We love the IoTaWatt + EmonCMS for home performance planning, verification, and troubleshooting. We occasionally need to edit the IoTaWatt settings and inputs to EmonCMS but would like to be able to do that remotely, since we are deploying them all over our state. I read all the forum topics having to do with remote access and it appears the only way to accomplish this is through port forwarding. I am looking for some guidance on how to set up port forwarding on a typical home router while maintaining the best network security we can for our clients.
This can be done a couple different ways. A very secure way I do this is install a Rasberry Pi along side the Iotawatt and install openvpn and set the router to forward to the Rpi and only users with the certificate made with the Rpi openvpn can access it. Another way is set a strong password and just forward port 80 to the Iotawatt…Not so secure but easy to do. One more way is setting up reverse proxy but my opinion is little more secure then port forwarding directly. OpenVPN is the way I do it. Plus you can use the Rpi as an access point if needed.
I’m with @blitz1986 when you talk remote access. I do it via a VPN (commercial or open source) or do all my configuration onsite. There are security concerns with simple port forwarding, but that works. I just do not like to expose my internal network to the Internet in that way.
I agree that a VPN is the best approach, and there are others on this forum with more knowledge about it, so please follow up with them.
If you want to go the port forwarding route, rather than open up port 80 to the IoTaWatt, most routers will allow you to select a port high unused port number like 1980 and map that to the IoTaWatt port 80. You can set a password in the IoTaWatt for admin access. It uses digest authorization which is better then the basic authorization used by most IoT devices, but still child’s play for a real hacker. Like doorlocks, it keeps out your friends, but provides enough of a barrier that a hacker would need to have a reason to expend the effort. The password is never sent over the air and is not stored in the IoTaWatt.