Another Noob VPN Question

I don't have the time to build a Raspberry Pi and set it up as my VPN so I will, at least for now, be using a commercial VPN service. I also have use for a commercial VPN while I travel. It will be nice to have in hotels. I want to ascertain that if I buy a router that allows me to set up a VPN in my home that I will be able to remotely access my Elevation hub. The VPN router (likely a Linksys) will be downstream of the Motorola Gateway that serves as my cable modem and wi-fi/hardwire router. My specific question is how I will access the Elevation hub and control it via the web. Will my Motorola gateway allow access downstream? How is this accomplished? Via an IP address or via software or an app associated with the VPN? Thanks for the help!

Just curious why an inexpensive Pi is not an option but a new expensive Linksys router is?

I have instructions on how to quickly setup a VPN gateway on Pi. Really is super easy and secure. Plus you can use that for travel and VPN into your network and then out.

1 Like

If you're thinking of a commercial VPN service like PIA (Private Internet Access), that is really not going to help you access your home network when on the road. Those services allow you to increase your privacy and make your client devices appear to be in a different location (especially useful when trying to access US sites when traveling abroad.)

What is needed to access your Hubitat Hub's Admin web page when on the road, is to have your home become a VPN server. Then, your VPN client device would connect directly to your home to be able to access the hub, and every other device on your home network.

1 Like

aaron. Limited time plus the fact that I've never done anything like this before. I have to learn every aspect of building it and loading it with an OS and all necessary software and make it all work and I don't know that it won't get complicated by my inexperience and by technical difficulties. I would love to but can't devote days to making it work. Do you think it would go smoothly?

ogiewon. So it seems that I will have to go the Pi route. I have read into it and guess I'll start ordering hardware.

aaron. i don't know if the instructions you have are the ones I've seen in other threads but I'd love to see what you have. Thanks!

I actually use my Asus RT-AC86 router as my VPN server (built-in functionality). Your configuration with the Motorola Gatway complicates this design.

ogiwon. More confusion. Your VPN must connect to the internet somehow. How do you do that if not through and ISP?

I connect through a cable modem. That cable modem does not behave as a router whatsoever. If your ISP provided solution is a router for your house, you have to be careful when adding another router behind it. Home routers use a technology called NAT (Network Address Translation) which works great when there is only one NAT device on your network. If you place a second NAT Router, behind an existing NAT router, things get complicated very quickly.

If you can place your Motorola Gateway into what is known as Bridge Mode, instead of NAT Router Mode, then you could use my design very easily. However, it will mean your entire home network will go through a bit of upheaval in the process.

If home networking is not something that you have a strong understanding of, I would recommend against adding a router behind another router. It can be done, but it is not for the networking novice.

Using a Raspberry Pi as a VPN Server is a decent option. You will still have to deal with some networking challenges as you will have to forward ports on the Motorola Gateway to your RPi. You will also probably need a Dynamic DNS solution. Many users have successfully set up a Pi as a VPN server using the following solution -

1 Like

The post below was particularly helpful when I initially setup my Raspberry Pi. I felt like setting this up might be a bit beyond my skillset but this video made me comfortable that I could get this done. Watch the whole video to see if it feels like something worth attempting.

1 Like

ogiewon. First of all thank you for taking the time to explain this to me. I am technically proficient but have never delved into this area before and do not want to become a nusiance. I hope to not have to come to you all for every little question but need to get this straight so I can move forward. Yes, my gateway's wi-fi settings will allow me to enter bridge mode. The only things hardwired to it's router are my home theater components (TV, dvd player, Fire TV, Apple TV, Av receiver and my Iris hub) I am thinking that the home theater components would remain as is along with my guest wi-fi network. The VPN would support my Habitat hub plus my personal wi-fi devices (phone, iPad, computers) This article says that I can access my home network with a commercial VPN service, thus confusing me further Is this complicated by the gateway thing and is it exacerbated by using bridge mode - will I have access to my Hubitat on the bridged side of my Motorola gateway using either a Raspberry Pi or the Linksys?) I'll try to make this my last post on this matter (hopefully I will get through making whatever I choose to do work with only help from search engines.

