I have a situation where I live in 2 different places and OH is only running in the first place and it controls/monitors the second place either via Alexa smart home devices at the second place OR port forwarding at the second place to specific devices (i.e. Samsung TV, etc.). This setup has been in place for over a year now which is working pretty well.
I need to determine if my Android phone is at the second place via WiFi but the Android phone has NO exposed ports to use the network binding to ping across the internet on. I’ve looked for apps to install to open ports on the android, no luck. I’ve investigate how to ping across the internet but no luck since it uses ICMP which has no ports needed.
I have the same setup with an Apple phone and they have exposed ports to use and it works 95% of the time for presence at the second location.
I’m not interested in setting up another OH instance at the second location. Trying to keep it a very simple setup.
Ideally, install an app on the phone opening a port and then doing a port forward at the second location to determine if the Android phone is there.
It’s a really bad idea to expose anything on your LAN to the Internet through port forwarding. It’s doubly so when talking about internet of things type devices. Do yourself a favor and go to https://www.shodan.io/ and search for your public IP address. Everyone in the world sees that too. Not only will it see your open ports, It’s likely going to show you what’s running on those ports down to version numbers. It’s like driving a brand new sports car to a crime ridden neighborhood and not even bothering to lock the doors after parking it.
Luckily there are tons of better options. Probably one of the better options in this case would be setting up a VPN between the two locations. Using something like Tailscale is about as simple as it gets and doesn’t required any port forwarding what-so-ever. All you need to get Tailscale working is create an account, install and run the program on at least one machine in both locations and pass it the flag to share subnet routes and that’s it.
I’m not going to help with the approach you want because it would be hugely irresponsible for me to encourage this sort of thing.
Since it’s Android, use the openHAB Android app. Under settings you can configure it to update an Item with the SSID of the WiFi that the phone is connected to. Set that up, make sure the SSID names of the wifi is different at the two locations and all you have to do is check the Item and you’ll know where the phone is. No port forwarding. No exposure to the Internet. Couldn’t be simpler.
I do have a VPN setup via a tablet showing HabPanel via the first location showing the second location items. It’s working quite well for over a year now.
SBCs are cheap and though the Raspberry Pis are still a little hard to come by, Orange, Banana, or anything else supported by Armbian would work just fine for this. If you’ve an old phone, that would work too. You can set even a phone up as an exit node.
I’d remove that link. Luckily Shodan isn’t showing it’s a Samsung TV but that post is now correlating your public IP address and exposed port as a Samsung TV. There are a bunch of known vulnerabilities on Samsung TVs. Some of the more concerning allow an attacker to activate and receive audio from the remote, system crash, execute arbitrary code (e.g. install a cryptominer join the TV to a botnet), and lots of denial of service vulnerabilities.
Then use that to get to your TV at the other location. Or if that won’t work, install tailscale on that tablet and on your OH server with the tablet set up as an exit node to share the subnet and OH will be able to see the TV without the port forward.
I am using Ecobee presence to control the local Ecobee but what I’m not seeing is that item exposed to OH. This would work, but I have to have the Ecobee app open on the phone.
The thing is, if there was a dummy-proof solution that doesn’t rely on cloud servers, we probably wouldn’t be having this conversation. myopenHAB exists so that folks like me (who don’t know a lot about network security) don’t accidentally compromise our network security. That’s the dummy-proofing at work. I know this, because I’m the dummy.
The problem is that this approach is inconsistent with a desire to avoid cloud services. Short of that, VPN is the next-best thing. But as you’ve noted, VPN is far from dummy-proof. Unfortunately, I don’t think you’ll find anything better, because none of this is built natively into the Android operating system.
Unfortunately you can’t get there from here. If you want simple and fool proof you’re going to have to use myopenhab.org or VPN. Anything else is going to be either way more complicated, unsafe, and most likely both.
jwiseman
(Mr. Wiseman (OH 4.2 Snapshot on Pi4))
11
Been investigating how to do this dummy proof implementation for over a year, finally posted it on OH forum today and got input on the same conclusion I came to which it’s not possible with an Android phone.
