Inbound (remote) Access

We’ve successfully implemented resilient, redundant, and reliable outbound Internet access and set up a Speedfusion tunnel to our virtual Fusionhub appliance hosted by Vultr. One of the key reasons to do so is that it will enable us to access Beastie’s network from anywhere. So, let’s get to work.

Accessing Home Assistant Server

With Speedfusion VPN set up on a Fusionhub with static IP address, getting access to Home Assistant and the underlying server becomes very straightforward. Log in to Fusionhub and navigate to Advanced->Port Forwarding. Set up the following services:

The server IP address is the local IP address of the server hosting Home Assistant.

‘SSH’ allows us to connect to the Home Assistant’s command line interface from anywhere. Because we use Home Assistant OS, SSH using port 22 doesn’t actually give you root access; it gives you access to the Home Assistant container. For true root access to the underlying OS, SSH using port 2222.

The ‘Home Assistant’ service gives you access to the UI from any web. browser (visit: http://YOUR_PUBLIC_IP:8123) or from the Home Assistant mobile app (add the same URL to your app settings under External URL)

Accessing Beastie’s Local Network

The above set up will cover most common use cases for accessing Beastie’s systems from anywhere. However, there are instances where we want more, especially if we’re coding new features remotely and want to test them out. We’d love to be able to remotely update ESPHome on any of our smart devices. We also want to run MQTT Explorer to understand how the traffic is flowing across the network.

In order to do so, we have to set up a VPN connection from our client computer to Fusionhub and implement a static route that will direct all inbound traffic over the Speedfusion link to Beastie’s local network.

Setting up OpenVPN connection to Fusionhub

Log in to Fusionhub and navigate to Advanced->Remote User Access. Enable Remote User Access Settings and complete as follows:

Select your public IP as the incoming WAN address, and create a username and password. Then follow the link to download the OpenVPN client profile to any device you want access from. We have the OpenVPN client profile installed on our Macbook, Mac server, iPad, and iPhone. This give us the flexibility to log in to our systems from pretty much any device we carry with us.

On your client device, install the OpenVPN app, import the client profile, log in with username and password you defined above, and you’re in business. We initially had issues getting this to work on iOS. Rebooting solved the problem.

Implementing Static Route

The last step is to implement a static route that will direct all traffic coming into Fusionhub to the local network inside Beastie. On Fusionhub, go to Network->Static Route and create a new static route as follows:

The gateway address is the address of your local Peplink router.

Testing everything out

Without OpenVPN active, you can access the Home Assistant UI at http://YOUR_PUBLIC_IP:8123 or through the app. You can SSH from any computer into your Home Assistant server.

With OpenVPN active, you can access Home Assistant UI from its local IP address, you can run MQTT Explorer, and you can ping any of your smart devices by using their local IP address. You can even update the ESPHome software remotely as discussed here.

Leave a Reply

Your email address will not be published. Required fields are marked *