Remote Access on Smart Home? Sure — But Secure!

Home Assistant Remote Access: Securely Access Your Smart Home from Anywhere

Sun, 31 Aug 2025 00:00:00 +0200

Picture this: you’re relaxing on the beach, the sun is shining, waves are rolling in — and suddenly you wonder: “Did I actually turn off the lights?” In the past, that thought would have left you uneasy for the rest of the day. Today, you simply pick up your phone, check Home Assistant, and see immediately: everything’s fine. The lights are off, the doors are locked, the alarm is armed. Welcome to the world of secure remote access!

But beware: the path to this convenience is paved with security traps that can turn your smart home into an open door for hackers. This video shows you how to balance comfort and security.

To load the video, please click the image. Please note that by doing so, data will be transmitted to YouTube.

What Remote Access Really Means

The Invisible Bridge Between You and Your Home

Remote access to Home Assistant is like an invisible bridge between you and your home. Whether you’re at the office, on vacation, or just out shopping — this digital connection gives you access to all your smart home’s features at any time.

The key difference from local use: your data travels across the internet. That makes things both exciting and risky. The video gives you a clear picture of how the different connection methods work and where the dangers lurk.

Why Your Smart Home Needs Remote Access

A smart home without remote access is like a sports car without a road — technically impressive, but practically useless the moment you leave the house. Home Assistant’s true power only unfolds when you can reach it from anywhere.

Imagine getting a notification about unusual power consumption while you’re at work. Without remote access, you’re in the dark until you get home. With remote access, you can check immediately, identify the problem, and take action — potentially preventing serious damage.

The Four Ways Into Your Smart Home

Option 1: VPN — The Classic Secure Channel

VPN is like an armored tunnel through the wild internet. With solutions like WireGuard, Tailscale, or OpenVPN, you establish an encrypted connection to your home network. For your phone or laptop, it’s as if you were sitting right at home.

The big advantage: maximum security and full control over your data. The downside: setup can get a bit technical. The video walks you through the most important VPN options and helps you find the right one for you.

Option 2: Home Assistant Cloud — Simplicity at a Price

The Home Assistant Cloud from Nabu Casa is the premium option of remote access solutions: comfortable, reliable, and incredibly easy to set up. A few clicks, a monthly fee of around €5, and you’re ready to go.

What makes it special: no port forwarding required, no complex network configuration. Nabu Casa handles everything. At the same time, you’re supporting Home Assistant’s development, since the revenue flows directly back into the project.

Option 3: Reverse Proxy — For the Tech Enthusiasts

A reverse proxy like Cloudflare Tunnel is the solution for those who like to tinker while still wanting professional-grade security. It becomes particularly compelling in combination with Cloudflare Access, an authentication layer that adds an extra line of defense.

This approach offers maximum flexibility and can be run for free. The setup effort, however, should not be underestimated. The video gives you an overview and points you to a detailed Cloudflare tutorial.

The Path to Disaster: Direct Port Forwarding

There is a fourth option — one I’m mentioning only to warn you against it: direct port forwarding without additional protection. That’s like leaving your front door wide open with a sign that says: “Smart home owner lives here!”

Hackers constantly scan the internet for exactly these kinds of open doors. An unprotected open port is an open invitation for attackers. For more on this topic — and how to do it right — check out my separate video on secure port forwarding.

The Most Common Pitfalls and How to Avoid Them

Pitfall 1: Weak Authentication

“123456” or “password” may be easy to remember, but they’re just as easy to crack. When accessing your smart home remotely, a strong, unique password isn’t optional — it’s mandatory.

Even better: enable two-factor authentication (2FA). Even if an attacker gets hold of your password, they can’t get in without the second factor. The video shows you how to enable and properly use 2FA in Home Assistant.

Pitfall 2: Missing Access Restrictions

Not everyone should be able to access your smart home from anywhere. IP allowlists let you limit access to known locations. Role-based permissions ensure that guests can only see what they’re supposed to see.

These techniques are more powerful than they might seem at first. The video walks you through practical examples and explains how to make the most of these security features.

Pitfall 3: Unencrypted Connections

HTTP is like sending a postcard — anyone can read it. HTTPS is like a sealed letter. When accessing your smart home remotely, always use encrypted connections, regardless of which method you choose.

