How to Setup External Access of Home Devices

by Rian

There is a problem with all IoT or smart home devices: external access. This is a problem that all users at some point have to ask themselves how they would like to approach it. What’s the point of having internet-enabled, sensor-filled, micro smart devices in each room, if none of them will respond soon as the user leaves the house?

Depending on which platform, the manufacturer may not even discuss the topic at all, for better or worse. Apple, for instance, has HomeKit, and so long as there is an Apple device in-house, the user doesn’t have to worry about how to setup the external access. It’s a traditional Apple move —you don’t need to know anything, the plane will land as it should. But that’s not always the case. Some manufacturers opt for port forwarding or even UPnP. Some even go so far as offering both, running their own Apple-like platform while offering port forwarding, leaving the consumers with both the choice and the confusion.

Let us assume for a moment your device in question does not offer services such as Apple’s or Synology’s. Your device is currently running on home LAN. That leaves you with a choice, port forwarding (or UPnP, if you’d like) or VPN to your home network.

To clarify on what VPN is, I do wish to point out that VPN is ultimately a tool. Most VPN ads on social media declining this technology as adding security or anonymity to your internet connections, and while it can be used that way, ultimately that is only one application of the tool. If the ‘remote network’ happens to be in overseas, you can use the tool to do what VPN providers would often say they do in the ads. What it actually does is connecting to a remote network as an insider, obviously from the outside. Think of it this way. Let’s say there is intercom connecting all condo units, and you want to call your neighbor on the intercom. VPN is that connection between your cellphone to the existing intercom network.

The key here is setting up VPN server for your own network is doable. My own router from a decade ago offers OpenVPN server service for me to connect to home devices, such as printers. Again, modern printers nowadays have external services offered by the manufacturer, but if it doesn’t, VPN can help. If you router doesn’t, you can easily setup an OpenVPN server (not client) on a Raspberry Pi, and setup a port forwarding to that device only. That will allow external connection to tunnel through via Raspberry Pi’s OpenVPN server.

One of the big reasons why I am suggesting OpenVPN and Raspberry Pi is that they have concerned parties and security communities who do keep an eye out to check any vulnerabilities of the protocol and the platform. Port forwarding often leave management work in the hands of network manager (i.e. router owner), and the security measures of the IoT device manufacturer. If you only have one device connected to the internet, perhaps that might still be manageable. But the number quickly adds up with IoT devices.