Dashboard Feature

Remote Access — No Port Forwarding

Your MeshDash instance can be reached from anywhere in the world — no open ports, no dynamic DNS, no VPN configuration. The server polls for queued requests using an HMAC-signed outbound connection you control completely.

Remote Access Architecture

Your Browser

Mobile or Desktop

HTTPS request to meshdash.co.uk with your instance token

meshdash.co.uk

Relay Server

Queues command. Waits for your server to poll.

MeshDash Server

Your hardware\n(polls every 12s)

Executes command locally, returns result via poll response

Meshtastic Radio

Your mesh

All relay payloads are HMAC-SHA256 signed with your instance key. meshdash.co.uk never sees plaintext command content or your API response data.

Five Access Tiers

Configure exactly what remote access is permitted. Tiers are additive — Tier 3 includes all Tier 1 and 2 permissions. Default is Tier 0 (off).

OFF

Remote access disabled entirely. No outbound polling. No relay traffic.

HEARTBEAT ONLY

Server sends a heartbeat pulse to the community map. Your node appears on meshdash.co.uk/map with its last-seen time. No commands can be queued.

Community map only
· No inbound commands

READ-ONLY TELEMETRY

Remote viewers can query node list, packet count, latest telemetry, and connection status. No messages can be sent, no config changes.

Node list
· Packet stats
· Telemetry query
· No write

MESSAGING

All Tier 2 permissions plus the ability to send messages to any node or channel from the remote interface.

Tier 2 + Send messages
· Channel broadcast

OPERATOR

Full dashboard access equivalent to local browser access. All API endpoints available including task management, auto-reply config, and node config read.

All endpoints
· Task/AutoReply/Config read-write

FULL C2

All Tier 4 permissions plus system-level operations: restart, config file write, slot management, plugin control. Use with extreme caution.

Everything including system restart and config write

Security Model

The remote access system is built around outbound polling — your server initiates every connection, meaning there is no inbound attack surface. Standard firewall configurations block all inbound requests; the relay never needs to reach your server.

HMAC-SHA256 Signing

Every command payload and response is signed with your instance-specific secret key. The relay server cannot tamper with or inject commands.

IP Blacklisting

Configure a list of IP addresses that are denied relay access at the server level — before a command is ever executed.

Rate Limiting

The relay server enforces per-instance rate limits. Configurable maximum requests per minute prevents relay abuse.

Instance Token

Your server has a unique token generated on first run. Tokens can be rotated from Settings without losing configuration.

No Payload Logging

meshdash.co.uk relays are ephemeral — payload data is never written to permanent storage on the relay server.

Community Map

At Tier 1 and above, your MeshDash instance sends a periodic heartbeat to the public community map at meshdash.co.uk. This makes your mesh network visible to the Meshtastic community — useful for coordination, coverage planning, and finding other operators in your area.

COMMUNITY MAP — HEARTBEAT PAYLOAD

{
  "instance_id": "md_a3f2c109",
  "nodes_online": 7,
  "node_count":   8,
  "mesh_snr_avg": 4.2,
  "radio_model":  "T-Beam v1.1",
  "region":       "EU_868",
  "lat":          51.5074,
  "lon":          -0.1278,
  "tier":         1
}

Location data in heartbeats is opt-in and rounded to approximately 1km precision by default. You can disable location sharing while keeping the heartbeat active. Your node ID and private mesh data are never included in the public heartbeat.

Enable Remote Access in Settings

Remote access is configured from the Settings view inside your MeshDash instance. Select your desired tier, enable the option, and your instance token is generated automatically.

Remote Access Docs