Accessing MultiTuner
MultiTuner is accessed entirely through its web interface and REST API over the network. There is no serial console, display, or local keyboard interface. This page describes how to reach the device both on the local network and from remote locations.
Local Network Access
The simplest and most reliable way to access MultiTuner is from the same LAN segment. Connect a computer or server to the same switch, ensure it is on the same subnet (default: 192.168.112.0/24), and open http://192.168.112.1 in a browser.
For direct connection without a switch, see Network Connection.
Remote Access
MultiTuner has no built-in mechanism for secure remote access over the internet — the embedded web server is designed for trusted local network use. To access the device from a remote location, use one of the following approaches.
VPN (Recommended)
A VPN extends your local network to a remote user, allowing them to reach MultiTuner exactly as if they were on-site. This is the most secure approach and requires no changes to MultiTuner's own configuration.
Common solutions:
| Solution | Suitable For | Notes |
|---|---|---|
| WireGuard | Single engineers, small teams | Lightweight, fast, built into modern Linux kernels. Ideal for installing directly on the site router or a Raspberry Pi at the remote location |
| OpenVPN | Teams, enterprise deployments | Mature, widely supported, available on most routers and firewalls |
| IPsec/IKEv2 | Site-to-site links | Built into Windows, macOS, iOS, Android. Good for permanent headquarters-to-site connections |
| Commercial SD-WAN / MPLS | Multi-site broadcast infrastructure | Managed private WAN — MultiTuner at each site appears on the same internal network |
Once a VPN is in place, access MultiTuner at its LAN IP address as normal. No port forwarding, no exposure to the public internet.
VPN on the site router
If the site router supports WireGuard or OpenVPN (MikroTik, pfSense, OPNsense, Ubiquiti all do), enable VPN directly on the router. This covers all devices on the site network — including MultiTuner — without any configuration on the device itself.
Reverse Proxy with Authentication (Advanced)
If a VPN is not practical, MultiTuner can be placed behind a reverse proxy (nginx, Caddy, Traefik) that adds HTTPS and authentication in front of the plain HTTP interface. The proxy is exposed to the internet; MultiTuner remains on the internal network.
Minimum requirements if using this approach:
- TLS certificate (Let's Encrypt or internal CA)
- Strong authentication on the proxy layer (HTTP Basic Auth, OAuth2 proxy, or client certificates)
- IP allowlist limited to known remote addresses
- MultiTuner's own network segment should not be directly routable from the internet
Warning
Never expose MultiTuner's web interface or API directly on a public IP address without a hardening layer in front of it. The embedded web server is not designed to withstand hostile internet traffic.
SSH Tunneling (Ad-hoc)
For occasional one-off remote access when a VPN is not available, an SSH tunnel through a jump host on the site network forwards MultiTuner's web interface to a local port on your machine.
Example:
ssh -L 8080:192.168.112.1:80 user@site-jumphost.example.com
Then open http://localhost:8080 in your browser. The connection is encrypted end-to-end via SSH; MultiTuner itself is never exposed externally.
UDP Stream Reception over Distance
If the goal is to receive MultiTuner's audio streams from a remote location rather than access the management interface, the options differ:
| Scenario | Approach |
|---|---|
| Multicast over LAN only | Works out of the box on the local network segment |
| Multicast across routed networks | Requires multicast routing (PIM-SM) between network segments — consult your network team |
| Remote unicast stream | Configure the stream destination to a unicast IP rather than multicast, then ensure the destination port is reachable from MultiTuner (may require NAT or VPN) |
| HLS over internet | Use the GET /api/tuner/{id}/live.m3u8 endpoint behind a reverse proxy — HLS is standard HTTP and traverses firewalls and CDNs without special routing |
HLS is the most practical option for delivering audio to remote listeners across the internet, as it requires only standard HTTP/HTTPS connectivity.