Make iot device the only accessible device from the internet

I want to communicate with an iot device over the Internet when I am on vacation. However in order to minimize the risks I want to make sure that this device is the only accessible device and that a potential attacker would be only able to access this device and no other device or the internet if the password is hacked.

How can I achieve this? I think I should probably use a VPN, but which? If you have any recommendations i'd like to hear them.

1 Like

Yep, set up a VPN, preferably WireGuard:


Thank you for your advice. I was able to successfully setup a WireGuard VPN. However I have a ds-lite connection, therefore I need a portmapper or a similar service to reach my VPN from ipv4. In Germany we have the following service: It roughly costs 5$ per year. However it only supports TCP. Are there any similar cheap services for UDP (because WireGuard works with UDP) or do I need to switch to OpenVPN?

1 Like

If the client side ISP supports IPv6, then you don't even need IPv4 to establish the tunnel.
Otherwise, OpenVPN over TCP or something like ZeroTier should work too.

I tried installing OpenVPN over TCP. The VPN connection is working flawlessly through LAN. However if I want to connect through ipv6 over the internet it is not working (i have not checked ipv4 yet).

This is my server config:

user nobody
group nogroup
dev tun
port 1802
proto tcp
server-ipv6 2001:db8:f00:bebe::/64
push "route-ipv6 ::/0"
push "route-metric 2000"
topology subnet
keepalive 10 60
push "route"
push "dhcp-option DNS"
push "dhcp-option DOMAIN"
push "redirect-gateway def1"
push "persist-tun"
push "persist-key"
-----BEGIN OpenVPN Static key V1-----
-----END OpenVPN Static key V1-----

This is the firewall-rule I have created.

Do you have an idea?

The important parts are listed here:

If OpenWrt creates a route for the entire prefix, you can skip the sourcefilter option.
Also skip the ip6class option since it's for the client side.
Specify your domain instead of IP:

And remove that:

1 Like

Thanks for your help again. It is now working perfectly.

1 Like

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.