hand, if you don’t mind a little bit of tinkering to save yet another subscription charge coming out of your account every month, the rest of this video is for you! My “a little effort but free” option revolves around a VPN – Virtual Private Network – specifically a WireGuard VPN. But, let’s step back and answer – what is a VPN?
A virtual private network is kind of a does-what-it-says-on-the-tin type thing, it’s a virtual, private network, it’s a way for your machine (like your phone) to talk to say your Home Assistant server as if it was on the same local network. That includes communicating over the internet, but the “private” part of the name has you covered there. All your data, whether it was encrypted already or not, gets encrypted before leaving your device and can only be decrypted by your VPN’s server. You might have heard the term before as a product you can buy, like NordVPN or Private Internet Access VPN, but while those are still VPNs, those are little more like a fancy proxy service allowing you to tunnel your traffic securely to different locations and limit data collection by middlemen like your Internet Service Provider (ISP).
Ok, that’s great, but what’s this ‘WireGuard’ thing? WireGuard is a pretty popular open source option with easy setup, great performance and some rather nice features. The one I use the most is the option to have, as the UNRAID plugin I run it from shows, “Remote access to LAN”. This means any devices I add to my VPN, like my phone or laptop, can, from anywhere with an internet connection, access my whole home network. That means I can work remotely – still from my NAS at home – access any files or run backups securely, or even remotely control and manage things like Home Assistant.
The only catch is that when your phone tries to connect to your Home Assistant server remotely, it kind of needs to know where to go, right? Well that’s easy, your router has a public IP address, just point there! Except, unless your ISP specifically provides you with a “Static IP address” (like my ISP, Zen Internet here in the UK, highly recommended, your price is fixed for as long as you are on that plan, you get a free static IP, actually helpful UK support – anyway), chances are you don’t have a static IP and instead have a dynamic IP address. Basically, your ISP – someone like BT or Virgin here in the UK, or Comcast or Verizon in the US – is playing a game of hot potato with what address actually leads back to you and your network.
Imagine there was a limit on how many street names were possible, so your local council had to change which street name your house was on regularly. Giving out your address would be pretty pointless, as it would be possible that by the time someone starts navigating to you, the street name you gave them was now moved to the other side of town where you, well, aren’t. That’s what’s happening with your ISP, it’s called NAT or network address translation, or CG-NAT, carrier grade NAT, specifically, and it means your current public IP address is liable to change at any point.
Luckily there is a pretty easy solution for that. You’ll need to use a dynamic DNS service, like Duck DNS, which is a free and relatively open source project by two UK ISP techs run from AWS. You’ll want to set up an account and pick a subdomain, then head to Home Assistant and install the Add-On from the Add-On store. Basically, the add-on tells Duck DNS what your current public IP address is, they save that, then when you connect to your VPN, your phone will ask their server where your home network actually is, and will be directed to the right place.
As for WireGuard, if you happen to be following along with this series using UNRAID, the WireGuard plugin is excellent and makes setting the whole thing up literally like 3 clicks. Highly recommended. Of course if you are running Home Assistant from a Raspberry Pi, you’ll want to use the Home Assistant Add-On instead. This is a little less user-friendly than the UNRAID plugin as you’ll need to set up the config file manually, although the example is pretty plug and play, beyond changing your host address to your Duck DNS link, and possibly changing the IP addresses for your server and clients.
You will need to port forward port 51820 on your router – every router is slightly different so I won’t go crazy explaining how to do it but it’s normally under “Permit Access”, “Internet Access” or just straight up “Port Forwarding”. Once that’s done, you’ll need to open the QR code saved at “/ssl/wireguard/myphone/qrcode.png”, and use the WireGuard app to scan it to set up your new tunnel there and that should be it!
On iOS devices you have the option to have your phone automatically enable the connection whenever you are not connected to your home network, although that feature is sadly missing from Android devices. There are plenty of workarounds, although leaving WireGuard connected all the time hasn’t caused me too many problems so that’s likely fine too.
So, to recap. If you want an easy, pain-free solution and don’t mind paying a subscription fee, then check out Home Assistant Cloud. If you don’t mind doing a bit of work to set up Duck DNS and a WireGuard VPN, then save your cash and do that. Like I’ve said, there are a million ways you can go about this, including if you have a VPS like a Digital Ocean Droplet running the dynamic DNS service yourself and hosting the VPN there instead, or, well a load of other options. Hopefully the two I’ve outlined here will be useful for the majority of people.