My home lab runs a few applications need remote access. I have wireguard tunnels setup for general use case, but when it come to Tesla in car experience, my journey started.
Personal Hotspot from mobile phone
This is the simplest solution, just connect to the wireguard tunnel and share the hotspot with Tesla.
But this solution requires root access for Android and not working for iOS, it’s a quick prototype I started.
Mobile router + personal hotspot
After the prototype, I added a small travel router to the solution.
I got a MikroTik mAP lite router, setup it connect to wireguard tunnel, use my personal hotspot for WAN, boardcast a new SSID for Tesla.
This solution perfectly working, the router is very small and can be powered by USB port.
IP whitelist
The next improvement I try is using the builtin network link. I setup a Discord bot, when access from unknow IP, it send me a message and let me approve or deny the future requests.
But Tesla cellular network changes IP really fast, it usually takes 3-5 times before I can whitelist a stable IP address. Further more, the IP looks like NAT through Tesla networks, potential shared with other cars, it’s not 100% safe.
Authentik
The final solution is Authentik authentication and proxy the public request with authorization. I setup my accounts and disabled the registration.
This is a balance of convenience and security.
Full screen
Lastly, I noticed there are some website provide a technique let the browser go full screen by jump through Youtube.
But they all focused on content, I want personalization. So I created a small tool deployed carbookmark.com. Let me keep my own bookmark links for full screen experience.