If you need remote access to your controller and do not have the ability (or the desire for security risk) to port forward to your OpenSprinker, then setup of a free cloudflare tunnel is a good option. There are many ways to setup a private tunnel to a machine on your network, though I find this to be the easiest plus the easiest to keep secure. I have it set to first navigate to e.g. https://myopensprinkler.mydomain.com, it prompts for my email, and then emails me a code. Enter the code, and then the tunnel forwards to my OS access web page.
Run the Cloudflare daemon on any Linux, Mac or Windows running in your network (including an rPi), and configure the daemon to forward to any HTTP, HTTPS or SSH etc… on your network. Never any port forwards at your router. Tunnel HTTP traffic from your client all the way to the daemon via secure HTTPS.
There are many tutorials found on the internet outside of Cloudflare support pages. This is a good start https://blog.cloudflare.com/ridiculously-easy-to-use-tunnels/