Wichtige Info

Die Inhalte, die du hier siehst stelle ich dir ohne Werbeanzeigen und ohne Tracking deiner Daten zur Verfügung. Trotzdem muss ich die Server bezahlen sowie Zeit in Recherche, Umsetzung sowie Mail Support stecken.
Um dies leisten zu können, verlinke ich in einigen Artikeln auf die Plattform Amazon. Alle diese Links nennen sich Afiliate Links. Wenn du dir mit diesem Link etwas kaufst, dann erhalte ich eine kleine Provision. Dies ändert jedoch NICHT den Preis, den du bezahlst!
Falls du mich also unterstützen möchtest, kannst du auf den Link zum Produkt klicken und hilfst mir dabei, dieses Hobby weiter zu betreiben.
Da ich Keine Werbung schalte und keine Spenden sammle, ist dies die einzige Möglichkeit, meine Systeme und mich zu finanzieren. Ich hoffe du kannst das verstehen :)


Smarthome for starters (part 3)


In the last two posts (Part 1), (Part 2) the general terms about Smarthome were explained a little. All that is important at the beginning, such as basic terms (actuators, sensors, etc.) as well as the type of hosting (where I build my smart home).
I would like to use this third part to write a little about the topic “Accessibility”.

To control the Smarthome, you must have access to this. It is possible to decide whether the Smarthome should only be accessible locally (in the own LAN) or also externally (which offers some advantages). Intermediate systems are usually used for this (or in the simplest case a port is opened at the local router).
The following article will deal with the possibilities of availability and the individual advantages and disadvantages.

Why should a smarthome be externally accessible?

At first, the question may arise, why the Smarthome wants to make accessible from outside. This is why Question will be answered first. As a result, and disadvantages are better understood and difficulties in different types of implementation.

In the optimal case, a Smarthome automatically controls everything. Accordingly, nothing should be taken care of. Be it light activated by radar or IR motion detector; or the scenes lighting through certain devices (such as the TV or Beamer) is activated automatically.
However, every smart home needs Data and many of them. This data can be obtained in many cases by internal sensor systems come and you still get a very extensive Smarthome.

The following situation is now given:
It should be Rolling shutter control are created automatically on the day Roll shop closes when no one is home (or at least one part lowers) and as soon as someone returns a day (and it still bright ), the shutters are moved up again.

This project is easily implemented without external access, it is checked whether certain MAC addresses (smartphones) at WiFi Access Point is registered and if yes, someone will be home. If No one is logged in, the shutters are shut down.
However, this has a comfort disadvantage.

At first, the device must be in the WLAN, it is empty nothing more. Furthermore, the range of the WiFi network must be quite large so that you don't notice anything from down and uplifting yourself. And Lastly, it is necessary that the smartphone always be connects to the AP alone (WLAN should be on Smartphone always be activated).
This results in “only” local access an automation that works – but you noticed when roller shutters are up/down, if necessary you are standing for a short time always in the dark, or the roller blinds drive down when you yourself is, but for some reason the smartphone is not registered in the WLAN is (e.g. because it is empty).

External access allows you to build a solution that works significantly more comfortably.

Through an external (on the Internet) accessible (!safe!) Endpoint we can send data from our devices to the Smarthome send, such as the GPS position.
Using GPS Zones in Smarthome (if supported), for example zones which are 10m – 20m larger than the plot. Once the smartphone reaches this zone, the smarthome center informs that the smartphone (the person) is in the “home” Zone. Then the shutters are moved up. On a WiFi Connection is still in most households at such a distance not to think.
This is of course a very simple Example, but it is enough to show that by external access more comfort can be achieved (which is usually the meaning of a smart home is (there are other goals for Smarthomes (which sometimes do not are compatible), but this is the topic for another Contribution).
GPS tracking continues to allow that the smartphone does not necessarily have to be in the WLAN, so a empty smartphone not to make the roller shutter control one as “not home” marked.
A GPS tracker is always an active Sensor. The device to be tracked must be itself locations and then forward calculated location to processing. There is no Updates from smartphone, remains the last sent location in Smarthome (e.g. home) – this can also behave in theory to be amended.
Another advantage is that you have a smartphone, which has been stolen, can pursue more or less well and Finally, zones can also be created, for example, for work or similar :

For couples it also opens the opportunity to see the girlfriend where the friend is driving around when this time again does not look at the phone because he has confusing and out for this reason since 10h is gone (I speak here for one friend *hust*).

