VPN for Remote Hubitat Management

I hope this is a good place for this question, and I believe it differs slightly from other similar questions:

I work in the US and have no control over the router/modem combo at my office/"hotel".

My house is in Canada, and this is where my Hubitat lives. This router/modem combo I "DO" have control over, but it's garbage, and has no VPN capabilities. It cannot be replaced either.

When I have downtime at work, I'd like to program the my Hubitat hub, but since nothing in the chain can do VPN, I'm kindof hooped with the easy solution of simply enabling it on my home router.

I know I could use piVPN, but I have not much faith in the reliability of that. I do have an rPI somewhere, but it's a 2b? I'd be curious if the hardware is capable.

Does anyone have a recommendation of a legit piece of VPN hardware for the budget minded? Something I can forward the various ports to via my router, then I can access using OpenVPN installed on my laptop or something. I saw the GL.iNet devices, and they seem pretty slick, cost less than an rPI, but haven't seen anyone on here mention them despite the fact they seem perfect. They even do S2S, if I wanted to eliminate the software component.

Screen connect has a free account that will let you pin 3 computers...pin your desktop and log in from wherever..

1 Like

I have been running piVPN on a RPi 3B+ for a few years and it has been very reliable. piVPN will also run on a 2b.

How to turn your Raspberry Pi into a VPN server using Pi VPN.

2 Likes

The issue with this is leaving a random PC running 24/7 at my house. Now, while I actually do that currently, project "get the house idle usage under 100w" is complete minus eliminating the server. I want a dedicated device.

I have deployed a few hundred rPIs for various reasons. Admittedly, a lot of them were the originals, but I didn't have great success with reliability.

I have a 2b (again, IIRC) that was a web/FTP server until the SD card just kindof socket creeped itself out of the connector and goofed up the file system. I zip tied it back into place, and it's probably in the 7 months of uptime range, but it's also basically doing no work (I get like 50hits/month on the website, and maybe 1-2TB/month on the FTP). I could try and pile a VPN server on there as well; maybe I'll do that tomorrow and see what happens.

i use the vpn n dd=wrt in one used netgear 8500 and one asus rt-ac5300

I also have an open vpn in 2 qnap nas's but those cost quite a bit more.

Not really the answer you're looking for, but I also cannot configure a VPN on my modem. I have a rPI at home. On my modem I've redirected port 3389 to the rPI. I now connect with RDP to the rPI and configure my HE on the webinterface of the rPI.

1 Like

I have an Open VPN server running on my Synology DS413 NAS which works brilliantly for me logging onto my hubitat, as well as for checking the video feed on my Hikvision security cameras. Oh, and 6Tb of storage....

The datasheet has the power consumption as 35W, but down as low as 3.5W when hibernating. I believe that accessing the VPN brings the unit out of hibernation.

Running a vpn server on a pi is very reliable and quite easy. I had pivpn for years and recently switch to wireguard on pi. I use this for Hubitat and my home cameras.

2 Likes

Your issue is possibly a udp/tcp issue, or a "uses another port for a second" issue. It's also possible your isp blocks that port.

I can highly recommend the firewalla devices. I have 2, one at home and one in the summer house and have a tunnel between them. But you can have one and us openvpn to connect. Great devices. https://firewalla.com/

2 Likes

I'm using Wireguard on my home modem for VPN, and the speed of it is impressive...feels like I'm at home, I don't perceive any lag.

2 Likes

I can highly recommend the firewalla devices. I have 2, one at home and one in the summer house and have a tunnel between them. But you can have one and us openvpn to connect. Great devices. https://firewalla.com/

This is 100% the type of device I was hoping for! Wayyyy too expensive, but absolutely perfect. I think I'm going to give the rPI a go and when it doesn't perform anywhere near as good as everyone else claims it will (honestly, people have such low standards for acceptable performance), I'll buy "real" hardware, and I've added Firewalla to the list.

Thank you!

1 Like

I second (or uh, third) Wireguard... it works really well and is fast. I've also used OpenVPN and thats good too. I think WG is faster more streamlined.

Sometimes I'll go through the day completely forgetting the WG on my phone has been active.

3 Likes

Let me "fourth" WireGuard. I switched to it from OpenVPN several months ago (maybe at the start of the pandemic shutdown) based on Eric's (@erktrek) recommendation.

In the last couple months (thankfully over now), I've had to use it a lot on mobile devices, and can confirm that it is much faster than OpenVPN. Even more impressive, it recovers from network changes seamlessly - I've not had a single dropped ssh session or an NFS stale file error.

With OpenVPN, about half the time a change in network would result in a dropped ssh session. This was even worse when I used UDP as the transport for OpenVPN.

2 Likes

^^^^ This!

Same has happened to me - the "Oh, I didn't even notice, I'm on my Wireguard VPN!" experience. :smiley:

2 Likes

I leave mine on all the time by design. I use OwnTracks with a self-hosted MQTT server for location services; this means I don't have to expose my MQTT server via port-forwarding.

1 Like

I also leave mine on because I have pinhole on the same Pi and like to filter my browsing outside my house as well.

2 Likes

Wow! I'm not loopy alone after all :joy:

2 Likes

I guess I'll look into installing Wireguard to an rpi. Can't install it to my garbage ISP provided hardware, as i mentioned, but this could work.

I found a 2nd RPI in a pile of stuff I was going to throw away. I'm gonna set one up as piVPN, and the other with Wireguard (if I can figure it out). I'll have the GF swap them if one doesn't work.

3 Likes