this post was submitted on 04 Oct 2024
14 points (100.0% liked)

homeassistant

12019 readers
15 users here now

Home Assistant is open source home automation that puts local control and privacy first. Powered by a worldwide community of tinkerers and DIY enthusiasts. Perfect to run on a Raspberry Pi or a local server. Available for free at home-assistant.io

founded 1 year ago
MODERATORS
 

Hi everyone

So, that's a 2 in 1 post. First a more general question then looking for advice for a friend.

  • What is your preferred way to access HA from outside (and why)?

  • a friend of mine use duckdns and I often read (recently) that some people are having issue with it. Is wireguard a better way or another solution that is not too techy to deal with?

you are viewing a single comment's thread
view the rest of the comments
[–] wewbull@feddit.uk 8 points 1 month ago (1 children)

Very different solutions.

  • DuckDNS: you expose your HA to the internet like a public website and register it's address with DuckDNS so you can look it up.
  • Wireguard: you VPN to inside your firewall and can access anything on your private network.

Wireguard all the way. Exposing just a VPN endpoint that can't be connected to without the right cryptographic keys is a much more secure and maintainable attack surface.

BTW I assume that's what you meant by "DuckDNS". Using that service is orthogonal to making HA visible externally, but is (I think) the common pairing.

[–] paf@jlai.lu 1 points 1 month ago (2 children)

Thanks, wireguard sound much better then for just accessing HA, wonder why is duckdns so popular then

[–] sxan@midwest.social 3 points 1 month ago

Because DuckDNS means you don't have to buy your own domain. I don't know their product offerings; they might offer VPN services, like Mullvad.

Wireguard doesn't provide you with a DNS entry. Without a domain name, you'll have to always either edit your hosts file on every computer you use, or access your services via IP (https://65.147.69.34:8080/), whether or not you have Wireguard. DuckDNS lets you create http://pafha.duck.dns (or whatever). Using subdomains also helps with reverse proxying, because routing rules are usually configured by host name. For example, your proxy server can route pafha.duck.dns requests to port 8124, which is where your Home Assistant is listening; while pafmympd.duck.dns proxies to port 8091 which is where your MyMPD server is listening. If you own your own domain, you don't need DuckDNS. If you don't, it's very useful.

Wireguard gives you a VPN. It's for creating encrypted subnetworks. Security, and privacy. It doesn't solve the DNS problem.

[–] corona@social.kendoo.eu 1 points 1 month ago (1 children)

@paf @wewbull maybe also have a look at Tailscale

[–] paf@jlai.lu 1 points 1 month ago

Will check that, thanks