Access Hubitat through internet

Is there an easy way with detailed steps for non-experts to use a vpn for accesing the hub from the internet? I see some suggestions but no firm steps. Sorry I am new at hubitat just rcvd my hub some days ago and discovering everything about it and just found that I have to create rules connected to the hub locally but normally I want to create my automations at any time when I have free time including when I am not at home

The answers vary according to what you have that will respond to a VPN.

Your home router may support a VPN product, perhaps even OpenVPN. In many ways that's ideal because it's probably well documented.

If not though, take a look at openVPN to see if you do have something it can run on... a device that's always on. Raspberry PI's are often used, but they can be underpowered once you discover all you can do. Trying to run multiple video streams from you house full of cams would be taxing.

Once we know what YOU have, we might be in a better position to advise.

I do not have a raspberry but I have an android samsung s3 phone that is always powered on and at home. Can this be used?
How to know if my router supports VPN?

What Router do you have? Make and Model number?

I'm just installing a VPN server at a client's house. He has an Asus AC68U.
I'm installing openvpn, and using the instructions from this youtube. It's relatively easy:

It is a Tenda model N150, it was a cheap one, not sure if would support VPN

It doesn't support OpenVPN natively. I'd recommend getting an RPi3 (or some other SBC) and running OpenVPNd on it. There are openvpn clients available for just about every platform you can think of.

sorry if I make stupid questions but I am totally new on this things. Can this be ran in a Samsung S3 mobile (that I have on hand) instead of a RPi3?

No

@JasonJoel answered this. So I'm linking to a simple way to get an openvpn server running. All the instructions you need are either on that page or linked to on that site.

ok, will take a look and try, thanks a lot

I use port forwarding on my router (ASUS) and a VERY strong username/password for my Hubitat local access. That way I have access to the device through Internet as if I were on the same local network.

Works great.

1 Like

Port forwarding is not safe these days.

1 Like

It's perfectly safe...

You know, unless there is any exploitable bug in the underlying web server on the hub, someone brute forces the account, someone thinks it's fun to DoS the web server just because they can see it, etc.

Oh wait... Maybe you are right. :wink:

6 Likes

Can you guide me on how to do port forwarding? I am new to all those things and I saw this is needed in the last steps on the simple form to create a von that aaiyar suggested

The exact steps will depend on your router, have you checked the user manual? It should cover how to do that.

Please, please, please do NOT use port forwarding to access your Hubitat Hub remotely. Using a local OpenVPN server is a much more secure option, and allows you to access everything on your home network when you're away from home.

3 Likes

I had a similar discussion with a client the other week... "I put remote desktop protocol [RDP] port forwarded to a non-standard port... That plus the login requirement makes it fine to be exposed to the internet.". In short, I say no that's not enough and explain why. We agree to disagree, I document such, and I move on with my life.

Fast forward 3 days, I get a call - "I'm not sure what happened, but we have ransomware on our RDP server". They do some investigating, and yeah someone external blasted right through the RDP [brute force password attack that their group policy didn't limit/prevent], then moved laterally through their network with a different exploit (killing their backup server 1st thing so they couldn't restore)... yadda yadda yadda... "What can I do????? We're going to lose everything!!!"

Back to Hubitat - you have no idea how the web server is configured, what the security looks like, how often they roll back end http daemon patches in, etc. You would be very "risk tolerant" to expose a Hubitat hub directly to the internet. So if you do, good luck.

OpenVPN, or other secure tunnel, is the way to go. The downside is there is no "one set of instructions" on how to set it up. Depends on what you are setting it up on, and what the rest of the network/edge security looks like.

4 Likes

100%. Although to be clear, this is what @Aldo is trying to setup based on a link that I sent earlier to setup OpenVPN on an RPi.

I think that @Aldo has setup OpenVPN on an RPi that is on his network. He now needs to setup port-forwarding on his router, so that connections to UDP (or TCP) port 1194 are forwarded to his RPi with OpenVPNd running.

And as @marktheknife indicated, the precise steps are totally dependent on the router being used.

1 Like

I hope so. It was just that his question was in response to this specific post above...

I use port forwarding on my router (ASUS) and a VERY strong username/password for my Hubitat local access. That way I have access to the device through Internet as if I were on the same local network.

Works great.

I just don't want @Aldo to end up like @JasonJoel's client.

3 Likes

Agreed, @aldo’s last post was potentially confusing because he/she was replying to a post that referred to port forwarding directly to the hubitat hub, something that most of us are on the same page is potentially very risky.

But in the last part of that post, @aldo seemed to be referring to @aaiyar’s suggestion to setup a PiVPN server:

Assuming β€œvon” was an autocorrect of β€œvpn.” :wink:

2 Likes