A guide to safe remote access.
This guide does not include every step in detail, but is a recommendation for safe remote access.
You will need to decide if you want to receive status messages on your smartphone, have full remote access to Mainsail, or both.
There are several options for sending status messages, some include additional functionality.
- Obico for Klipper:
- Obico sends status messages as well as webcam snapshots to mobile push notification, Email, Telegram, Discord, and more.
- You can get the real-time webcam feed and printer control using Obico’s mobile app or in the browser.
- Obico also uses AI to detect print failures.
- Mooncord by eliteSchwein is a bot that sends you status messages over Discord.
These tools are installed on the local machine and send status messages to their respective platforms. No changes are needed to externally access your local network.
For details, please refer to each project’s instructions and documentation.
- Please do not open ports of Mainsail/Moonraker in your router to the rest of the world. There are plenty of reports of OctoPrint installations being freely accessible on the Internet, with just as many reasons why this is not a good idea.
- Use an external service provider such as Tailscale to gain access to your home network.
- A potential downside is not having personal control of the connection.
- Reverse Proxy
- Set up your own secured VPN tunnel.
- In your router
- Or your Raspberry Pi
Several routers allow you to set up a VPN tunnel. After you have configured the VPN and logged in from another device, you will have secure access to your entire network, including Mainsail.
To be able to reach your home network even with a non-static IP address, you will need to use a Dynamic DNS service. This will forward a domain directly to your IP address. Often these DynDNS services can also be set up directly in your router so when your external IP address changes, your domain will be automatically updated. Free Dynamic DNS services include DuckDNS or FreeDNS
The devices that you use to access VPN tunnel are assigned to a different address range. This address range must be configured in Moonraker under
cors_domains. See also Moonraker’s documentation on network authorization.
192.168.1.x // devices on your regular LAN
192.168.50.x // devices connected through your VPN tunnel