Remote access to show network

It's Dec 15th which is the perfect time to start planning next year's upgrades
Firstly some current background context. My show network I beleive is quite typical of most peoples, in that it shares the same network as the household's devices (its not seperate) and therefore is connected to the internet if required. In its simplist form: FTTP > main router/switch > cable to another switch in front room > cable to another switch in garage > rPi & controllers branch from here.
I use mostly e1.31 unicast for my controllers, my Baldrick board uses DDP out of necessity to stop some weird flicker issues at the start of the 2024 season.
I have had to bump IP address of 2x controllers this year as it seems during the off season my main router had asigned these to other devices in the house.

What I'd like to know are 2 things:
1) Do I need a seperate show network to ensure my controller IP addresses don't get pinched by other devices, or is there some why to block/lock these from use for anything else?
2) Am I able to access these IP addresses remotely when I'm not at home. While I'm at home, I can easily access FPP or each controllers IP from any PC/laptop/phone web browser to adjust settings or reboot as required, but I'd like the ability to do this when not home.

To answer your first question, most routers should let you configure the DHCP range that it will hand out addresses from. Make this a smaller range, and then you can assign static IP addresses for anything you want out of the rest of the subnet/range.

Eg you might configure dhcp to use 192.168.0.129 through 192.168.0.254, leaving you everything from 192.168.0.2 to 192.168.0.128 to assign statically.

You could also achieve a similar effect by assigning statically mappings for dhcp in your router, if it supports it. If you go into the dhcp settings or status, you may see a list of assigned ip’s with their associated MAC address. You may have the option in there to make some of those mappings static which means they would not be assigned randomly to other devices.

Merry 2025!

1. It all depends on how large your private home subnet is. It should be large enough to have plenty of IP addresses that can be shared. Your router should have the ability to reserve IP addresses for specific MAC addresses to that the shop IPs do not get pinched.

2. There are remote VPN solutions that should allow you to connect to your home router and be able to check your show remotely. Again, this helps if your home router supports Dynamic DNS for registration to allow for easier private VPN into your network.

I run a home network and a show network. However, I reserve IP addresses on both networks for all my controllers. This way I know exactly which router gets what IP on each network. To help keep it consistent I like to make the last IP the same on each.

For instance my falcon01 controller would be.
Home: 192.168.10.51
Show: 192.168.50.51

It starts to get more complicated but it's possible either way.

this is a multi stage thing.

VPN's are something that there are a heap of bots out there trying to hack, so if/when you set something up make sure it's secure (aka I'd avoid something built into a home router).. a good start on this is using MFA, however can I suggest something a bit more simple which covers both sides of what you are asking..

a fairly easy way to achieve what you want is an old PC with multiple network cards, have one card connected to switches with you shown network, then another card on your home network and setup something like Teamviewer or Anydesk which have "some" level of security and can get you into that PC which is on both networks.

As you're running unraid you could set up the wire guard VPN server that it natively has in it .

I run a virtual lan on mine to separate Christmas from Private lan but still have internet access etc. But I do have a more advanced ubiquiti router that allows me to do it.

Maybe take a look at FPPMon for a quick way to setup remote access for this week?

Hey DJ!

what's your routers make / model it may have DHCP reservation you can put on it for your controllers. (Im not a fan of static ip's and proxies so I just reserve my controllers via MAC address which the router will have all that info). I reserve 192.168.1.200 through to 192.168.1.240 for my controllers.
Some pro's about DHCP reservation is that a DHCP address cannot be assigned to these IP's when the host is down. I.e you set your f16v3 static ip to 192.168.1.200 but during the off season your phone grabs 192.168.1.200 then you power up your f16v3 and its static to the same address so you have a conflict.
Downside is if you replace your router you loose this configuration and will have to reset it up.

+1 for a wireguard VPN if you have some sort of docker management system so you can always pull the current update. (Unraid, Home assistant, Freenas) otherwise you can pretty easily spin up another PI just to handle the vpn but it is something you will need to keep an eye on and update as this would be the only item you port forward.
(also another thing to check depending on your ISP you may need to opt out of Carrier Grade NAT for port forwarding). I.e AussieBB you can call and say that you would like to opt out of CGNAT so you can host external services.

Thanks for the replies folks.
For those playing along at home, as Sky mentioned I do already have a NAS running Unraid, so I have now setup a VPN via this and setup WireGuard on my phone. This has now allowed me to punch in the IP addresses of FPP or controllers and I can access remotely. As an added bonus I added a CX File Explorer app to my phone and I can now browse all the files & folders on my NAS like I can on my laptop, something I've wanted to do for the last 2 years!