I think the VPN is ok with me. The problem is with the cellular internet there is no way to access the VPN server as one does not have the address. Cellular uses some sort of public IP to a Private IP on the modem.
Excuse my ignorance on this type of setup, but couldn't you just connect your VPN client to the public ip of the modem? That is of course, assuming you could have some sort of port forwarding option available on the modem (or at least a bridge option that could pass the functionality over to a router on your internal network).
1 Like
Unfortunately that doesnât work. To start with when you check what your IP address is it gives you the private one. Cause that is the one the network sees. And there is no easy way to get the public one. I did quite a lot of research on this and apparently the only option is paying for a fixed ip which is too expensive.
No-IP
Signup for a free account:
Itâs not the dynamic dns thatâs the issue. I have a no-ip account that I used with my dsl. The address that you get from myip or checkip, etc is the public ip which doesnât translate or feed to the private ip. I donât really understand it but if you research cellular assigned ip addresses you can see what I mean.
Out of curiosity, who is your cellular provider?
I ask because for a while (while using Wink + Stringify) I had backup internet service via a Project Fi data SIM (now called Google Fi), and I was able to VPN into my house.
I donât contract directly with a cell phone company. There are several places that offer unlimited, no throttled internet via cell service. I ended up using one called Infinitekind. Living where we do our options are limited.theres slow dsl. Expensive satellite. And thatâs it. The service is working great. I get fast speeds and so far no downtime. Beat the heck out of my dsl. The only drawback is this remote access issue which I wasnât aware of prior to signing up.
1 Like
I briefly tried T-Mobile Home Internet, a service that sounds similar to what the OP is mentioning, and ran into the same issues as them. I wasn't able to make anything work--there was something like double-NATting (might not be the exact best way to describe this...) on their side, leaving me with little I could do, at least in the IPv4 space, though I did try my IPv6 as well with no luck. Port forwarding, DMZing, and anything else I tried failed to work, though I think T-Mo might have some added issues in that it's not clear if all of these settings actually work in their modem configuration even though it looks like they should (the documentation says "not supported," but it isn't clear if it means that it won't work or that they won't help you if it doesn't--but I guess I'm out of luck either way) .
So, still using DSL here. The 12 Mbps down isn't that bad when you remember how dial-up was as a kid... 
4 Likes
My dsl was 8 at most. Which was ok, but just ok. The upload speed was almost non existent. Whenever I had to upload a large file..... it would take hours.
You need to do a reverse VPN where the connection originates from inside your network.
Or you can use a Tunnel...
Webhook relay is what i like or you can use ngrok or you can setup your own Cloud instance and tunnel to that or setup a VPN access point and do lots more with it.
1 Like
Yeah, that's why... but my point is HE's #1 and #2 competitor have this feature.
Not to be rude, but you don't see a difference between me being willing to pay HE a (small) monthly fee and paying a maintenance agreement with a network engineer to manage a VPN for me? Those are two very, very, different things!
He clearly knows how to do this since he said he was doing a VPN before. Generally, when someone comes in and asks "can I do XYZ with HE?" they get told "yeah, just go and setup a different piece of hardware running different software and boom you're good to go!!!" Well then that means no I CAN'T do it with HE. Hence why he posted this as a feature request. He's suggesting a feature suggestion for something that he (and I, and others) think would make HE better. It's nice to offer alternatives, but it doesn't negate the value of the suggestion.
(Not directed at you) This is the only community I've been a part of where when someone submits a suggestion to enhance the platform that the community responds "Dear God please no! Instead we should jump through hoops to do it and install competing products like Home Assistant and Node Red and Homebridge! Please don't add this directly to the platform!" That's just weird to me... Anytime someone responds to me "Install Node Red, install an rpi, setup Home Assistant" what I think to myself is "If I get hit by a bus tomorrow my wife has to go and pay someone to remove all of that because she'll never figure out how to maintain it if I die tomorrow."
FYI - I have all the technical expertise to setup a VPN. However, my ISP will not let me run a VPN unless I have a business plan. That will tack $99 onto my current monthly Internet bill. For me personally I didn't use remote management of ST frequently, but I'm not paying $1,200/yr to my ISP to enable VPN access for something I had for free back in the day when I had ST. If it were free/cheap I'd use it, but no, I'm not setting up a VPN for it.
3 Likes
Yep, and everyone who's getting tired of hearing this absurdity, raise their hands. 
4 Likes
I would also like to add my dissent for having this service capability in my HE. I do not take kindly to devices opening up internal network access to the outside world. If I want something like that (which I have), I will specifically create it myself, in a known secure manner. I even specifically implemented certain designs to my pool automation so that the pool equipment would not open up this access.
There are many ways to design and implement this without adding it to HE, that offer way more functionality and security than could be done with HE. These other ways may require some to implement something creative or more expensive, due to their situation, but that should fall on them and not expose the rest of us to possible security concerns.
But you having the ability to disable this wouldnât sufficiently make you ok with it existing? Any time people ask for new features, I donât think there is an expectation that you would be forced to use this.
Not everyone has the expertise or desire to âcreate it themselves.â
2 Likes
When it comes to remote access, I would prefer it not to exist than to exist and have an "off" button. 
Many other things I'm OK with being options, but remote access isn't one of them. Just my opinion.
That doesn't mean I would stop using the product if it were there, but I would vote against it being there at all if I had a vote.
1 Like
Sure but there are ways around that. It could be a separate module that someone has to install (think like an app/driver). Maybe the code doesnât even come with the hub. Could be a separate download and fee. For me, as a former product manager, I always like to try to think of what are concerns and how do we get through them as opposed to just thinking in terms of âno way.â So in that case, if your hub didnât even have the java code on it to allow remote access but mine did. Wouldnât that remove your concerns?
2 Likes
I could agree with that. Make it separate and a purposeful/cognitive act to install/activate versus it "being there" and then the "what if" question goes away.
4 Likes
I'm beginning to be sorry I even made the request. I would like to have it. Others wouldn't.
Remote dashboards are in a way remote access. You can turn those off. Remote access to the hub would be the same thing.
Think of this scenario. Suppose someone hacked your remote dashboard access. Then started playing around with your lights, alarms, etc. that you have dashboard control for. And you are out of town and have no way to stop it.
But end of subject for me.
1 Like
I think the issue is in the term "Remote Access". To me that means full network access aka VPN or full access to the hub which makes it a security concern. If on the other hand it's a "Remote Admin" capability which would be more like a tunnel service from the hub to HE cloud to provide a secure web access only to HE then that changes the "tone" of the conversation.
As noted the dashboard is already presented and available from the cloud link and that is accessing the hub directly so if you are using that feature then the security implications are already exposed so extending that to provide a method to access the admin page would be possible just likely not acceptable by many and would need a way to disable/remove. So making it an "add-on" I think would be very appropriate.
2 Likes
