I’m running my own HA locally, in my house, but I would like to be able to access it also when I’m not home. So I’ve put it on my Zerotier One VPN, which works fine. Except for two things:
-
HA no longer knows when I’m home - it thinks I’m always home;
-
Other people in my household would also like to have remote access, but it’s unrealistic to have them install and use the VPN.
So - can I just open it up, and rely on long, complex passeords? Or is that a complete no-go?
Install Fail2Ban on a free cloud VM and watch it for a couple of days. Seeing the never-ending intrusion attempts from around the world was a real eye-opener. There is no way I’d expose HA (or anything else except Wireguard) to the Internet. (Open WG ports appear closed unless they receive the correct key.)
In your situation I’d just pay for Home Assistant Cloud. It’s not expensive and will do exactly what you want to do.
For a zero cost solution I use Tasker to automatically enable a Wireguard tunnel whenever we’re not on home wifi. It allows direct access to everything on our local lan, and as a bonus prevents our wireless carrier from monitoring our Internet activities. A combination of the OpenWRT Ubus integration and a BLE integration (using inexpensive Shelly switch modules) detect when we’re home with 100% accuracy.