Often smart home automation enthusiasts want to access their Home Assistant instance remotely. This can be done by exposing the Home Assistant instance to the internet. However, this is not a secure way to access Home Assistant remotely and pose the risk of cyber attacks. In this article, we will see how to use Tailscale VPN to securely access Home Assistant remotely.
During these days of the war in Israel stemming from the brutal and violent terror attack of Hamas, there have been some reports of cyber attacks on Israeli citizens and their smart home devices.
בארבע לפנות בוקר הבית שלי התחיל להשתגע. תריסים עולים ויורדים בלי הפסקה, אורות נדלקים וכבים בכל רחבי הבית. האמת? די מפחיד בהתחשב בעצבים הרופפים שלנו עכשיו. הרגיש כמו בסרט כשרוחות משתלטות על הבית. פתחתי את ארונות חשמל לנסות להבין מה קורה, ניתקתי את הבקר האפליקציה של החשמל חכם…— Liad Agmon (@liadagmon) October 13, 2023
Home Assistant Remote Access
Home Assistant is a popular open-source home automation platform. I use it myself with a range of Zigbee and Wi-Fi devices to control various electronic devices and automate scenes. More often than not, Home Assistant is a self-hosted platform that usually is installed on a Raspberry Pi or a Linux server (sometimes, containerized with Docker).
To manage your smart home, Home Assistant comes with a web-based application that can be accessed using a browser and allows access to various configuration, dashboard and controls. There’s also a native mobile app available for Android and iOS. However, to access Home Assistant remotely, you need to open it up to the Internet to be able to access it from outside your home network (your local Wi-Fi network).
To securely access Home Assistant remotely, one way is to employ a VPN (Virtual Private Network) to connect to your home network and then access Home Assistant. This is a secure way to access Home Assistant remotely and is the recommended way to do so.
Home Assistant and Tailscale VPN
We’ll use Tailscale as a remote access VPN application that essentially establishes network connectivity between your mobile device and the Home Assistant installation. As such, this guide is going to focus on these two-parts:
- Install Tailscale on Home Assistant
- Install Tailscale on your mobile device
What is Tailscale?
Tailscale is a mesh VPN service that makes it easy to connect your devices, wherever they are. It is a VPN (Virtual Private Network) that works like a single sign-on for your devices. It is a zero-config VPN that works on any device, behind any firewall. The free tier is generous and is a great way to get started with Tailscale VPN for your smart home.
Install Tailscale on Home Assistant
In the Home Assistant web interface, go to Settings and then Add-ons. Click the ADD-ON STORE button to view all Add-ons available from both official and community sources, and then search for Tailscale. Click on the Tailscale add-on and then click the INSTALL button to install the add-on.
Once the add-on is installed, toggle on the Start on boot, Watchdog, and Auto-update options. Then click on the START button to start the add-on.
Once the add-on is started, click on the OPEN WEB UI button to open the Tailscale web interface. Continue to login with your Tailscale account until you’re greeted with connecting a device to your Tailscale network.
Once you’ve approved the connection you’ll receive a confirmation message that the device is connected to your Tailscale network:
Login successful Your device homeassistant is logged in to the Tailscale network.
Install the Tailscale VPN client on your mobile device (Android)
Tailscale makes it easy to deploy from multiple endpoints such as Linux, macOS or Windows but to access Home Assistant on the road, you’d want to install the Tailscale VPN client on your mobile device.
Head over to the Tailscale download page and download the Tailscale VPN client for your mobile device. In fact, the previous step of connecting your Home Assistant instance to your Tailscale network should’ve redirected you to the download page:
Upon successful installation, sign-in you should be able to see a successful VPN connection between your Home Assistant instance and the mobile device as well as test the connection through a
ping command you can execute from the Home Assistant instance:
Connecting the Home Assistant instance to a remote Tailscale device
What we’ve done so far, is successfully establishing a network between the operating system running the Home Assistant node, to any remote clients.
What’s needed next, is to specifically forward routes of the home network which the Home Assistance node is running on (for example, your
192.168.0.0/24 local network) so that the endpoint device can access the Home Assistant instance.
This configuration is needed so that when opening the Home Assistance mobile device to connect to the Home Assistance web interface over an IP such as
192.168.1.0, this routing enables HTTP requests through the Tailscale VPN network that determinate on the Home Assistance node on which the Tailscale VPN is running on:
Stay safe and secure ❤️