Noonb question: Securing Pi for remote access

Hi there,

Am very new to all this. Very new.

Am setting up Pi with DietPi as a media server.

I’d like to open it up so that I can access outside my home network, but want to make sure I’m not inviting nasties in. Is there any way I can add 2FA to my Pi now it is running DietPi?

It looks to be possible on the ‘standard’ Pi OS, not sure if it can be done in my DietPi set up?

Many thanks

can you be a little bit more specific what exactly you like to do. What kind of remote access you like to implement or which app you like to access.

I’d like to be able to access my media library when away from home via the Plex Server I have installed on it.

My very very limited knowledge on this, but my understanding is that I would need to give the Pi a static IP address and make it available to anyone on the internet (who knows the address). I’m assuming a bot could find this, brute force the password - which I have already changed to a much more secure one.

Again, an assumption here, but I’m thinking that only being able to access my Pi and therefore my home network would be much harder if a OTP has to be entered before a connection is made.

Am I on the right train of thought, or have I overlooked something dead obvious? :rofl: :rofl:

I guess you are heading into wrong direction. Setting up OTP might protect your SSH access but I don’t think this is the way how you like to access your Plex server. First you would need to be clear on how to access your system. I guess you like to use the plex app? Easiest way might be setting up VPN. This way you can access your Pi same way as being at home and you would not need to open to much ports towards the internet.

Glad I asked now :sunglasses:.

Yes, would be using Plex app to watch content remotely.

I will be installing NordVPN on the Pi tomorrow.

Should I also have VPN on the device I’m watching the content too (appreciate this is a little off the original question)

Thanks again

again wrong direction. You would need to setup a VPN server like WireGuard on DietPi and the VPN client app on your mobile device. Setting up NordVPN will install a VPN client on DietPi, connecting you to a public VPN provider.

Crikey, thank God there’s helpful people like you on here! Thanks again for your help.

I’ll take a look at Wireguard.

Will I still be able to have this running with a VPN client (Nord) running on the Pi?

Running NordVPN as client and Wireguard as server could be a little bit challenging. I never did something like this myself

trendy and thoughts?

It is possible, however there is something to pay attention to.
Usually the VPN clients enable killswitches, which force all traffic to the VPN and don’t allow anything else inbound. It will need to be tweaked or disabled.
Also if the VPN client installs a default gateway via the vpn-provider, then policy routing rules are necessary to selectively forward traffic from the vpn server via the ISP router, not the vpn. Or the default gateway from the VPN will have to be ignored and you’ll manually add routes that need to be routed via VPN (that is a bit unrealistic).

OK, so I’m going to leave the VPN server things for now - in all honesty I don’t have an immediate need to access my media library (via Plex) outside of my home network.

So I’ve installed the NordVPN client. Hoe do I tell if I’m successfully connected to the outside world via VPN without plugging the Pi into a screen and accessing a web browser to do an IP lookup. I’m running headless and accessing via SSH on a Mac.

Thanks again


you could install traceroute

apt install traceroute

and check the connection to a public web site like Google


Just do it with and without VPN being active


Huge thanks.

I’m starting to realise how much of a foreign world I’ve just entered. Good to have something new to learn :wink:

I think the list of commands I’m going to be writing down is going to get very long!

you are welcome