Lastly, the external endpoint also offers the possibility to manually to make changes to outside. Be it the light after to switch off or control devices of all kinds (duty vacuum cleaners, washing machine etc.) and last can push messages directly on the Smartphone will be sent.

There are, of course, countless other reasons, which Explaining access – the mentioned reasons have led me to external endpoint.

How to implement this external endpoint?

The implementation of such an access can be carried out in various ways are carried out. In the following, I would like to see the most famous possibilities cover.
These are:

  • Manufacturer Cloud (usually OEM solutions)
  • Port forwarding (DynDNS)
  • VPN (Proxy)

These three approaches are likely to have the greatest distribution by far. Other implementations are technically possible (for example approaches such as Fritz!VPN, who do not represent a truly open end-poihnt, which problemless can be used by anyone.
This article deals with approaches that do not lasting fixed VPN Required connection to the home network, but basically from each can be used from the device.

1. Manufacturer Cloud

The most widely used manufacturer cloud Be a variant. Be it the Lidl Smarthome, Eufy or Ring, all offer an app that will notify the user from anywhere when something happens or all make it possible on the way to access.
In principle, there is a main approach for this type of access.
The purchased device is usually in an IP network (e.g. via WLAN) and is recorded by APP with the user account of manufacturer X connected.

The device then knows who it belongs to and sends all data, which are required to the manufacturer server (e.g. video recordings, Status of the device (e.g. battery status, functional condition, etc.). The Users can then freely access this data.
The complete initial configuration via the app, which Server accesses and then sends the data to the camera (or the server sends all required data to the camera).

What the data protection and trust has to mean is not subject of this post, but the recent incident of the company Eufy, which, in my opinion, was unjustified, clear the company advertises with “no data in the cloud”, but how should the images a ringing person, please come to the phone from on the way? – Thought would really help some people. This shows me but because here the implementation based on long ID’s nevertheless unhappy that I was not on strange people with my wants to leave home. Especially since this service is set and I then lose functions that may be used for buying of the product were responsible.

All in all, the manufacturer's blind is, however, the simplest solution. The cloud is due to the mostly large Manufacturer’s infrastructure (mostly any AWS, Azure hatched) always online and also powerful. Service technology can be used also rely on the manufacturer (as long as the services are of course ).
Here, however, the disadvantage is that usually only one manufacturer support. There are a few approaches that break up a little and the “China fleet” á la Tuya really helped. In Normally it is possible to use all Tuya devices in a rebranded app integration. Accordingly, all manufacturers which Tuya OEM Use hardware/software, be managed and controlled in an app.
However, if it goes towards the “name manufacturer”, then it is usually more difficult...

Two. Port forwarding (DynDNS)

The port release known from Minecraft times on the router...
This solution is maximally simple and is set up in a few minutes, but also has some disadvantages.

The port release on a router is done quickly, usually via the web interface, the corresponding router at your home. Once you can use the public address of your router access the released port and the service behind it.

The disadvantage of this procedure is that you may have every X hours (usually 24 hours) assigned a new address from your provider and therefore your IP address will change. This varies from Operators and in my case I have a fixed public IP address and I can optionally as “Data Protection Feature” activate the IP.
In the event that this is not available is, there is also so-called. DynDNS Services. These provide a fixed endpoint Address. This then leads to the dynamic IP of the router which held up to date by a client program (e.g. directly on the router) will. The router sends for this during each change (or periodically) required data, such as the current public IP address and the DynDNS provider will keep the address up to date on the DNS server.