Have you looked into or considered a vpn such as Teamviewer. I use it as a means of accessing my system from outside. It can be downloaded and used as personal without any cost. It is extremely secure and all is needed is a copy of it on the computer that has HE and a copy of it on the computer you are using that goes with you. With this vpn you can access anything on the computer that has teamviewer on it no matter what it is. Hope this will help.

razoring. Does Teamviewer load on the hub as an app or do I still need something like a Raspberry Pi? Now I'm going to go to the post office and pick up my hub, I have the very first C5 and they got it to me incredibly quickly . The support from both the Hubitat team and this community has been incredible. Thank you!

1 Like

Teamviewer is software that goes on the computer that the HE hub is connected to. The same software goes on your travel computer. Teamviewer on the HE computer would be configured as the computer to be accessed (you will see the choice when you load the software) and the laptop or what you take with you will be have the software loaded as the control, also easy to select when you load teamviewer on your travel computer. You then can configure each one (tutorial on Teamviewer website). After each computer is configured you can access the home computer merely by opening the software on your travel computer and tell it to connect. No changes to your modem are necessary.

I tried many VPN servers before and I find OpenVPN is the easiest to config and compatible with other devices but if a VPN server is not something you want to play around then there's teamview mention by @razorwing or zerotier which is a cloud VPN server with free account for home user. Super easy to config.
I am using an old Asus router with OpenVPN.

PiVPN is ok, for sure, but the Asus router option is a really good one.
I use a Linksys router flashed with DD-WRT and my router has built in VPN server capability that I use and have actually written a guide ofr on the DD-WRT forums that many people have used to get their DD-WRT routers set up with VPN server capability.

YOU do not need to go through all of that with the newer Asus routers as they make it really easy.

You could get an Asus router and run it in WAP (wireless access point) mode while taking advantage of the baked in VPN server, and have the added benefit of increasing your wireless footprint/capabilities. Doing/setting it up this way, you would not have to reconfigure the rest of your network at home. Just place the Asus router behind the gateway and call it a day.

If you do go the PiVPN route, make sure you get one of the newer Pi-3's and not one of the older slower versions.

With any VPN server, there is a learning curve and you are just going to have to dive in and embrace it. Once you get it though, you will be happy you have your own server because you can generate new keys for security purposes at will, and you will have access to your entire network from outside your LAN in the process.

If you currently don’t use a router than the suggestions for a newer router that supports VPN makes sense. BUT if you have a secure router with policies that you configured than going down a Pi route with OpebVPN is the way to go. Easy and gives you what your looking for when traveling. When traveling for work I VPN into my home which is secured and route the majority of my insecure data that route. Great solution that is free and works across almost all client platforms.

1 Like

If you can place your ISP provided gateway into Bridge mode, it should essentially disable the internal DHCP server, WiFi, Guest Network, etc... It will basically just become a simple cable/dsl modem. The new Router you attach behind it will need to take over all home network responsibilities, including being the one and only DHCP server for the entire house, the only NAT router device for the house, the Primary WiFi for the house, etc... Your router's WAN port will simply be assigned a WAN IP Address that can then be used by external devices (like your cell phone or laptop) to connect to the router's OpenVPN server.

If you go back and re-read that article, I am not sure they say that you can access your home network using a commercial VPN service... I believe what they are trying to explain is that most people want to use a VPN service for increased security and the ability to "geolocate" your apparent location to somewhere in your home country (i.e. you want to watch Netflix while out of your home country.)

You can easily use a commercial VPN to accomplish the above goals, which is pretty much 100% what the article you linked to is all about.

What the commercial offering will not let you do is access you own home network while on the road, which is what you're really wanting to do. By running a VPN server from your home, you can achieve many of the benefits of a commercial VPN AND be able to access your home network. Be aware, however, that all of your traffic while VPN'd to a home VPN server will appear to be coming from your house, and your VPN clients are limited by your home's ISP upload speed. If you have nothing to hide, then the privacy concern is moot. But if you are expecting a home VPN to provide anonymity online, that is not going to happen.

Hi can you please point me to your guide on the DD-WRT forum for your guide on VPN server?

1 Like

Wow! I'm resurrecting a 2+ year old thread. But that just shows how little interest there is in ZeroTier for Hubitat, which in turn, must mean it's not going to work. But, I'll ask anyway.

I have a PiVPN which, for reasons too arcane for me to detail here, does not work when I travel internationally. ZeroTier works well for me, from anywhere, to access my home PC and router (anything that can load the ZeroTier app). But I see no way to load ZeroTier into Hubitat. Is there a way to make it work?