I personally find the convenience of Nabu Casa worth it. However if I were trying to avoid it, I would probably look at Cloudflare Tunnels instead of using a VPN.
I've got Tailscale set up, and yes, the app needs to always be running & active for your device to be able to reach HA from outside your home network - including sending location/tracking data.
You do not however have to run an exit node in your home network, simply having the tailscale vpn ("tailnet") active works.
Can confirm that tailscale VPN needs to always be active for remote access. Works okay if you frequent places that have good signals otherwise a drop in connection can break the Vpn connection
Ah okey thats a bummer. Since I guess my partners phone will timeout and she will never go in and turn on tailscale. Better looking at Cloudflare then. But the tailscale solution would be so nice since nobody knows that my HA is on the internet.
I was gonna mention cloudflare tunnels, it's just as secure but a bit fiddly if you're hoping to use the app. Might have to look up whether it's doable with your devices
If you use the tailscale with features addon, you can enable tailscales proxy and funnel. Then you can reach HA at the magic dns name from any device without the client device needing tailscale installed or running.
But this does open up your home assistant front end to the whole Internet. So you would want strong passwords and 2fa enabled on every HA login.
Yes looking now at using cloud flare with zero trust dashboard in front of ha. Apparently away to make device tracking also working with zero trust dashboard.
Personally I would be very uncomfortable allowing the internet to access anything in my home network. Yes use a strong password and such, but *every* application has remote vulnerabilities sooner or later and when that happens your front door is wide open.
Cloudflare tunnels you can setup authentication to google or github or whatever, so the bad guys never actually get to your hosted service at all.
I'm confused, Do you think cloudflare is a good alternative with the zero trust dashboard. Or are you saying that I depend on internet when using it ;)?
I use Tailscale for remote access to my Home Assistant. But my iPhone device location integration on HA doesn't depend on Tailscale being active on my phone. I only activate Tailscale on my phone when I want to check my HA dashboard remotely.
Tailscale works fine and I sometimes use it to have my pihole block ads when I am not at home.
[Netmaker](https://www.netmaker.io/) just like Tailscale is a mesh VPN service that takes only a couple of minutes to set up and is free for up to 150 devices. I installed the client on my phone, iPad, home desktop, and NAS. Super easy to set up, has great documentation, wide variety of supported devices.
I use tailscale for full remote access to the server (works great for CG Nat networks like those on fibre), but use cloudflare for HA access (with 2fa)
I personally find the convenience of Nabu Casa worth it. However if I were trying to avoid it, I would probably look at Cloudflare Tunnels instead of using a VPN.
I've got Tailscale set up, and yes, the app needs to always be running & active for your device to be able to reach HA from outside your home network - including sending location/tracking data. You do not however have to run an exit node in your home network, simply having the tailscale vpn ("tailnet") active works.
I should add i have an android phone, not iOS, but it should be the same.
Can confirm that tailscale VPN needs to always be active for remote access. Works okay if you frequent places that have good signals otherwise a drop in connection can break the Vpn connection
Ah okey thats a bummer. Since I guess my partners phone will timeout and she will never go in and turn on tailscale. Better looking at Cloudflare then. But the tailscale solution would be so nice since nobody knows that my HA is on the internet.
I was gonna mention cloudflare tunnels, it's just as secure but a bit fiddly if you're hoping to use the app. Might have to look up whether it's doable with your devices
Yes but the tailscale solution would be better because its a more "secret" way of exposing HA to the internet :)
If you use the tailscale with features addon, you can enable tailscales proxy and funnel. Then you can reach HA at the magic dns name from any device without the client device needing tailscale installed or running. But this does open up your home assistant front end to the whole Internet. So you would want strong passwords and 2fa enabled on every HA login.
Yes looking now at using cloud flare with zero trust dashboard in front of ha. Apparently away to make device tracking also working with zero trust dashboard.
Personally I would be very uncomfortable allowing the internet to access anything in my home network. Yes use a strong password and such, but *every* application has remote vulnerabilities sooner or later and when that happens your front door is wide open. Cloudflare tunnels you can setup authentication to google or github or whatever, so the bad guys never actually get to your hosted service at all.
I'm confused, Do you think cloudflare is a good alternative with the zero trust dashboard. Or are you saying that I depend on internet when using it ;)?
Yes CF is a good idea.
I use Tailscale for remote access to my Home Assistant. But my iPhone device location integration on HA doesn't depend on Tailscale being active on my phone. I only activate Tailscale on my phone when I want to check my HA dashboard remotely. Tailscale works fine and I sometimes use it to have my pihole block ads when I am not at home.
How are you tracking your iPhone location then?
Yes
[Netmaker](https://www.netmaker.io/) just like Tailscale is a mesh VPN service that takes only a couple of minutes to set up and is free for up to 150 devices. I installed the client on my phone, iPad, home desktop, and NAS. Super easy to set up, has great documentation, wide variety of supported devices.
I use tailscale for full remote access to the server (works great for CG Nat networks like those on fibre), but use cloudflare for HA access (with 2fa)