The android app will not connect to my instance of openhab when:
I am away from home
I am using VPN to connect to my home
When i use my VPN connection, i can access everything behind my router via the local IP address, except openhab. I see the app saying “trying to connect to the REMOTE address”.
Unsure why it tries remote when I am using VPN.
If i change the REMOTE address in openhab to a local IP address and not the DNS of my router, it works.
Because your VPN network is a separate network that gets bridged to your LAN. At least hat is the case for the typical VPN configuration.
For example, a typical LAN might be on 192.168.1.0/24 and the VPN will be on 10.0.0.0/24. So from openHAB and Habdroid’s perspective when you are connected through the VPN, you are on another subnet and therefore it needs to use the REMOTE connection.
I’m guessing based on your described behavior it bases the decision to use REMOTE verses LOCAL based on your phone’s subnet, not on whether or not it can find openHAB locally.
Thanks for the reply Rich. I appreciate it!
When i VPN in…(my ddwrt setup has VPN on the router), i get assigned a local IP address(based on the routers LAN info); i can see my phone connected as a local IP address.
With that being said, the phone still had a public IP; so I’m guessing that there is no way OpenHab would be able to determine that I am on a VPN…based on what I see on the phone…which is a public Cellular IP.
I thought HABDroid also looks at the Connection Status of the Phone. When the phone has no wifi Connection the app defaults to using the remote address. Only when the phone is on Wifi does it start with the Local Address before moving to the remote. This is how it works the iOS App and before when I used HABDroid on my Nexus 5.
Sounds like you don’t have remote access configured on the App or the on the openHAB install.
If you want to use OpenHAB remotely you need to setup Myopenhab, do port forwarding or configure some loop backs on your network and using a DNS name to reference the OpenHAB install vs just an IP.
You wouldn’t happen to have a link to instructions for setting up openVPN on DD-WRT in that way would you? I’ve recently had to wipe out my router config and start over and can’t remember how I set mine up originally. But even way back when I set it up and all the tutorials and docs I am finding now have the VPN on a separate subnet with an IPTABLES rule to bridge between the openVPN LAN and the LAN.
The new Releases of DD-WRT had a check box for push Local Subnet to remote client and that would do it. The old way was either thru a change in the client and server configuration files or doing a IPtable rule
Enable Client to Client.
Redirect default Gateway
Use TAP because you want bridged not routed.
I use the much less secure PPTP in DDWRT.
One day I’d like to get OpenVPN working; though i’ve heard it works very slowly.
I don’t point the app to the openhab cloud; i point the app to my openhab instance. Which is why i used VPN; so i could point to my server in my house.
But what you said makes sense; the app sees no wifi, and tries remote connection.
I put my local ip in the remote box and it works.
Its just kinda clunky that way.
I used to have the remote URL set to :port of openhab and forwarded the port on my router
However Openhab 2 lost the login ability, so i closed the port and now use VPN to VPN in first, then open the app…hence why i had the DNS in there previously.
Oh, well that won’t work for me then. I need the VPN for my Android devices as well and non-rooted Android can’t support TAP. Got my hopes up for nothing.
Not All hope is lost I believe you can still use TUN but then you need to setup the routes using IPTables rules. I apologize because I’ve both moved off of Android and DD-WRT and use iOS and pFSense now. So I’m very hazy on the setup off DD-WRT and OpenVPN.
pFsense has all the required settings in the GUI.
Are you sure that Openhab2 lost that ability? I don’t see that it lost default authentication and remote connection ability that OH1 had in any documentation on OH2.
Built in authentication on OH 2 has not yet been implemented. The current recommendation is to use an nginx reverse proxy. Instructions are here:
I would like to add to this thread. I also use a VPN to connect to my home network from my phone. I’m not always running it as I have it configured to route all traffic from my phone through my home so I can have secure internet anywhere anytime I want.
What I did in the app was just simply set the remote URL the same as the regular URL which is the local IP:port of my openhab server. The app automatically connects via the remote url when away w/vpn connected and the regular url when at home on wifi w/vpn disconnected. If I’m at home with the vpn connected, it uses the remote.
FYI, I’m running PFSense firewall/router at home with OpenVPN Server.
Nice approach. Would you be willing to write up a tutorial in Examples and Tutorials showing how you set this up? I’d leave out the setting up of OpenVPN and just focus on how you set up the phone apps. I know it will be short but as a separate posting, more people are likely to find it.
Another approach I’ve been using mainly to access my Calibre server when I’m not home but would work with OH as well is SSH tunnels. I use JuiceSSH on my android which can set up SSH tunnels. I just tunnel to my OH server and port and configure the app to use localhost:8080 for the remote URL. It works great too, though you have to bring up the tunnel first which is an extra manual step that can be a pain (thank goodness for Tasker ).
And don’t worry, I plan on writing mine up as a tutorial as well.
Nice. I’ll make a post. I also have JuiceSSH on my phone, though I haven’t reconfigured it since I got a new phone. The app just auto-downloaded on my phone.
You may need to pay for it to get the SSH forwarding, I can’t remember. But I can say it works great to get access to some servers remotely when you don’t have or don’t want a full VPN or don’t want to interupt your current traffic.
BTW, I have never been able to get the routing of all my phone traffic through the VPN to work. If you don’t include that part in your writeup, drop me a line with a hint on how you did it. I’m going to set of pfsense soon (this weekend if all goes according to plan) so will be good to go.