Most users will have their Octoprint server running on their home (or some other private) network which hides the server from the outside network (Internet). In this case, Octopod will not be able to access the Octoprint server once you are away from home. To allow remote access, one good option is to set up a VPN server on your home network, and configure your iOS device to access your home network via a VPN client.

A VPN (Virtual Private Network) is a technology that provides an encrypted network "tunnel" between two computers or network devices. Devices on either side of the tunnel can communicate with each other in a way that is much more secure than if those devices were communicating directly over the Internet. In this article we will explore setting up a VPN using some freely available, open-source software called OpenVPN.

For me, configuring OpenVPN was extremely easy. However, depending on your ISP, it can turn into an extremely complex, possibly impossible task. I am going to cover what worked for me, but be aware that this may not work for you. Fortunately, there is a wealth of information on this topic on the Internet. So if it doesn't work for you, my suggestion is not to give up; spend some time researching the topic - Google "OpenVPN server on home network", or something similar. Visit forums that cater to those setting up small private or home networks - SmallNetBuilder is one.

Be Aware of the Risks

Before we get into the details, I want to make it clear that by setting up a VPN server and exposing it for access by the outside world (Internet), you are taking on some risk. While using a VPN is a much more secure approach than opening up access to the Octoprint server directly, nothing connected to the Internet is ever 100% secure. If you do go this route, know what you are getting into. You should periodically check for VPN server software updates and install them promptly. Keep your Raspberry Pi and router firmware up to date, as well as any other computers on your network.

Overview of the Process

A VPN consists of two parts, a server and a client. The server listens for connections from remote clients, and once the clients connect the server proxies network traffic from the clients to and from other devices on the private network. The client forms the other half of this arrangement; the VPN client software connects to the server, authenticates (proves it should have access to the server), and then once this connection is established route network traffic to and from the server, making it appear as if devices on the remote private network are accessible locally.

To set up a VPN for Octopod, we will:

1. Install and configure OpenVPN server on your home network.
2. Configure your router and home network.
3. Export the OpenVPN client configuration from the OpenVPN server
4. Install and configure the OpenVPN client on your iOS device

Setting up an OpenVPN Server

In this section, we will discuss configuration of an OpenVPN server.

To set up the OpenVPN server, we first need some device on which to run it. The OpenVPN server can run on any number of devices and operating systems, including Windows and Linux PCs and small single-board computers like the Raspberry Pi. It is also available in the firmware on several popular home routers. In this article, we will discuss two options:

• Running OpenVPN Server on an ASUS router using the Merlin firmware
• Running OpenVPN Server on Raspberry Pi (this can be the same Pi running Octoprint)

Configuring OpenVPN Server on the Marlin Firmware for ASUS Routers

Some routers provide the ability to run a VPN server built right into the router firmware. Note that these routers also provide the ability to configure and run a VPN client (as discussed above, this distinction is quite important, so make sure it's a OpenVPN server that you are configuring).

In my case, I have an ASUS router that is compatible with the 3rd-party Merlin firmware. This turned out to be really lucky, because this firmware has support for OpenVPN built right in. Running the VPN on your router simplifies things, because you typically do not need to go through some of the steps required to configure your network (the router does this automatically).

To configure the VPN on the Merlin firmware, first log into the router. Next, look for the menu item labelled "VPN" on the left hand side of the router's main web page (under Advanced Settings). Click this. On my router this loads a page with 4 tabs at the top: "VPN Status", "VPN Server", "VPN Client", and "TOR". Click on "VPN Server". Make sure "OpenVPN" is selected in the upper right hand area of the page. This should load a web page with the VPN Server configuration settings:

images/Enabling-Open-VPN-Server-ASUS-Merlin.png

Click the "Off" slider next to "Enable OpenVPN Server". You will be presented with the following:

images/Open-VPN-Server-ASUS-Merlin.png

The settings shown here should be fine in most cases. If you want more control over the server configuration, for example the port on which the server will listen, you can select Advanced Settings in the VPN Details drop down to access additional configuration options.

In the Username and Password section, you need to add at least one user. Enter a username and password. You will enter this username and password in the client (your iOS device) when you configure the connection. Click the + button to add the user, then click Apply to save your settings.

Note, do NOT delete the pre-populated user whose Username is the your router SSID.

Configuring OpenVPN Server on a Raspberry Pi

If you would like to host the OpenVPN server on a Raspberry Pi being used for other purposes, for example the one hosting Octoprint, there is a good tutorial available here. This tutorial also goes into some details on the additional things you would need to do, for example setting up a port forwarding rule in your router.

If you have a spare Raspberry Pi that you can dedicate to the VPN, check out PiVPN for details on creating a standalone Raspberry Pi VPN server.

