DEV Community

Liran Tal
Liran Tal

Posted on • Originally published at lirantal.com on

How I Deployed Tailscale VPN to Securely Access Home Assistant Remotely

Often smart home automation enthusiasts want to access their Home Assistant instance remotely. This can be done by exposing the Home Assistant instance to the internet. However, this is not a secure way to access Home Assistant remotely and pose the risk of cyber attacks. In this article, we will see how to use Tailscale VPN to securely access Home Assistant remotely.

During these days of the war in Israel stemming from the brutal and violent terror attack of Hamas, there have been some reports of cyber attacks on Israeli citizens and their smart home devices.

בארבע לפנות בוקר הבית שלי התחיל להשתגע. תריסים עולים ויורדים בלי הפסקה, אורות נדלקים וכבים בכל רחבי הבית. האמת? די מפחיד בהתחשב בעצבים הרופפים שלנו עכשיו. הרגיש כמו בסרט כשרוחות משתלטות על הבית. פתחתי את ארונות חשמל לנסות להבין מה קורה, ניתקתי את הבקר האפליקציה של החשמל חכם…

— Liad Agmon (@liadagmon) October 13, 2023

Home Assistant Remote Access

Home Assistant is a popular open-source home automation platform. I use it myself with a range of Zigbee and Wi-Fi devices to control various electronic devices and automate scenes. More often than not, Home Assistant is a self-hosted platform that usually is installed on a Raspberry Pi or a Linux server (sometimes, containerized with Docker).

To manage your smart home, Home Assistant comes with a web-based application that can be accessed using a browser and allows access to various configuration, dashboard and controls. There’s also a native mobile app available for Android and iOS. However, to access Home Assistant remotely, you need to open it up to the Internet to be able to access it from outside your home network (your local Wi-Fi network).

To securely access Home Assistant remotely, one way is to employ a VPN (Virtual Private Network) to connect to your home network and then access Home Assistant. This is a secure way to access Home Assistant remotely and is the recommended way to do so.

Home Assistant and Tailscale VPN

We’ll use Tailscale as a remote access VPN application that essentially establishes network connectivity between your mobile device and the Home Assistant installation. As such, this guide is going to focus on these two-parts:

  1. Install Tailscale on Home Assistant
  2. Install Tailscale on your mobile device

What is Tailscale?

Tailscale is a mesh VPN service that makes it easy to connect your devices, wherever they are. It is a VPN (Virtual Private Network) that works like a single sign-on for your devices. It is a zero-config VPN that works on any device, behind any firewall. The free tier is generous and is a great way to get started with Tailscale VPN for your smart home.

Install Tailscale on Home Assistant

In the Home Assistant web interface, go to Settings and then Add-ons. Click the ADD-ON STORE button to view all Add-ons available from both official and community sources, and then search for Tailscale. Click on the Tailscale add-on and then click the INSTALL button to install the add-on.

Home Assistant Tailscale add-on from the store

Once the add-on is installed, toggle on the Start on boot , Watchdog , and Auto-update options. Then click on the START button to start the add-on.

Once the add-on is started, click on the OPEN WEB UI button to open the Tailscale web interface. Continue to login with your Tailscale account until you’re greeted with connecting a device to your Tailscale network.

Connect an endpoint device to a Tailscale network

Once you’ve approved the connection you’ll receive a confirmation message that the device is connected to your Tailscale network: Login successful Your device homeassistant is logged in to the Tailscale network.

Install the Tailscale VPN client on your mobile device (Android)

Tailscale makes it easy to deploy from multiple endpoints such as Linux, macOS or Windows but to access Home Assistant on the road, you’d want to install the Tailscale VPN client on your mobile device.

Head over to the Tailscale download page and download the Tailscale VPN client for your mobile device. In fact, the previous step of connecting your Home Assistant instance to your Tailscale network should’ve redirected you to the download page:

Tailscale setup screen shows the tailscale VPN client application install

Upon successful installation, sign-in you should be able to see a successful VPN connection between your Home Assistant instance and the mobile device as well as test the connection through a ping command you can execute from the Home Assistant instance:

Successful Home Assistant connection to Tailscale and the Tailnet connection established on an Android mobile device

Connecting the Home Assistant instance to a remote Tailscale device

What we’ve done so far, is successfully establishing a network between the operating system running the Home Assistant node, to any remote clients.

What’s needed next, is to specifically forward routes of the home network which the Home Assistance node is running on (for example, your 192.168.0.0/24 local network) so that the endpoint device can access the Home Assistant instance.

This configuration is needed so that when opening the Home Assistance mobile device to connect to the Home Assistance web interface over an IP such as 192.168.1.0, this routing enables HTTP requests through the Tailscale VPN network that determinate on the Home Assistance node on which the Tailscale VPN is running on:

Configure accessible subnets via the Tailnet Tailscale network

Stay safe and secure ❤️

Top comments (0)