Creative Uses for Your Remote Access

Smart Heating Control

Imagine you’re returning from vacation earlier than planned. Instead of coming home to a cold apartment, you start the heating from the highway. By the time you arrive, it’s comfortably warm — without wasting energy in the meantime.

Smart Doorbell Monitoring

Expecting a package but still at work? With remote access, you’ll see immediately when someone rings the doorbell. You can talk to the delivery driver, tell them where to leave the package, or even unlock the door if you trust them.

Garage Door Timing

This is one of my favorite use cases: you open the garage door from your car while you’re still two streets away. By the time you arrive, the door is already open and you can drive straight in without stopping. A small convenience that meaningfully improves everyday life.

The video shows these use cases in action and gives you ideas for your own creative solutions.

Why You Should Watch the Video

This article gives you a solid overview of remote access options. But the video shows you the practical implementation. You’ll see:

Live demonstrations of the different remote access methods
Step-by-step guides for setup
Security checklists to work through
Real-world examples of creative use cases
Troubleshooting tips for common issues

Particularly valuable are the security notes that are hard to convey in article form. In the video, you’ll see concretely what to watch out for and how to avoid typical beginner mistakes.

The Home Assistant A–Z Series

This video is part of the “Home Assistant A to Z” series — a systematic introduction to all the important aspects of Home Assistant. Each video stands on its own and can be digested in about 5 minutes.

Whether you’re just getting started or already have experience: this series is guaranteed to offer new tips and tricks. Remote access is a particularly important piece of the puzzle, because it transforms your local smart home into a truly flexible system.

Conclusion: Security Before Convenience

Remote access to Home Assistant isn’t a luxury — it’s a necessity for a modern smart home. But as with all powerful tools: with great power comes great responsibility.

The video shows you how to handle that responsibility correctly. You’ll learn not just how remote access works, but how to implement it securely. Because in the end, the best remote access solution is worthless if it turns your home into an open door for attackers.

Note: Links marked with affiliate link are affiliate links. As an Amazon Associate I earn from qualifying purchases. This means I receive a small commission if you purchase through these links — at no extra cost to you. The revenue helps me run this blog and YouTube channel and keep creating content. Thank you for your support!
― Joachim

Remote Access with Cloudflare – Done Right!

Fri, 18 Apr 2025 00:00:00 +0000

Many people set up a Cloudflare Tunnel, see that Home Assistant is reachable from anywhere — and stop right there. The problem: the tunnel is encrypted, but anyone can access it. No login, no access control, nothing. It’s like locking your apartment door while the building’s front door is wide open.

I’ll show you how to do this properly: set up the tunnel, secure access — and at the end, make an honest assessment of what you’re trusting Cloudflare with.

To load the video, please click the image. Please note that by doing so, data will be transmitted to YouTube.

The False Sense of Security Through HTTPS

Many people think: “If I use HTTPS, I’m safe.” But that’s a misconception. SSL encrypts the connection — it does not prevent your Home Assistant from being visible and vulnerable on the internet. That’s exactly what happens when you only set up a tunnel and do nothing else.

Today we go one crucial step further: Cloudflare Tunnel plus access control. If you’ve already set up the tunnel, you can skip ahead to the next section.

Info: The hands-on step-by-step walkthrough is in the video above. You’ll need your own domain to follow along. If you don’t have one yet, I recommend Netcup based in Karlsruhe:

Netcup is a German hosting provider I’ve been a customer of since 2011 — now with nine products (domains, web hosting, vServers and root servers). I’ve been consistently satisfied over all those years. I particularly want to highlight the reliable infrastructure, excellent support, and transparent pricing.

A real standout feature: special offers at Netcup are often permanent. That sets Netcup clearly apart from other providers where the price typically rises after the first year.

If you want to support me and my content, I’d be happy if you book through my referral link: 👉 https://www.netcup.com/de/?ref=21226

I also have vouchers for new customers for various Netcup products. Just reach out — I’m happy to help!

Thank you for your support! It helps me keep creating content for you.

