Octoeverywhere

[TobyCWood]

Anybody using this yet?

Its a secure way to access your Octoprint server via the WAN. Free and super easy.

I did need to update my old Octoprint server setup with a new build and the latest python, but that was also very easy.

Great stuff.

[Gary Tolley - Grogyan]

Do not use this, as it isn't as secure method as it should be. 

I have tries 3D printer os and Astroprint plugins for OctoPrint. 

Though haven't used them in a very long time. 

--
You received this message because you are subscribed to the Google Groups "3D Printing Tips and Tricks" group.
To unsubscribe from this group and stop receiving emails from it, send an email to 3d-printing-tips--...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/3d-printing-tips--tricks/2f9549dc-43a2-4cb3-837d-24b3b8e511a4n%40googlegroups.com.

[TobyCWood]

Maybe the dev can address that here?

[Quinn Damerell]

Hey! I'm the developer behind OctoEverywhere! I would love to better understand your concerns!

For a bit of context, security is something I take very seriously and have from day 0 of the project. I think the best place to learn about the service's security and the process is in this recent blog post I wrote about it:

https://blog.octoeverywhere.com/lets-talk-security/

I try to be very transparent about all of the technical details of the system, so if you have a question about anything please feel free to ask!

[Bruno Parisi]

Just saw this now and Gary if you could describe how and why you think Octoeverywhere is insecure so we can better understand your point would be best. I've been using Octoeverywhere for the past yearish or so and have absolutely loved it and have had no concerns from a security standpoint in my various different setups. i.e. Directly connected to my router to inbound/outbound traffic, through a personal VPN, through NordVPN, on my Ubuntu server with Octoprint and on my windows octoprint setup.

Interested to hear your points in case I've missed anything in my testing / not having one type of setup for too long hahahaha... Always Trying something different.

To view this discussion on the web visit https://groups.google.com/d/msgid/3d-printing-tips--tricks/27d7123b-a52e-470e-90f5-710d0610e94dn%40googlegroups.com.

[Matt Saeger]

I tried it briefly. I had never used octoprint and I had a raspberry pi laying around so I set it up. I had no idea how to access octoprint remotely but searching around brought up octoeverywhere. I ordered a longer cable so I could mount the camera somewhere useful but I haven't gotten around to setting it up. Not sure if I would pay a monthly fee I will probably just settle for whatever I can get for free. I am resisting anymore monthly reoccurring things as much as possible. 

[Gary Tolley - Grogyan]

I was speaking from a perspective of 2+ years ago, where I had tried various methods for remotely monitoring and starting prints via the web.
At the time, Octoeverywhere had a public facing IP, no security, definitely no 2FA.
At a minimum would need to have a VPN, which at the time was not affordable.

Since then, I have gotten my printer to a state where I do not need to have monitoring, can start a print, and know that by the time I get home, it is done.

I haven't invested any time in Octoeverywhere, or AstroPrint, or 3D Printer OS, plugins for OctoPrint, so no idea how these offerings have adapted to a very different internet than 2 years ago.

--

You received this message because you are subscribed to the Google Groups "3D Printing Tips and Tricks" group.
To unsubscribe from this group and stop receiving emails from it, send an email to 3d-printing-tips--...@googlegroups.com.

To view this discussion on the web visit https://groups.google.com/d/msgid/3d-printing-tips--tricks/859c933d-6ed9-40ce-b668-ab57eb7a2582n%40googlegroups.com.

[Ray Price]

I think everyone would have benefited if you had led with your last email.  "2+ years" in technology is like dog years for the rest of the world.  Clearly looks like Octoeverywhere is a vastly different beast from the last time you touched it.

I use Printoid and will have to take a look at this, although my printers also are pretty much launch and forget at this point as well.

To view this discussion on the web visit https://groups.google.com/d/msgid/3d-printing-tips--tricks/CANpJ-inka9tcP4C-xvrd_mnzW%3DU49n%2BsWogGx%2Bse57%3DYULe9Pg%40mail.gmail.com.

[Gary Tolley - Grogyan]

Perhaps.

Is a easy method to setup on an existing OctoPrint instance available for a VPN service available? 

I honestly don't know. 

What I do know is that most people don't have 2FA on a lot of internet accounts, similarly, a lot of internet users have awful passwords. 

If the password is less than 14 characters long, consider it as extremely weak. 

The Thingiverse, Facebook and Twitch leaks show that, even if all is done right, you can still fall victim to an existing password someone else has likely used, which has been leaked. Meaning that your only real defenses are 2FA and a VPN for a 3D printer connected to the internet.

If Octoeverywhere has this security, and setting up on an existing OctoPrint server a VPN is straightforward. I'll personally look into it, and recommend it to anyone if it all works out. 

[Gary Tolley - Grogyan]

https://octoprint.org/blog/2018/09/03/safe-remote-access/

Putting this here to echo Gina's perspective on the topic 

[Quinn Damerell]

That clears things up! Yeah, a lot of old remote solutions for OctoPrint were very insecure, like exposing the OctoPrint webserver on your public.

OctoEverywhere is a modern system and is 100% secure. I launched the service last November, so it hasn't even been out for a year yet - but I have built security into every aspect of the service. If I can't find a secure way to create a feature, I don't create it. You are right though, any service can be "hacked" if someone is able to get another user's credentials. I support 3rd party login and 2FA for all user accounts, so users have the tools to make sure their accounts are secured (and are encouraged to do so). 

Also just for discussion - I think for the standard user something like OctoEverywhere is more secure than a do-it-yourself system like a VPN. If an average user is able to set up a VPN, there's some chance they will misconfigure something and could leave themselves very exposed. They will also probably never consider keeping the VPN updated, meaning any down-the-road security flaws would be a problem.

But to each their own. I also totally understand users who don't want to expose their OctoPrint at all remotely, so there's no way directly in. 

If you do want to give OctoEverywhere a go, please do so and I'm 100% open to answering any questions you have!

[Tim Lesher]

My current solution for this is to use TailScale (https://tailscale.com/) on the Pi and whichever machines I intend to access it from (phone, laptop, desktop). I map a DNS name to the static IP given out by TailScale, and then I can treat the Pi as if it were on the open internet (i.e., "http://myprinter.mydomain.com"), but I'm transparently using TailScale's VPN system.

--

You received this message because you are subscribed to the Google Groups "3D Printing Tips and Tricks" group.
To unsubscribe from this group and stop receiving emails from it, send an email to 3d-printing-tips--...@googlegroups.com.

To view this discussion on the web visit https://groups.google.com/d/msgid/3d-printing-tips--tricks/2f9549dc-43a2-4cb3-837d-24b3b8e511a4n%40googlegroups.com.

--

Tim Lesher <tle...@gmail.com>

[Quinn Damerell]

I have heard a lot of really great things about TailScale as well! I love that there's so much choice and flexibility with this community. My main goal with OctoEverywhere is to make an "as free as possible" and "as easy as possible" secure remote system for everyone. But for those who are more technical, I think setting up VPNs or using TailScale is also a great solution.