I have a simple set up.
- Main laptop is a Mac
- I use syncthing to back up my files to a Raspberry pi.
I want to access the GUI interface of the Raspberry pi from outside my local lan. What is the best way to do so? I was thinking on installing Tailscale but I am not clear how to access the GUI.
Normally, you just set the GUI listen address like this
and then connect to it remotely in a Web browser using the device’s IP address, e.g.
and so on. This is under the same LAN, of course, so you’ll probably need to figure out yourself how to set up such access in the VPN.
The best (more secure IMO, no need to trust another profitable third-party) way : install ssh server on the PI , set it up in /etc/ssh/sshd_config to prevent password authentication (PasswordAuthentication no) and create a key pair in the mac (ssh-keygen) whose you will copy the public part (content of default generated id_rsa.pub file) to the pi in ~/.ssh/authorized_keys (one single line per authorized key).
You must leave the ST GUI access set to 127.0.0.1:8384
You have already set the pi LAN IP address as static or created a DHCP lease for it in your home router/gateway, and while still in the gateway settings, create a port forward to the pi’s sshd server for WAN access, e.g. ([any]:22922>>>192.168.1.120:22). So no need for a dedicated port forward for the ST GUI, the above single one can even be used to access the full PI desktop, regards to VNC RDP to pi’s localhost. Then:
Add 2 lines in the mac’s /etc/hosts file, one for the pi LAN ip, one other for your home’s WAN ip, e.g.
#strange aliases below to ease ssh... command single letter autocompletion, adapt as you like
192.168.1.120 pi guipi
18.104.22.168 wanpi remotepigui
Set/create the mac’s ~/.ssh/config file:
#nothing to specify here
#replace "localhost:8384" above with "https://localhost:8384" if you enabled HTTPS for the GUI in ST settings.
From the WAN you get the ST gui this way from within a terminal:
I do this. It’s really easy to setup. Just put the tailscale ip for your divice in the syncthing address for that device. I normally do it after the normal address. That way it will search normal and if that does not work it will look for the tailscale ip.