― Joachim

The Weak Spot in Many Cloudflare Setups

Your smart home is now reachable from the internet — and many people stop there, satisfied. But there is one critical problem with this setup: while the tunnel connection is encrypted, anyone can access it.

It’s like locking your apartment door while the front door of the building stands wide open. Today we do better and add an additional layer of protection.

Info: The hands-on step-by-step walkthrough is in the video above.

How Trustworthy Is Cloudflare?

So now, to stay with the analogy, the front door is also securely locked and only someone with keys to both doors can get through. Right? Unfortunately, no. Because there’s one player you may not have on your radar — and that’s Cloudflare itself.

We’ve set up two layers of protection: the authentication in Home Assistant and Cloudflare Access. For a hacker to access your smart home now, they’d need to successfully bypass both security mechanisms — Cloudflare’s and Home Assistant’s. The odds of that are orders of magnitude lower than if the system were just sitting open on the internet. Sounds like a perfect setup? Almost — because there’s one small but important catch.

Cloudflare itself has unencrypted access to everything passing through the connection in this setup. And Cloudflare is a US company, which means it is not subject to the strict data protection regulations that apply here in Europe. You therefore have to place a certain degree of trust in the company behind Cloudflare. If that makes you uncomfortable — what are the alternatives? You could set up your own VPN access with WireGuard or Tailscale — technically a bit more demanding, but privacy-friendly. Or you use Home Assistant Cloud — it’s a paid service, but offers a straightforward and secure solution with considerably more concrete privacy rules than Cloudflare. However, you still have to extend some trust here too, because Nabu Casa — the company behind Home Assistant Cloud — is also a US company and is not bound by EU rules. That said, they do advertise that they don’t log user activity or analyze it for advertising purposes. That may matter to some of you.

My Take

If you use Cloudflare correctly — with Tunnel and Access — you have a free, highly secure solution for remote access to Home Assistant, without opening a single port.

Cloudflare is, however, a US company with unencrypted access to your connection. If that’s not acceptable to you, consider WireGuard, Tailscale, or Home Assistant Cloud instead. More on those coming soon here on “Smart Home? But Secure!”

Why Port Forwarding into Your Smart Home Is So Dangerous

Thu, 10 Apr 2025 00:00:00 +0000

I’ve been diving deep into the topic of remote access to smart home systems lately – and one thing quickly becomes clear: there are now quite a few interesting options available, depending on your security needs, budget, and technical expertise.

Which makes it all the more alarming that many users still simply rely on port forwarding to make their home network services accessible from the internet. Why is that dangerous? Let’s take a closer look.

To load the video, please click the image. Please note that by doing so, data will be transmitted to YouTube.

Hi and welcome! My name is Joachim and this is Smart Home? But Secure! I originally just wanted to put together a video showing you how I’ve been handling secure remote access to Home Assistant for years. But in my research, I realized: there are now quite a few ways to solve the remote access problem elegantly and securely. Yet there are still a large number of users who rely on simple port forwarding (more technically known as port forwarding) to access their smart home systems while on the go. And honestly, that surprised me a bit.

If you’re thinking: “Sure, old news – you don’t need to explain that to me!” – then I’d invite you to subscribe to the channel. I have a feeling this topic has potential for more than one video, and there will definitely be a few more technical deep-dives to come. But if you’re thinking: “Huh? What’s actually the problem with port forwarding?” – then let’s take a closer look right now.

Why Port Forwarding Is So Popular

First of all: it’s understandable why so many users go this route. It’s simple, quick to set up, and generally involves no additional costs. And even the problem of a dynamic IP address can be solved quickly using a dynamic DNS service. But: You have to be aware of what you’re doing: you’re putting your service – for example Home Assistant or OpenHAB – directly onto the internet, exposed exactly the same way it is on your local network.

First Risk: The Protection Layer of Your Home Network Disappears

Even if you’ve set a strong password for your service: your home network itself is an additional layer of protection. In general, far fewer malicious actors are lurking there than on the open internet. With port forwarding, you remove exactly that protective layer. Your service is now directly reachable from the internet – for millions of users, hackers, and other bad actors. And even if you use a secure password and 2FA – nobody can guarantee that a new security vulnerability doesn’t already exist that bypasses authentication entirely. Sure, you can install updates diligently, but those only protect against known and already-patched vulnerabilities. That’s why you should replace that second protective layer – your home network – with something else whenever you want to expose your services on the internet.

