Selora Homes Selora Homes

Secure Remote Access: Home Assistant (Homeowners)

Permanent remote access to the Home Assistant UI for homeowners when off their local network.

Roadmap Remote-Access Home-Assistant Homeowners

Overview

This feature provides secure, permanent remote access to the Home Assistant user interface for homeowners. It enables users to control their smart home, view dashboards, and receive notifications while away from their local network, without the complexity or security risks of manual port forwarding or VPN configuration.

Problem Statement

Homeowners expect their smart home to be accessible from anywhere. However, achieving this securely is often difficult:

  • Complexity: Setting up dynamic DNS, SSL certificates, and port forwarding is beyond the technical comfort zone of most users.
  • Security Risks: Exposing Home Assistant directly to the internet creates a large attack surface.
  • Connectivity Issues: Carrier-grade NAT (CGNAT) often prevents direct remote access methods.
  • Mobile Experience: Without reliable remote access, the Home Assistant mobile app loses significant functionality (location tracking, notifications, remote control).

Solution

We will implement a zero-configuration secure tunnel that connects the Home Assistant instance to the Selora Cloud.

  • Zero-Config: The tunnel is established automatically upon system provisioning.
  • Secure by Default: No open inbound ports on the user’s router.
  • Mobile App Integration: Fully compatible with The Home Assistant mobile app for iOS and Android.
  • Centralized Auth: Access is protected by Selora’s authentication layer.

Key Benefits

For Homeowners

  • Peace of Mind: Check status (locks, garage doors, cameras) from anywhere.
  • Seamless Mobile Experience: The mobile app works identically whether at home or away.
  • Security: Enterprise-grade protection without needing to be a network engineer.

For Installers

  • Reduced Support Burden: Fewer calls about “why can’t I control my lights from work?” or broken dynamic DNS setups.

Technical Considerations

  • Tunneling Technology: Utilization of secure tunneling (e.g., Cloudflare Tunnel or similar) to bypass NAT/CGNAT.
  • Bandwidth Management: Policies for high-bandwidth consumption (e.g., camera streaming) to ensure platform stability.
  • Authentication: Integration with Selora ID to ensure only authorized users can access the tunnel endpoint.

Dependencies

  • Infrastructure foundation work in Epic #7.
  • Infrastructure (Epic #7): GitLab epic
  • Secure and On-Request Remote Access for Installers (Epic #4): GitLab epic

Last modified November 26, 2025: Merge branch 'docs/roadmap-remote-home-assistant-access-20251126-x9y2z' into 'main' (ea99e14)

View page source - Edit this page