Link Search Menu Expand Document

Remote Access

A guide to safe remote access.

Notice
This is not a complete guide with every single step in detail, but rather a recommendation of what to do and especially what not to do to get access to the printer from somewhere remote from your network.

You have to decide if you ..

  • only want to have status messages on your smartphone
  • or you need full remote access to Mainsail from everywhere

Of course, you can also use a combination of both.

Status messages

For simple status messages there are a couple of additional tools that can be used:

These tools are installed on the local machine and send the status messages via the respective platforms. Thus, no access to your local network from outside is necessary.

For details, please refer to the projects instructions.

Remote Access to Mainsail

What not to do:
  • Please do not open ports of Mainsail/Moonraker in your router to the rest of the world. There are plenty of reports of Octoprint installations being freely accessible on the Internet, with just as many reasons why this is not a good idea.
https://isc.sans.edu/forums/diary/3D+Printers+in+The+Wild+What+Can+Go+Wrong/24044/
What you could do:
  • Use an external service provider (e.g. tailscale) to gain access to your home network.
    • Con: you give the control out of your hand
  • Reverse Proxy
Recommendation what you should do:
  • Set up your own secured VPN tunnel.
    • either in the router
    • or your Pi

Set up VPN

Several routers allow you to set up a VPN tunnel without much effort.
After you have entered the login data into e.g. your smartphone, you will have secure access to your entire network, including Mainsail.

If your router does not support this, you can also set up your own VPN, e.g. on your Pi.
Therefore you could use: OpenVPN, WireGuard or PiVPN

To be able to reach your home network even with a non-static IP address, you should use a dynamic DNS service. This will forward a domain directly to your IP address. Often, these DynDNS services can also be set up directly in the router, so that the IP address gets automatically updated on a change.

Some free services: DuckDNS or FreeDNS

Notice
The devices that dial in via the VPN tunnel are assigned to a different address range. This address range must be configured in moonraker under trusted_clients and cors_domains. https://moonraker.readthedocs.io/en/latest/configuration/#authorization

For example:
192.168.1.x // devices on your regular LAN
192.168.50.x // devices connected through your VPN tunnel