ogiewon. So it seems that I will have to go the Pi route. I have read into it and guess I'll start ordering hardware.
aaron. i don't know if the instructions you have are the ones I've seen in other threads but I'd love to see what you have. Thanks!
I actually use my Asus RT-AC86 router as my VPN server (built-in functionality). Your configuration with the Motorola Gatway complicates this design.
ogiwon. More confusion. Your VPN must connect to the internet somehow. How do you do that if not through and ISP?
I connect through a cable modem. That cable modem does not behave as a router whatsoever. If your ISP provided solution is a router for your house, you have to be careful when adding another router behind it. Home routers use a technology called NAT (Network Address Translation) which works great when there is only one NAT device on your network. If you place a second NAT Router, behind an existing NAT router, things get complicated very quickly.
If you can place your Motorola Gateway into what is known as Bridge Mode, instead of NAT Router Mode, then you could use my design very easily. However, it will mean your entire home network will go through a bit of upheaval in the process.
If home networking is not something that you have a strong understanding of, I would recommend against adding a router behind another router. It can be done, but it is not for the networking novice.
Using a Raspberry Pi as a VPN Server is a decent option. You will still have to deal with some networking challenges as you will have to forward ports on the Motorola Gateway to your RPi. You will also probably need a Dynamic DNS solution. Many users have successfully set up a Pi as a VPN server using the following solution - http://www.pivpn.io/
1 Like
The post below was particularly helpful when I initially setup my Raspberry Pi. I felt like setting this up might be a bit beyond my skillset but this video made me comfortable that I could get this done. Watch the whole video to see if it feels like something worth attempting.
1 Like
ogiewon. First of all thank you for taking the time to explain this to me. I am technically proficient but have never delved into this area before and do not want to become a nusiance. I hope to not have to come to you all for every little question but need to get this straight so I can move forward. Yes, my gateway's wi-fi settings will allow me to enter bridge mode. The only things hardwired to it's router are my home theater components (TV, dvd player, Fire TV, Apple TV, Av receiver and my Iris hub) I am thinking that the home theater components would remain as is along with my guest wi-fi network. The VPN would support my Habitat hub plus my personal wi-fi devices (phone, iPad, computers) This article says that I can access my home network with a commercial VPN service, thus confusing me further https://www.howtogeek.com/221001/how-to-set-up-your-own-home-vpn-server/ Is this complicated by the gateway thing and is it exacerbated by using bridge mode - will I have access to my Hubitat on the bridged side of my Motorola gateway using either a Raspberry Pi or the Linksys?) I'll try to make this my last post on this matter (hopefully I will get through making whatever I choose to do work with only help from search engines.
Have you looked into or considered a vpn such as Teamviewer. I use it as a means of accessing my system from outside. It can be downloaded and used as personal without any cost. It is extremely secure and all is needed is a copy of it on the computer that has HE and a copy of it on the computer you are using that goes with you. With this vpn you can access anything on the computer that has teamviewer on it no matter what it is. Hope this will help.
razoring. Does Teamviewer load on the hub as an app or do I still need something like a Raspberry Pi? Now I'm going to go to the post office and pick up my hub, I have the very first C5 and they got it to me incredibly quickly . The support from both the Hubitat team and this community has been incredible. Thank you!
1 Like
Teamviewer is software that goes on the computer that the HE hub is connected to. The same software goes on your travel computer. Teamviewer on the HE computer would be configured as the computer to be accessed (you will see the choice when you load the software) and the laptop or what you take with you will be have the software loaded as the control, also easy to select when you load teamviewer on your travel computer. You then can configure each one (tutorial on Teamviewer website). After each computer is configured you can access the home computer merely by opening the software on your travel computer and tell it to connect. No changes to your modem are necessary.
I tried many VPN servers before and I find OpenVPN is the easiest to config and compatible with other devices but if a VPN server is not something you want to play around then there's teamview mention by @razorwing or zerotier which is a cloud VPN server with free account for home user. Super easy to config.
I am using an old Asus router with OpenVPN.
PiVPN is ok, for sure, but the Asus router option is a really good one.
I use a Linksys router flashed with DD-WRT and my router has built in VPN server capability that I use and have actually written a guide ofr on the DD-WRT forums that many people have used to get their DD-WRT routers set up with VPN server capability.
YOU do not need to go through all of that with the newer Asus routers as they make it really easy.
