Sign in Subscribe

Remote control of Home Assistant using Tailscale

Remote control of Home Assistant using Tailscale
Photo by Panos Sakalakis / Unsplash

In our first Home Assistant post, we covered a basic Home Assistant installation. This post covers access from outside the local network.

Home automation devices sometimes need to be viewed when you're not at home; security cameras come to mind. Once you can connect up to your home from outside, you can make ad hoc changes like turn the heating on or check that your pets are content.

You do, however, have to make sure that you don't introduce security risks such as opening ports on your firewall. That could cause all sorts of problems like some nutter in Moscow accessing your camera feeds. You definitely don't want that!

If you're not a techie, the easiest solution is going to be subscribing to the Home Assistant Cloud by Nabu Casa. By subscribing you are helping to fund further development by Nabu Casa of both Home Assistant and ESP Home. This will cost around £65 a year but you should have full peace of mind that your connection is safe and secure with full support from Nabu Casa themselves.

Another cost effective solution is to use VPN software like OpenVPN or Tailscale. Tailscale has a free tier that allows three users and up to 100 devices which will be plenty for 95% of Home Assistant use cases.

I opted to try Tailscale based on a few recommendations I'd seen in the Home Assistant forum and other Home Assistant groups. The Tailscale site has great documentation for getting started including a YouTube video that demonstrates how easy it is. Go ahead and watch the video then connect up to Tailscale from your mobile phone and any other computers that you use to connect up to your Home Assistant server.

You authenticate using a single sign-on SSO identity provider such as Google, Apple, GitHub, Microsoft, Okta or OneLogin. Make sure that you use two factor authentication rather than just a password or else you risk making your new network susceptible to a password hack.

Connect your Home Assistant server to your new Tailscale network (Tailnet)

Carry out a full backup of your Home Assistant Server instance (to ensure that you can revert back to what you currently have).

Follow the installation instructions here to install and configure the Home Assistant Community Add-on: Tailscale.

Open this add-on in your Home Assistant instance.
  1. Click the Home Assistant My button (see above) to open the add-on on your Home Assistant instance.
  2. Click the "Install" button to install the add-on.
  3. Start the "Tailscale" add-on.
  4. Check the logs of the "Tailscale" add-on to see if everything went well.
  5. Open the Web UI of the "Tailscale" add-on to complete authentication and couple your Home Assistant instance with your Tailscale account. Note: Some browsers don't work with this step. It is recommended to complete this step on a desktop or laptop computer using the Chrome browser.
  6. Check the logs of the "Tailscale" add-on again, to see if everything went well.
  7. Done!

Make a note of the Tailscale private IP address that has been assigned to your Home Assistant server instance. You should be able to access your Home Assistant server both on your internal network and from outside your firewall in the cloud using this new IP address.

http://10.x.x.x:8123

Although you are using http rather than https, you can be content in the knowledge that your traffic is end to end encrypted.

Once you have got basic connectivity, you need to test thoroughly to ensure that your server can reach all the devices that it connected with prior to this installation. You can fine tune your Tailnet to add additional features as well as providing additional controls.

The six minute YouTube video below shows the installation procedure.