Tinkerer

Tinkerer

Tinkering with technology for a long long time. I was once a sysadmin, but then I saw the light and escaped.

Remote access via PiVPN

2 minute read

I’ve already talked about setting up remote access, and configuring SSL certificates for Home Assistant. What though if you’re not using cloud services, and just want to be able to interact with Home Assistant (or anything else on your network) while you’re away. Or maybe just avoid having the owner of the coffee shop being able to see your traffic?

The answer is a VPN, but traditionally they’ve been a bit of pain to set up. Thankfully PiVPN has provided a simple, free, option (and you don’t even need to have a Pi to use it).

Before you begin

You need four things

  1. A dynamic DNS hostname that you update automatically (see this guide if you’ve not got one)
  2. A (UDP) port forwarded to your new VPN server
  3. A computer running some type of Linux to run PiVPN on
  4. Devices that can run the OpenVPN client

I’m going to assume that you can read the other guide to sort out the first two

Install PiVPN

If you’re running Docker, take the simple step and use this. Otherwise follow the instructions at the PiVPN site.

Set up PiVPN

The defaults are mostly sensible, and the most complicated step will be ensuring that your system has a fixed IP on your network.

Change:

  • The port number - pick something higher, up to 65535. It doesn’t add real security, but it makes it less likely that somebody who’s scanning the Internet for OpenVPN servers finds yours.
  • The address clients use to your dynamic DNS hostname.
  • If you run your own DNS servers, select these here, otherwise pick whichever works for you.

Reboot, and you’re done with the server set up.

Client configuration

Install your choice of OpenVPN client on your device. I like the official clients, but there are other choices for most platforms.

Every device you’re using should have it’s own certificate and configuration file. Setting these up requires that you run

$ pivpn add

Then answer some two questions:

  • Give it a unique name that allows you to identify it
  • Provide a pass phrase. Optional - you can just hit enter, and then the device can connect automatically with just the certificate and configuration. If you do that though, do secure the device with encryption and an automatic lock (and something other than face or pattern to unlock).

It’ll then tell you what it called the configuration file, and where it is.

Copy this configuration to your device. How you do this depends on whether you’re using Windows, Linux, Android, iOS etc. On Android for instance you can copy the file to your phone and then use the option in the client to Import Profile from SD card. If you’re using iOS then you have to use iTunes to sync the configuration across.

Now, if you’re using a mobile device, disconnect from WiFi and test it out. It should connect in a few seconds, at which point you’re now up and running.

If you’re on Android, and a Tasker user, see this blog post on having Tasker manage the VPN connection. If you’re on Android 8 (Oreo) then the official OpenVPN client registers in the system VPN panel, and you can configure it to be always on there.

You May Also Enjoy

Ulanzi TC001 Smart Pixel clock

3 minute read

Update 2024-03-11: Well, I bought another one and the LaMetric is now in the drawer. The only thing missing was a native weather app, so I wrote an automatio...

Cloudflare tunnels with authentication

4 minute read

I mentioned before that I was using Traefik, what I didn’t say is that I was also using Authentik for authentication. Sometimes as forward auth (providing au...

Limited remote access for Home Assistant

2 minute read

I mentioned on the Home Assistant forum about allowing access to only the bits you need, and that I do this for the mobile app. I didn’t mention what that me...

WiFi sensor into device tracker

1 minute read

Something that makes for a great home/away tracker is the Android app’s connected WiFi sensor, or at least it would if it was a device tracker.