You could get an Asus router and run it in WAP (wireless access point) mode while taking advantage of the baked in VPN server, and have the added benefit of increasing your wireless footprint/capabilities. Doing/setting it up this way, you would not have to reconfigure the rest of your network at home. Just place the Asus router behind the gateway and call it a day.
If you do go the PiVPN route, make sure you get one of the newer Pi-3's and not one of the older slower versions.
With any VPN server, there is a learning curve and you are just going to have to dive in and embrace it. Once you get it though, you will be happy you have your own server because you can generate new keys for security purposes at will, and you will have access to your entire network from outside your LAN in the process.
If you currently donβt use a router than the suggestions for a newer router that supports VPN makes sense. BUT if you have a secure router with policies that you configured than going down a Pi route with OpebVPN is the way to go. Easy and gives you what your looking for when traveling. When traveling for work I VPN into my home which is secured and route the majority of my insecure data that route. Great solution that is free and works across almost all client platforms.
1 Like
If you can place your ISP provided gateway into Bridge mode, it should essentially disable the internal DHCP server, WiFi, Guest Network, etc... It will basically just become a simple cable/dsl modem. The new Router you attach behind it will need to take over all home network responsibilities, including being the one and only DHCP server for the entire house, the only NAT router device for the house, the Primary WiFi for the house, etc... Your router's WAN port will simply be assigned a WAN IP Address that can then be used by external devices (like your cell phone or laptop) to connect to the router's OpenVPN server.
If you go back and re-read that article, I am not sure they say that you can access your home network using a commercial VPN service... I believe what they are trying to explain is that most people want to use a VPN service for increased security and the ability to "geolocate" your apparent location to somewhere in your home country (i.e. you want to watch Netflix while out of your home country.)
You can easily use a commercial VPN to accomplish the above goals, which is pretty much 100% what the article you linked to is all about.
What the commercial offering will not let you do is access you own home network while on the road, which is what you're really wanting to do. By running a VPN server from your home, you can achieve many of the benefits of a commercial VPN AND be able to access your home network. Be aware, however, that all of your traffic while VPN'd to a home VPN server will appear to be coming from your house, and your VPN clients are limited by your home's ISP upload speed. If you have nothing to hide, then the privacy concern is moot. But if you are expecting a home VPN to provide anonymity online, that is not going to happen.
Hi can you please point me to your guide on the DD-WRT forum for your guide on VPN server?
1 Like
Wow! I'm resurrecting a 2+ year old thread. But that just shows how little interest there is in ZeroTier for Hubitat, which in turn, must mean it's not going to work. But, I'll ask anyway.
I have a PiVPN which, for reasons too arcane for me to detail here, does not work when I travel internationally. ZeroTier works well for me, from anywhere, to access my home PC and router (anything that can load the ZeroTier app). But I see no way to load ZeroTier into Hubitat. Is there a way to make it work?
If you can access one of your computers thru ZeroTier, then just open a browser on that computer and point it to IP address of Hubitat hub. You shouldn't need to nor can you install ZeroTier on hub.
1 Like
Haven't used Zerotier for years after PiVN but if I remembered correctly. There's a setting on the server side for local access if you don't install the Zerotier app on the device you want to access.
I think I just have a mental block that's preventing me from seeing how this works. I have an always-on PC (e.g. it runs Sonarr on port 8989 and I can reach Sonarr's GUI through ZeroTier) that I can see. Hubitat is on a static local ip. How do I bring up a browser that allows me to enter Hubitat's ip?
I don't see it. Understanding that you are removed from your experience with ZeroTier, do you think that setting is in ZeroTier's control panel or in the instance installed on the remote PC?
Thank you both @Navat604 and @stephen_nutt for resurrecting this old conversation. I think I can get there but it will take an "A HA" moment.
I am not sure how ZeroTier works. I use Wireguard. With Wireguard active on a remote computer, I simply enter the Hubitat Hub's IP address in my browser of remote computer.
I also use Remote Desktop Connection to connect to a home computer remotely and then can use browser on computer sitting at home to access the Hubitat Hub's IP address.
Either option works.
EDIT: I have no idea what Sonarr is.
EDIT 2: I just Google'd Sonarr and it seems like it's software to access files on your home network. Therefore, it won't help to get access to Hubitat Hub. You need to use one of 2 options I mentioned above.
