From 0a6905ac155683638004ef853ed606b0cf2f5873 Mon Sep 17 00:00:00 2001 From: Antoni K Date: Sat, 20 Oct 2018 02:53:00 +0800 Subject: [PATCH] Add note about CGNAT (#6959) --- source/_docs/configuration/remote.markdown | 2 ++ 1 file changed, 2 insertions(+) diff --git a/source/_docs/configuration/remote.markdown b/source/_docs/configuration/remote.markdown index 00f9e276b35..f0135393685 100644 --- a/source/_docs/configuration/remote.markdown +++ b/source/_docs/configuration/remote.markdown @@ -23,6 +23,8 @@ The most common approach is to set up port forwarding (for any port) from your r A problem with making a port accessible is that some Internet Service Providers only offer dynamic IPs. This can cause you to lose access to Home Assistant while away. You can solve this by using a free Dynamic DNS service like [DuckDNS](https://www.duckdns.org/). +If you cannot access your Home Assistant installation remotely, remember to check if your ISP provides you with a dedicated IP, instead of one shared with other users via a [CG-NAT](https://en.wikipedia.org/wiki/Carrier-grade_NAT). This is becoming fairly common nowadays due to the shortage of IPv4 addresses. Some, if not most ISPs will require you to pay an extra fee to be assigned a dedicated IPv4 address. + Remember: Just putting a port up is not secure. You should definitely consider encrypting your traffic if you are accessing your Home Assistant installation remotely. For details please check the [set up encryption using Let's Encrypt](/blog/2017/09/27/effortless-encryption-with-lets-encrypt-and-duckdns/) blog post or this [detailed guide](/docs/ecosystem/certificates/lets_encrypt/) to using Let's Encrypt with Home Assistant. Protect your communication with a [self-signed certificate](/docs/ecosystem/certificates/tls_self_signed_certificate/) between your client and the Home Assistant instance.