Link Search Menu Expand Document

Remote Access

A guide to safe remote access.

Notice
This guide does not include every step in detail, but is a recommendation for safe remote access.

You will need to decide if you want to receive status messages on your smartphone, have full remote access to Mainsail, or both.

Status messages

For simple status messages there are a two additional tools that can be used:

These tools are installed on the local machine and send status messages to their respective platforms. No changes are needed to externally access your local network.

For details, please refer to each project’s instructions and documentation.

Remote Access to Mainsail

What not to do:
  • Please do not open ports of Mainsail/Moonraker in your router to the rest of the world. There are plenty of reports of Octoprint installations being freely accessible on the Internet, with just as many reasons why this is not a good idea.
https://isc.sans.edu/forums/diary/3D+Printers+in+The+Wild+What+Can+Go+Wrong/24044/
What you could do:
  • Use an external service provider such as Tailscale to gain access to your home network.
    • A potential downside is not having personal control of the connection.
  • Reverse Proxy
Recommendation what you should do:
  • Set up your own secured VPN tunnel.
    • In your router
    • Or your Raspberry Pi

Set up VPN

Several routers allow you to set up a VPN tunnel. After you have configured the VPN and logged in from another device, you will have secure access to your entire network, including Mainsail.

If your router does not support this, you can also set up your own VPN, for example, using your Raspberry Pi.
OpenVPN, WireGuard or PiVPN are all options that could work.

To be able to reach your home network even with a non-static IP address, you will need to use a Dynamic DNS service. This will forward a domain directly to your IP address. Often these DynDNS services can also be set up directly in your router so when your external IP address changes, your domain will be automatically updated. Free Dynamic DNS services include DuckDNS or FreeDNS

Notice
The devices that you use to access VPN tunnel are assigned to a different address range. This address range must be configured in Moonraker under trusted_clients and cors_domains. See also Moonraker’s documentation on network authorization.

For example:
192.168.1.x // devices on your regular LAN
192.168.50.x // devices connected through your VPN tunnel