npt Usage
Last updated
Last updated
Replace the <??> with your details and remember to logout and back into the client so you havenptin your PATH.
Note: ensure that the sshnpd on the server includes the remote port in their --permit-open/--po rules. If you installed using defaults then you need to edit the /etc/systemd/system/sshnpd.service file and add the hosts/ports you want to connect to via npt. \
For example:
ExecStart=/usr/local/bin/sshnpd -a "$device_atsign" -m "$manager_atsign" -d "$device_name" "$s" "$u" "$v"
Would become
ExecStart=/usr/local/bin/sshnpd -a "$device_atsign" -m "$manager_atsign" -d "$device_name" "$s" "$u" "$v" --po 127.0.0.1:22,192.168.1.90:445
To allow localhost access to SSH and SMB/CIFS access to 192.168.1.90 on port 445. Then run.
sudo systemctl daemon-reload
sudo systemctl restart sshnpd.service
If you used a non root install (e.g. TMUX) then you will need to make a similar edit to ~/.local/bin/sshnpd.sh and restart the script\
| Option | Required | Default | Description |
|---|---|---|---|
This guide covers the basics to understanding the parameters of npt and invoking npt.
The NoPorts Tunnel or npt for short, provides an end to end encrypted TCP Tunnel without the need for inbound port rules on client or device machines.
This argument is the client address, a.k.a. the from address, since we are connecting from the client.
This argument is the device address, a.k.a. the to address, since we are connecting to the device.
This argument is the device name, which works in tandem with --to to allow multiple devices to run sshnpd under a single device name. By default, this value is "default", so unless you named your sshnpd device the same thing, you will need to include this parameter. For example:
This argument is the address of the socket rendezvous used to establish the session connection. Atsign currently provides coverage in 3 regions, use whichever is closest to you:
Americas
Europe
Asia-Pacific
This argument is the port you are connecting to on the device side.
This argument is mandatory.
It is important to make sure the port you are connecting to is included in the list of permitted ports on the device side. (--permit-open, --po)
This argument is the port you are connecting to on the client side.
This argument is optional, but suggested.
It is important to make sure the port you are connecting to is not a restricted port.
An example of a complete command might look like this:
Here are some guides where we demonstrate how to use the NoPorts Tunnel to run some common TCP Services without opening any ports.
-f, --from
The client address, a.k.a. the from address, since we are connecting from the client.
-t, --to
The device address, a.k.a. the to address, since we are connecting to the device.
-r, --rvd
The address of the socket rendezvous used to establish the session connection. Atsign currently provides coverage in 3 regions, use whichever is closest to you: (@rv_am for Americas, @rv_eu for Europe, @rv_ap for Asia/Pacific)
-d, --device
Allows multiple devices to run sshnpd under a single device name.
-p, --rp
The port you are connecting to on the device/remote side. This port must be included in the --permit-open list. Read more about --permit-open.
-l, --lp
0
The port you are connecting to on the client/local side. Defaults to any unused port.