Configuring Your Router and Home Network

To allow access to the OpenVPN firmware from outside your home network, we need to do two things:

1. Provide a way for you to determine the external IP address at which your router is visible.
2. Forward incoming VPN traffic from the router to the VPN server.

Identifying your VPN Server's External IP Address

If you are lucky, your ISP has given you a static IP address. If so, take note of this value, and you can use it later on when we configure the client. But for most people, this is not the case, and your ISP dynamically assigns your router an IP address when it connects.

It is possible that your ISP does not give you a publicly visible IP address. If the WAN IP address reported by your router is in one of the private ranges (10.0.0.0 to 10.255.255.255, 172.16.0.0 to 172.31.255.255, or 192.168.0.0 to 192.168.255.255), then you will not be able to set up a VPN using the instructions here.

If you do not have a static IP address, but your IP address is not from one of the private address ranges, then you have a dynamically assigned IP address. This means that your IP address may change periodically. You can use one of the "Dynamic DNS" services to make it easy to find the address, whatever it is currently. Discussion of this is out of scope for this article, but check your router to see if it has a configuration option for "Dynamic DNS". If not, this articl on setting up a Dynamic DNS client on a Raspberry Pi may be useful to you.

Forwarding VPN traffic to your VPN server

If you set up the OpenVPN server on your router, you can skip this step. For others, to allow the VPN client's network traffic to reach the OpenVPN server, we need to use a feature of your router called "port forwarding". The web site Port Forward has clear instructions on this for most routers. You will need to know the DNS name or IP address of the OpenVPN server as well as the port it is listening on (default is 1194). Using the instructions on the aforementioned site, we configure the router to forware all network traffic arriving from the Internet into this port to the VPN server.

Export the OpenVPN client configuration

Later in the process, we will need to give the OpenVPN client software the information and credentials it needs to connect to the server. The best way to do that is to export the client configuration from the OpenVPN server.

Exporting the Client Configuration for ASUS Routers with Merlin Firmware

If you are using the OpenVPN server in the ASUS router with Merlin firmware, log into the router and return to the VPN Server configuration page we used to configure the server. Click the Export button and save the file this generates somewhere on your computers hard drive.

Exporting the Client Configuration from a Raspberry Pi hosted OpenVPN server

<TODO: Insert instructions on exporting from RPi hosted OpenVPN server>

Install the OpenVPN Client

Apple iOS has the core VPN capability built in, but to configure the OpenVPN profile the easiest and most reliable method is to install the OpenVPN Connect app from the App Store. Search for this app in the App Store and install it.

images/iOS-OpenVPN-Connect-App.png

Once installed, we need to give it the client configuration that we exported previously. Note, there are multiple options for this in the OpenVPN client. I strongly discourage using the approach that sends the client configuration over email. Using that approach you are potentially providing everything a hacker needs to get access to your VPN over email, which is a very insecure method of communication. The approach I recommend is to use iTunes Sync.

If you haven't set up iTunes, or iTunes Sync before, follow [https://support.apple.com/en-us/HT201253](Apple's instructions) for that. Assuming you've installed OpenVPN Connect, connect your iOS device to your computer's USB port and launch iTunes. Press the button for your device, as shown in the screenshot.

images/iTunes-Select-Device.jpg

Navigate to OpenVPN under the Apps tab. Drag and drop the client configuration file we exported (see above) into the file sharing window here.

images/iTunes-Add-Profile.png

Disconnect your iOS device and launch OpenVPN. You should see a screen similar to the one below. Select the "OVPN Profile" option.

images/iOS-OVPN-Profile.png

You will now get a screen where you can select the profile to import. Click the Add button next to the profile.

images/iOS-Choose-Profile-Import.png

After import, you should see the screen below. Enter your username. If you want to be prompted for your password each time you connect, go ahead click Add. Otherwise, check the _Save Password" box and enter your password before clicking Add.

images/iOS-After-Import.png

If the device gives you a prompt like the one showed below, click "Allow".

images/iOS-Add-VPN-Prompt.png

That's it! You should now see a screen with a slider you can click to connect to the VPN. Note that if you set all this up while on your home network, you will likely need to disconnect from that (i.e. disable WiFi, or leave the area) before you can connect successfully. In my case, I just disabled WiFi and connected over the cellular network to test it all out.

images/iOS-Ready-For-Connect.png

Potential Issues

One of the issues you may run into is that the friendly (DNS) names you use to reference computers and devices on your home network doesn't work remotely. If this is the case, you may want to assign a static IP address to your Octoprint device (for most people, you would do this in your router). Then you can just use this IP address when configuring the server in Octopod.