Hi everyone
So, that’s a 2 in 1 post. First a more general question then looking for advice for a friend.
-
What is your preferred way to access HA from outside (and why)?
-
a friend of mine use duckdns and I often read (recently) that some people are having issue with it. Is wireguard a better way or another solution that is not too techy to deal with?
Very different solutions.
Wireguard all the way. Exposing just a VPN endpoint that can’t be connected to without the right cryptographic keys is a much more secure and maintainable attack surface.
BTW I assume that’s what you meant by “DuckDNS”. Using that service is orthogonal to making HA visible externally, but is (I think) the common pairing.
Thanks, wireguard sound much better then for just accessing HA, wonder why is duckdns so popular then
Because DuckDNS means you don’t have to buy your own domain. I don’t know their product offerings; they might offer VPN services, like Mullvad.
Wireguard doesn’t provide you with a DNS entry. Without a domain name, you’ll have to always either edit your hosts file on every computer you use, or access your services via IP (
https://65.147.69.34:8080/
), whether or not you have Wireguard. DuckDNS lets you createhttp://pafha.duck.dns
(or whatever). Using subdomains also helps with reverse proxying, because routing rules are usually configured by host name. For example, your proxy server can route pafha.duck.dns requests to port 8124, which is where your Home Assistant is listening; while pafmympd.duck.dns proxies to port 8091 which is where your MyMPD server is listening. If you own your own domain, you don’t need DuckDNS. If you don’t, it’s very useful.Wireguard gives you a VPN. It’s for creating encrypted subnetworks. Security, and privacy. It doesn’t solve the DNS problem.
@paf @wewbull maybe also have a look at Tailscale
Will check that, thanks
@paf @wewbull In fact, even if you’re using Wireguard you’d likely need DuckDNS (or a real domain with something like Cloudflare) to point your wireguard clients to. All DuckDNS does is associate a domain name with your external IP. You could just use the IP directly but your ISP likely doesn’t assign you a static IP so it’ll change randomly, so you run a script that updates your IP with DuckDNS.
I have same ISP than my friend and it gives option to keep static ip so it’s not a problem but thanks for pointing it