Push notification via VPN connection. Do I need the Cloud?

Hi All,
This is my first post.

Goal: I would like to receive a push notification to my phone when my front door is unlocked.

Background: I have a VPN (openVPN) setup. I can connect and control my openHAB server with my phone from anywhere. Currently my openHAB rules are able to send email (using sendMail()) when my door is unlocked.

I would like to use something like sendBroadcastNotification() to send a push notification to my phone

  1. Do I need to install the openHAB Cloud service?
  2. If I do, how should I fill out the fields under PaperUI > Configuration > Services > openHAB Cloud > Configure
  3. Do I also need to setup my own openhab-cloud server as described here:
    Setup your own openhab-cloud (myopenhab) server/instance
  4. Is there a way to get push notification without the Cloud?

Many thanks.

You can use pushover, xmpp and telegram actions (and probably some more) if you have the proper service/app working on the receiver side. No need for any cloud.

Markus, thank you - I learned something new today.

I wish I could figure out how to set one of those options up. I mean I have pushover, but I only have it set up for critical alerts because it limits how many messages can be sent a month for the free service. I am just not very knowledgeable about how to set up xmpp. I tried to get it to work with google talk, but I couldn’t get a message to go through, but I think I came close.

Currently I have Tasker performing some actions when I receive notifications through openHAB Cloud.

I am mostly tired of my messages showing up many minutes after they have been sent through openHAB Cloud. But I just don’t know how to set up my own xmpp server. And even if I did, how would I get the notifications on my phone? And would it be possible to have Tasker do an action when those messages are received.

I am sure there is some way to get the functionality that I want, but I just don’t know how to set it all up.

I really wish that openHAB came with a binding that would do all of this without requiring anything, other than a single port forwarded for your phone to connect to the notification server. But they don’t want to add that, because they feel like it would be a security risk to open up a port to the internet.

I open ports up to the internet all the time for specific servers that I want to be accessed from the internet, and I don’t see a problem with it at all.

And they are right

And you will be hacked

The Telegram action is pretty easy to set-up and the messages come through instantly

1 Like

How would you run a server otherwise? If the port will not respond to any request that has nothing to do with the server that is running on that port, how could it possibly be used to hack the system? It isn’t like there is some secret code that can be sent to unlock the system somehow from that single port.

I am not a computer genius, but I am pretty sure the chances of getting hacked this way are pretty low to virtually impossible. And anyone who could hack you this way would probably have the skills to hack you with ports open or not. But then again, skills play no role at all in it, if the machine will simply not respond to any request that could compromise the system.

If you can explain how this can be done, then I will admit my ignorance. But as far as I am aware, machines should not be capable of giving any kind of access, other than what is specifically allowed, simply by opening up a single port to it.

I will definitely look into this option. I greatly appreciate the suggestion.

Personally I use pushover to send notifications, and have never had a problem. Sure, there is a limit, but it’s at 7500 requests/month (about 10 every hour on average), is that not enough for you?

Only one port open through the firewall.
This one redirects to an openVPN server with a 2048 bit key.

That’s it

Once I log in the VPN I have access to my network
Inside the private network ports are open for the computer to communicate freely

For the outbound side on things. I use pi-hole and block access to the outside for connected hardware I didn’t fully configure myself (IP cameras, Hubs, SmartTV…) Unless after some research (Wireshark and Google) I am satisfied that they don’t present a risk.

OP here. I have looked at

I might be wrong but they all seem to require some sort of middle-man (server) between my OH and phone, like this

My OH <----> pushover/xmpp/telegram server <----> My Phone.

Since my OH and phone has a direct connection via VPN. Is there an notification app that does not require a middle-man? Something like this

My OH <-------------------------------> My Phone

Searching around, I found notify which might not require a server. However, one major complaint from users is that it does not provide sound and vibration.

Sound and vibration would be easy enough to add useing an app like Tasker.

I installed the app, and two options that it has is to enable or disable sound and vibration. I am guessing that they added that feature in the latest version.

I needed to follow this tutorial to install node in order to be able to install notify:

I am guessing that I will need use this to send the notification commands:

I also had to install notify with this command for it to work:

sudo npm install -g notify-cli

Well you’ll always need a server of some sort because you need to register your phone’s IP else OH cannot know where to send. With xmpp you would need to setup your own server, with pushover that’s a paid service and with telegram it’s a free service. But there always is a server component involved (it does not have to be a separate SW; it may be colocated with your OH server or even binding/message sending client).
Don’t bother trying to get along without, you won’t.

And after all that, I still can’t get notify to work. :frowning:

It seems to put the key file in the root folder where it has limited permissions, because it does not find the key unless I run the command with sudo. I would prefer to not have to run the command with sudo to get it to work. But even if I run the command with sudo, it seems to send the command for the correct key, but I never receive the message.

Thanks, I’m fine with a local server on my LAN. BTW, with a VPN connection my phone IP is fix, it looks like you still think a server is necessary?

Not sure about any option not to require a server but for XMPP yes you need a server no matter if local or remote. I used to run this with a local Prosody on my RPi. Worked fine but I moved to Telegram so I could get rid of the need to run my own server.

Brent, I have not tried notify yet. Based on your experience, it seemed that it was more complex than advertised. Right now I’m still using sendMail() to get an alert which usually get to my phone around 1-2 min. I think I’m ok with such a delay for now.

I set up Telegram and it works well.

I had to use this tutorial to set up the bot though:

The openHAB tutorial for setting up the Telegram bot is incomplete, because it does not tell you to send a message to the bot before it will let you get the chat_id.

Please add the procedure by editing the docs:

There is another critical thing you need to consider besides the connection: aggressive battery saving. AFAIK FCM (formerly GCM) is Google’s way to do it. The ‘C’ stands for cloud ;-/