Here's the advantage that without a manufacturer in between can directly access various devices, as you can effectively all Services can be released which are required. No data go to other persons, apart from the local IP address, which the DynDNS provider forcedly needed.

A disadvantage here is that a port on the router directly into the own home network is open. This is not bad by se, should but will be kept in mind, especially if you do not more needed.

3. VPN (Proxy)

The last possibility presented in this post (and my According to the best), the VPN tunnel is a third system and a proxy server.
This option requires some configuration and causes extra costs. But has some advantages.
First of all can be a public SSL certificate use which does not generate warnings in usual browsers. Furthermore, the target system (in this case in the home network) will never be to be made publicly available, but only through Proxy is achieved. In case of damage, it may be accepted does not happen much (if the server itself is taken over) of course different).
In addition, the proxy Possibility to use authentication before the target system, which unauthorized access to the site itself makes difficult. In my Example is therefore necessary for a user name and password for my proxy and then with my Homeassistant username, password and one Second factor. Lastly, only certain users can Use interface (one with a 2 factor).

The disadvantage of this solution is, of course, the expense and the costs. The server not only needs to be set up but constantly maintained and it is also necessary to pay for this. Last is also the latency somewhat larger (because the procedure is as follows: proxy -> VPN -> Router -> Homeassistant), but this falls in the daily Never use. Only in real-time applications with MQTT-Over-VPN is likely to be the subject.

Advantages and disadvantages of external access

As initially written, an external endpoint has some advantages compared to a closed system, just in terms of comfort helps this enormous. However, there are also no disadvantages to be underestimated. It is always possible that something goes wrong. Both Manufacturer Cloud, as well as the self-placed Smarthome system can have weaknesses, so can possibly Damage or aliens People can enter the home network or the home control system.
Accordingly, the direct access of such a solution is always a little Risky. But also the use of a proxy does not protect completely against such problems. Vulnerabilities in proxy, server and in the Smarthome solution represents potential security risks I would like to point out that we have to look at it. For people with Shodan a little made warm, it is a light badly protected smarthome to locate and then a little in private Looking at households and possibly controlling their lamps and gates/doors... – You should make sure that you don't happens.
But also functionally such a solution can be tendential risk that is not even technical must. In the event that you can get through automation, for example when the door controls the Smarthome (e.g. by an RFID) Beacon, as soon as this is detected by the smartphone, the door opens) – If automation works by whatever reason and you don't have any keys or anything, you don't come more in the apartment.
Just in time when the technology is good work, you tend to rely on technology and lets the key at home, but this should be be thoughtful. Such a system can quickly fail (for example due to the defect of a power supply or voltage failure). Straight ahead critical points of the house should always be secured and one itself should always allow a backup access. This can be simple organizational measures, such as the to give neighbors a replacement key or also technically through a redundate backup, whatever this may look like.

A external endpoint can create many possibilities and quickly awakens the impression that you can always rely on technology, this should always be questioned critically. It happens quickly that you look at your own technology as “better” and “100% safe” because months or even years nothing happened. It's just one only failure at a bad time is necessary, then nothing is possible more.
But here is not just something abstract like the front door also means a heating control without manual possibility for Control, only logically linked lighting (as with me) and some other, can quickly cause disadvantages. As an example I had a few days ago no light for almost 10 hours, because in a Memory upgrades despite backups my systems no longer advanced are. Importing backups has cost a lot of time, but in the I couldn't control time in my apartment. I got it with time much too much to rely on my technology (consequently, it wasn’t possible – I was the fundamental risks conscious, but it can also be done by simple things how a memory upgrade happens that nothing goes anymore).

Final

To summarize this article, I can say that an external Access is basically a good thing. However, in each Case be secured.
The possibilities of such access are comfortable and quite an enrichment, but should never automations are used which critical areas of the control life (access to housing, gas and water supply as well as Power supply). At least there should always be the possibility to be able to manually intervene or execute a replacement plan, which does not depend on the services of the automation system.

Back…