Second Risk: Unencrypted Connections

There’s another factor to consider. As soon as your data travels over the internet, it must be encrypted – otherwise anyone can read or manipulate it. Take Home Assistant as an example: the default connection is not encrypted. If you simply open a port to the internet, access is unsecured – just like at home, where that’s usually less of a concern. Of course, you can secure it – for example with a free Let’s Encrypt certificate. But that means additional software and configuration. The “simple” port forwarding quickly turns into a complex software project – and that makes it not only more error-prone but often more insecure as well. A vicious cycle.

My Recommendation

My clear recommendation: don’t use port forwarding to make your smart home accessible from the internet. Even if you don’t have particularly high security requirements, there are better alternatives:

VPN

VPN: If you have a FRITZ!Box or another router that supports it, a VPN can be a great choice. It’s free, significantly more secure, and usually easy to set up. The VPN authentication provides the second protective layer that I believe is so important for internet access.

Home Assistant Cloud

Home Assistant Cloud: The service from the HA team at Nabu Casa is easy to set up and takes care of encryption for you. You don’t have to deal with dynamic DNS either. But: it costs a monthly subscription fee – though at least that money goes to the company developing Home Assistant. The downside is that the second protective layer is still missing – the login screen is directly reachable from the internet, which you’ll quickly notice from “login failed” messages in your Home Assistant log.

Cloudflare

Reverse proxies such as Cloudflare: here you build an encrypted tunnel from your home network to the proxy. There are already many great videos about this from the big smart home channels on YouTube, but I strongly recommend enabling an additional authentication layer on the proxy (called “Access” in Cloudflare) – that gives you your second protective layer here as well. Cloudflare is a US-based provider, which may be a dealbreaker for those with privacy concerns. In my research I haven’t found a comparable European alternative – if you know of one, let me know in the comments!

Twingate

Twingate is a provider that enables zero-trust networking and promises a modern VPN alternative. Setup is surprisingly straightforward, clients are available for all platforms, and access to individual services can be controlled in a very granular way. Even though the service is primarily aimed at businesses, it can be interesting in a smart home context – especially if you want to secure multiple devices or users.

Tailscale

Tailscale takes a different approach: using WireGuard, it builds a private mesh network in which all your devices can reach each other directly – wherever they are. Particularly interesting is the newer Tailscale Funnel feature: it lets you expose a home network service publicly over the internet, including HTTPS and access control. Funnel isn’t available everywhere yet, but it’s a promising approach – especially for technically minded users.

I haven’t taken a closer look at either of these two options (Twingate and Tailscale) myself yet.

What role does remote access play in your smart home setup? Which solution are you using – or which one are you considering? Leave a comment below.

What I Use Personally

I’ve set up my own reverse proxy with the German hosting provider netcup. From my home network I establish an SSH tunnel that exposes only selected services toward the reverse proxy. The proxy itself is responsible for authentication and controls who can access what. I’ve configured it so that a client certificate is required for authentication. That’s how I’ve implemented my second protective layer – without opening any ports. At the same time it’s incredibly convenient, because authentication happens in the background and I don’t need to connect to a VPN or enter additional passwords. It’s certainly not the right solution for everyone – but for technically experienced users, it’s in my opinion a very elegant approach for the level of protection it provides.

Netcup is a German hosting provider I’ve been a customer of since 2011 — now with nine products (domains, web hosting, vServers and root servers). I’ve been consistently satisfied over all those years. I particularly want to highlight the reliable infrastructure, excellent support, and transparent pricing.

A real standout feature: special offers at Netcup are often permanent. That sets Netcup clearly apart from other providers where the price typically rises after the first year.

If you want to support me and my content, I’d be happy if you book through my referral link: 👉 https://www.netcup.com/de/?ref=21226

I also have vouchers for new customers for various Netcup products. Just reach out — I’m happy to help!

Thank you for your support! It helps me keep creating content for you.

― Joachim

What’s Next

In the upcoming videos we’ll take a detailed look at each of these alternatives – so you can find the right solution for your situation.