The outbound VPN is a different story but can you trust the VPN provider. I wouldn't trust most of them, especially the free services. Proton mail perhaps. Tor is an option for both in and out.
to set the CRD in Raspberry is it the same as in microsoft windows?? the internet browser I have installed is chromium so is it the same as chrome but is just the Raspberry name? or I have to download exactly Chrome in my raspberry? Actually I tried in Chromium and found the Chrome remote desktop page but when I click on the download button nothing happens..
It has been a while since I have had a Pi up and running but I have lots of Linux machines connected. I will dust off a Pi and see what I can see. It may take a while.
1 Like
If it’s free, then you are their product! This is why Google offers free email, free search engines, free Android OS, etc...
Apple products may cost more, but I do feel they take customer privacy more seriously than most other companies.
2 Likes
I have both Apple products and Android products. I have no problem with Google knowing what I do. They don't share that information. Your iPhone may be secure but your phone provider knows everywhere you go, how long you were in one spot . . .
Since this is probably an older generation device with pretty limited WiFi throughout, if you’ve been considering getting a new one, Asus routers could save a lot of headaches for you.
My Asus router has a built-in VPN server and Asus also offers free DDNS.
2 Likes
+1 for VNC Viewer. Just set it up on a RPi and it works a dream. So cool. No need to mess about with a VPN.
Plus it is free (if you can find the appropriate button) 
1 Like
Another option is a domotz. It primary use was to allow access and support of Audio/visual and smarthome solutions that could not be cloud managed. Devices hat required telnet, ssh, snmp, http or https management.
I was introduced to it by Magnolia that was doing a very large control4 Install. It is what Magnolia uses to manage and support customers.
Device is $99 on amazon and for $3 a month it will allow you to do the following:
Monitor every ip device on your network.
Monitor your internet throughout.
Manage devices over snmp
Monitor access points even ubiquiti
This is where accessing Hubitat can be beneficial.
Allow you to securely access any device any ip on any port tcp/udp from mo Ike or laptop.
They will be integrating vpn into their platform.
Also provides alerting.
Another option is the synology router which is the only Prosumer router that I have found that support true Webvpn like Cisco Firewalls.
It also offers the ability to log into the router interface and use rdp and vnc built into the html5 web interface eliminating the need for having a vnc client installed on the computer you are using.
It also has the ability to bookmark internal pages on the routers web interface when accessing remotely and redirects the web interface of the hubitat to the routers web interface securely. Preferably Chrome or Firefox.
Synology Router is $139 or $199 via Amazon.
+1 for VNC Viewer. I find it a little slow and clunky sometimes but it gets the job done and it was incredibly easy and painless to setup. And as mentioned, it's free.
Please, please, please be careful using any desktop sharing apps (like VNC or RDP) without a VPN. While it works, you're also exposing your home network to the attention of hackers, who know how to exploit these tools. I personally know too many people whose home systems have been hacked by forwarding ports through their router to insecure systems on their home network.
Also, the remote desktop apps are very clunky to use on mobile devices, like a smart phone. The beauty of a VPN connection is that it is very secure, and affords you the exact same experience as being on the LAN. This means mobile device aware wen applications, like the Hubitat Elevation Admin UI, will work much better than trying to remotely control a browser session on a remote desktop.
7 Likes
This - 100%. I want to mention another option that is also secure, works really well for web-aware applications, and is little easier to setup than a VPN.
Use ssh to create a SOCKS proxy. Very easy to setup and has end-to-end encryption. While the article I linked to has instructions for Linux, the same instructions work for Macs. And there are options available for Windows as well.
I use Teamviewer, it is very secure and is free for personal use. I can connect to any of my computers from outside my house and control anything on any of them.
I think there is sometimes confusion when speaking about remote desktop solutions like TeamViewer, RDP, Chrome Remote Desktop and VNC. Teamviewer and Chrome Remote Desktop being the exception on one side because it only allows control through their authenticated hosted servers. RDP on the other end because it only allows direct control via it's local IP. VNC is in the middle because it allows both direct ip and control via their authenticated servers.
What @ogiewon is strongly advising against is the use of VNC or RDP where you forward a port on your router to any device on your network to allow direct control of said device. This is a BIG no no. You are begging to be hacked and will probably be granted that wish within a short time.
The authenticated hosted servers are a much better option (I used it for many years myself) but I still feel you are exposing yourself to some degree as you are basically one password away from total control of your desktop by someone with bad intentions.
I personally prefer the VPN route as it creates a secure tunnel between you and your network and if setup correctly will be a lot more difficult to hack. I then use local desktop control software like RDP or VNC to remote control my workstations if necessary. The remote desktop software is ONLY exposed to my LOCAL network so the risks are a lot less. I rarely even use the remote desktop software because when connected to the vpn, I'm essentially sitting on my home network and can access HE and other devices directly on my phone.
What route someone takes is up to them but it's always good to know the difference and potential exposure of each option.
4 Likes
I agree. 2-3 years ago, TeamViewer had a massive password leak. Although, to be fair, since then, they've added 2FA. And are arguably a secure service now.
I prefer the degree of control offered by openVPN or ssh myself.
2 Likes
I would love to try these other options but I cannot seem to set them up on my RPi. I've tried loading all sorts of different programs including Chrome remote desktop but cannot seem to get it on my RPi.
If anyone else has any ideas how or what to use on my RPi I'd be more than happy to give it a try. Just can't do it.
How do you plan to connect to the rpi?
Via vpn and then use a remote desktop software or directly via a 3rd party hosted server like teamviewer?
I would like to be as secure as possible and I must confess I thought VNC was. I have this on my mobile devices and the RPi on my home network and that is how I connect to my HE hub remotely should I need to.
EDIT: I'd be happy to try anything and like I've said, this is the only thing I can seem to get on the rpi.
Are you logging on with a VNC account and then connecting into your pi? If so that is "relatively" secure. If you are forwarding ports to your Rpi and connecting to it directly through the Internet, then my recommendation is to disable this immediately.
Next question is, does your router support configuring a VPN natively? If you are not sure then share your make and model.
Yes I have a user ID and password to log into the RPi. It's quite a strong password. passw0rd. Not really just joking. 
I have opened a port in the 'Port Forwarding' section on the router.
This is the information I have put into that section.
![image|318x102]
I really don't know.
My internet provider is Virgin Media in the UK and this is the hub info.
Other info I've found using 'FING' is that it is a Netgear VMDG490
