LogoLogo
  • Home
  • Installation
    • Quick Start for MacOS and Windows
    • MacOS Installation Guides
      • MacOS Desktop Client Installation
      • MacOS CLI Client Installation
      • MacOS Device Installation
    • Linux Installation Guide
      • Linux Cli Client Installation
      • Linux Device Installation
    • Windows Installation Guide
      • Windows Desktop Client Installation
      • Windows CLI Client Installation
      • Windows Device Installation
    • Manual Installation Guides
      • Device installation
        • Tmux session
        • Standalone Binaries
        • Systemd Unit
        • Headless
      • Device Upgrade
      • Installs at scale
      • Client installation
      • Client Upgrade
    • OpenWrt Installation Guide
    • Custom OS/Device Installs
      • IPFire
    • Cloud Installation Guides
      • Automated Installation on Amazon Web Services (AWS)
      • Automated Installation on Google Cloud Platform (GCP)
      • Automated Installation on Microsoft Azure
      • Automated Installation on Oracle Cloud Infrastructure (OCI)
    • Available Releases
  • Installation FAQ
    • How to activate an atSign
    • Reuse your client atSign on another machine
      • Generate a new set of cryptographic keys
    • How to name a device
    • How to generate SSH keys
    • Why activate the device atSign on the client?
  • Usage
    • npt Usage
      • Additional Configuration
    • sshnp Usage
      • Client Additional Configuration
    • sshnpd configuration
      • Daemon Additional Configuration
  • Integrations
    • OpenSSH config
    • PuTTY config
  • Use Cases
    • SSH
    • SFTP
    • RDP
    • Web Server
    • SMB
    • Be your own VPN
  • Product Information
    • NoPorts Policy Service
    • FAQ
    • How It Works
    • Under The Hood
    • Sequence Diagram
  • Related Pages
    • Main Site
    • GitHub
Powered by GitBook
On this page
  • Quick Start
  • Options
  • Overview
  • Examples
  • Putting it altogether
  • Usage Guides
Edit on GitHub
Export as PDF
  1. Usage

npt Usage

Quick Start

npt -f @<_client> -t @<_device> -r <@rv_(am|ap|eu) -d <name> \
-p <remote-port> -l <local-port>

Replace the <??> with your details and remember to logout and back into the client so you havenptin your PATH. Note: ensure that the sshnpd on the server includes the remote port in their --permit-open/--po rules. If you installed using defaults then you need to edit the /etc/systemd/system/sshnpd.service file and add the hosts/ports you want to connect to via npt. \

For example:

ExecStart=/usr/local/bin/sshnpd -a "$device_atsign" -m "$manager_atsign" -d "$device_name" "$s" "$u" "$v"

Would become

ExecStart=/usr/local/bin/sshnpd -a "$device_atsign" -m "$manager_atsign" -d "$device_name" "$s" "$u" "$v" --po 127.0.0.1:22,192.168.1.90:445

To allow localhost access to SSH and SMB/CIFS access to 192.168.1.90 on port 445. Then run.

sudo systemctl daemon-reload

sudo systemctl restart sshnpd.service

If you used a non root install (e.g. TMUX) then you will need to make a similar edit to ~/.local/bin/sshnpd.sh and restart the script\

Options

Option
Required
Default
Description

-f, --from

The client address, a.k.a. the from address, since we are connecting from the client.

-t, --to

The device address, a.k.a. the to address, since we are connecting to the device.

-r, --rvd

The address of the socket rendezvous used to establish the session connection. Atsign currently provides coverage in 3 regions, use whichever is closest to you: (@rv_am for Americas, @rv_eu for Europe, @rv_ap for Asia/Pacific)

-d, --device

Allows multiple devices to run sshnpd under a single device name.

-p, --rp

-l, --lp

0

The port you are connecting to on the client/local side. Defaults to any unused port.

Overview

This guide covers the basics to understanding the parameters of npt and invoking npt.

The NoPorts Tunnel or npt for short, provides an end to end encrypted TCP Tunnel without the need for inbound port rules on client or device machines.

Examples

-f, --from

This argument is the client address, a.k.a. the from address, since we are connecting from the client.

npt ... -f @alice_client ...

-t, --to

This argument is the device address, a.k.a. the to address, since we are connecting to the device.

npt ... -t @alice_device ...

-d, --device

This argument is the device name, which works in tandem with --to to allow multiple devices to run sshnpd under a single device name. By default, this value is "default", so unless you named your sshnpd device the same thing, you will need to include this parameter. For example:

npt ... -d my_device ...

-r, --srvd

This argument is the address of the socket rendezvous used to establish the session connection. Atsign currently provides coverage in 3 regions, use whichever is closest to you:

Americas

npt ... -r @rv_am ...

Europe

npt ... -r @rv_eu ...

Asia-Pacific

npt ... -r @rv_ap ...

-p, --remote-port, --rp

This argument is the port you are connecting to on the device side.

This argument is mandatory.

It is important to make sure the port you are connecting to is included in the list of permitted ports on the device side. (--permit-open, --po)

npt ... -p 3389 ...

-l, --local-port, --lp

This argument is the port you are connecting to on the client side.

This argument is optional, but suggested.

It is important to make sure the port you are connecting to is not a restricted port.

npt ... -l 33389 ...

Putting it altogether

An example of a complete command might look like this:

npt -f @alice_client -t @alice_device -d my_server -r @rv_am -p 3389

Usage Guides

Here are some guides where we demonstrate how to use the NoPorts Tunnel to run some common TCP Services without opening any ports.

PreviousUsageNextAdditional Configuration

Last updated 9 months ago

The port you are connecting to on the device/remote side. This port must be included in the --permit-open list. Read more about .

RDP
SFTP
Web Server
--permit-open