A Guide To Safe Remote Access of OctoPrint

  1. Polar - Gave authentication error .
  2. OctoPrint Anywhere - very limited doest not even let you send gcode to machine.

So I hooked up a old laptop and installed TeamViewer on it , Now I can access Original octoprint UI from anywhere.
Next I am planing to replace laptop with Android Phone to conserve energy .

1 Like

"Whether you use a reverse proxy, or VPN to access OctoPrint; I recommend putting it on a separate physical box to the box connected to your printer. Running everything on a single server is just asking for trouble."

So I had a few questions here. I'm currently using a Raspberry Pi 2 running Octopi. I'm thinking about purchasing another Pi, just deciding which version I should choose. Are there any specific specifications I should be looking for when purchasing another Rpi to solely run as a VPN server? Will the Rpi Zero W perform the same or close to, as say, the new Rpi 4? Would the Gbit ethernet connection on the Rpi 4 attached to the router give me better performance vs Rpi Zero W's wireless & is it enough to justify the price difference?
Also, is a VPN connection to my octopi instance enough on it's own? Should I also use a reverse proxy in addition to the VPN or would that be redundant? How about running SSL?

The Raspberry Pi Zero W should work fine as a dedicated VPN server.

I have a firewall between my cable modem and my local network. The firewall software includes OpenVPN so I can establish a secure tunnel between something connected to the outside internet and my local network. Many commercial routers have VPN capabilities as well so it depends on your configuration to determine if an extra RPi would be the best solution.

Note: my cable modem is actually a cable router but I've configured it in bridge mode so I can use my firewall instead. My firewall runs IPFire which is a Linux-based solution.

I believe the router my ISP provided has built in VPN settings. I may try going that route first.

Are there any latency issues with setting up a VPN? I'm assuming in general that there is some in normal web browsing. Not sure what, if any lag running an Octopi instance with multiple Webcam servers running.

The latancy depends on your remote connection latency and your home connection latency.

If you use your full home connection upload speed for webcam streams the latency might be 1-2 seconds and more.

Let me see if I understand correctly. So any latency has more to do with my home internets upload speed than the specs of my rpi? So would a wired ethernet connection help minimize any possible latency? Also, I mentioned the Rpi Zero W earlier. Would a Rpi 1 or even an old android phone work as a server?

Yes a wired connection would reduce latency but you have to have a really bad wifi to make much of a difference :wink:
I don't know which bandwidth a pi 1 or an old phone will be capable of - but yes - it would work

You'd be surprised at how many things can negatively impact your wifi quality.

  • Neighbors' wifi networks sharing the same channel as yours (or even your own competing routers/hotspots)
  • Metal pipes like radiators, chain-link fence, possibly even lead-based paint on the walls, large metal plates
  • Aquariums or other large volumes of water
  • Foilage (the water in the leaves)
  • Microwave ovens in operation
  • Sparkgaps (like those found in a tesla coil)

Yes but those things impact more on the bandwidth than on the latency in my experience.
But I never tested how much lag you get when you're using 100% of a bad connection.

Thanks for mentioning it :slight_smile:

I happen to have bad wifi atm. I'm not in charge of the internet here, but we're only getting 50Mbps. (very slow)..and there's interference issues on top of that. I ask about latency because I'd like to eventually have a few printer's up and running with 2 HD camera feeds on each machine . So with that in mind, I'm wondering if buying a used router running DD-WRT, set up in repeater mode and with a VPN server on it would get me farther than a Raspberry Pi.

Yeah that would be a way to do it :slight_smile:
Do you want to watch all cam streams at once or just the two of the selected printer?

I'd like to have 1 feed on screen, per printer.

Yeah that should work :slight_smile:

Something that people havent considered is using HAProxy with Certificate based authentication. I realise this isnt for the beginner but there is a few good tutorials for doing this.
Octoprint uses HAProxy by default to forward port 5000 to port 80.

Is this a secure way?
Port forwarding based on ip address on my router or with reverse proxy on ip address?
I have a RPi-4. Can i run octoprint and a reverse proxy on the same hardware or is this not secure?

One thing I haven't seen mentioned yet is Hamachi VPN (which is now owned by LogMeIn). This doesn't require any firewall ports to be opened because it relies on outbound connections only to do all the connection management. You can try it for free with up to 5 devices on a network and they have clients for most operating systems. I've used it for years to manage some remote computers without having to ever open a firewall port. Worth a try, maybe? There's a client that will run on OctoPi but it does require some manual configuration.


I would be interested as well if somebody has made experience with Hamachi so far, becuase i can't port forward my Router (because there is none) i have to use theese alternatives and also had good experiences with hamachi when played with it as a VLAN.
Would like to see if someone has made experience with it and is ready to share it :slight_smile:

Hello, I recently installed octoprint in my raspberri pi and its working perfectly. But my main goal with the raspberry is to can use it from outside of my local network.

I've been these 2 days before trying to port forwarding the ip of my raspberry to can access from the public IP (sorry if I have some mistake with the concepts I'm just starting to learn the basics things about networking). I made a static IP first to my raspberry, and then Port forwarded this IP with the https port (443).

After trying a lot, I tried to search somebody who can help me as for example the developers of my router, so I got in contact with them and they asked me to send them a backup of my settings on the router, so I did it and this was their answer:

''"Unfortunately, the IP address [100.xx.xx.xx] on WAN is the private network IP address.

There will be not possible to reach device connected on LAN from WAN side.

Only thing you can do is to ask Vodafone to provide you with the public IP address for your PPPoE connection."

The thing is that I live in a rented home and the internet of the home is provided by my landlord, so I have no direct contact with the service, and either I don't want to pay a extra cost for this.

So I wonder if somebody of you would have some idea or solution for this thing, is giving me real headheach.

Thanks in advance!

PS. I know port forwarding is not a secure way to do it, but I wanted to install Haproxy also to this port, making octoprint look as unsecure website and then asking you for an user and a password. I don't know if this is good enough to connect safety from outside.

Trying to go the port forwarding route but it won't work for some reason, been at it for three days. So I took a look at Polar Cloud and my don't they want a lot of access to your stuff! They won't let you sign up by just email and want access to every file, every picture, and all your contacts! Really? Why, I must ask, this seems way scarier then port forwarding.