Skip to main content Link Menu Expand (external link) Document Search Copy Copied

Remote Access

A guide to safe remote access.

This guide does not include every step in detail, but is a recommendation for safe remote access.

You will need to decide if you want to receive status messages on your smartphone, have full remote access to Mainsail, or both.

Status messages

There are several options for sending status messages, some include additional functionality.

  • Moonraker:
  • Obico for Klipper:
    • Obico sends status messages as well as webcam snapshots to mobile push notification, Email, Telegram, Discord, and more.
    • You can get the real-time webcam feed and printer control using Obico’s mobile app or in the browser.
    • Obico also uses AI to detect print failures.
  • Telegram:
    • Moonraker-telegram-bot by nlef is a bot that provides you status updates using the Telegram messaging service.
    • Moonraker-telegram by Raabi91 is a bot that also brings you status updates using the chat app Telegram.
  • Discord:
    • Mooncord by eliteSchwein is a bot that sends you status messages over Discord.

These tools are installed on the local machine and send status messages to their respective platforms. No changes are needed to externally access your local network.

For details, please refer to each project’s instructions and documentation.

Remote Access to Mainsail

What not to do:
  • Please do not open ports of Mainsail/Moonraker in your router to the rest of the world. There are plenty of reports of OctoPrint installations being freely accessible on the Internet, with just as many reasons why this is not a good idea.
3D Printers in The Wild, What Can Go Wrong
What you could do:
  • Use an external service provider such as Tailscale to gain access to your home network.
    • A potential downside is not having personal control of the connection.
  • Reverse Proxy
Recommendation what you should do:
  • Set up your own secured VPN tunnel.
    • In your router
    • Or your Raspberry Pi

Set up VPN

Several routers allow you to set up a VPN tunnel. After you have configured the VPN and logged in from another device, you will have secure access to your entire network, including Mainsail.

If your router does not support this, you can also set up your own VPN, for example, using your Raspberry Pi.
OpenVPN, WireGuard or PiVPN are all options that could work.

To be able to reach your home network even with a non-static IP address, you will need to use a Dynamic DNS service. This will forward a domain directly to your IP address. Often these DynDNS services can also be set up directly in your router so when your external IP address changes, your domain will be automatically updated. Free Dynamic DNS services include DuckDNS or FreeDNS

The devices that you use to access VPN tunnel are assigned to a different address range. This address range must be configured in Moonraker under trusted_clients and cors_domains. See also Moonraker’s documentation on network authorization.

For example:
192.168.1.x // devices on your regular LAN
192.168.50.x // devices connected through your VPN tunnel