Table of Content
Table of Content
Frustrated with port forwarding and broken VPNs? Here’s the simple solution IoT pros are using today.
Why IoT Remote Access Is Still a Pain
If you’ve ever tried connecting to your IoT device or Raspberry Pi located behind a NAT router or firewall from outside your home or office network using port forwarding setup or VPNs, you’ve probably faced the same nightmare:
- Router configuration for port forwarding
- VPN setup headaches on the client and server
- Firewall rules breaking connectivity
- Security risks of exposing ports to the public internet
- No control over the router or firewall in your customer’s network
The truth is: these methods are outdated, insecure, and frustrating.
But here’s the good news—there’s a faster, safer way to get remote SSH access without opening ports or running a VPN.
And you can set it up in under 30 seconds with SocketXP.
Why Port Forwarding and VPNs Don’t Work for IoT
The Risks of Port Forwarding
- Exposes your device’s SSH port to the entire internet
- Constantly targeted by bots and brute force attacks
- Requires static IP or DDNS setup
- Breaks when ISP changes network rules
The Hassles of VPNs
- Complex to configure and maintain
- Still struggles with NAT traversal in many cases
- Not scalable for fleets of IoT devices
More importantly, IoT devices are deployed in different geographic locations (in your customer sites or open fields) with different internet connectivity options available: WiFi, 3G, 4G LTE, 5G cellular, satellite internet etc. It is not possible to setup port forwarding on all these different routers and firewalls in your customer locations which are not under your direct control.
For IoT developers and service providers, these are dealbreakers. You want quick, simple, secure access to your IoT devices — not hours wasted on network plumbing.
How SocketXP Solves the Problem
SocketXP creates a secure outbound SSL/TLS encrypted reverse proxy tunnel from your IoT device to the SocketXP cloud.
- No need to expose any ports
- No configuration changes required in your WiFi router or firewall
- Works well for devices behind NAT and firewalls
- Uses TLS encryption for end-to-end security
- Enforces Zero Trust Network Access (ZTNA) security on all endpoints
In short: Your device connects out, and you connect back in, without touching router or firewall settings.
Different methods to connect to your devices
There are several methods to securely remote access IoT devices but the most common ones are:
- Secure Shell (SSH)
- Remote Desktop Protocol(RDP)
- Virtual Network Connection(VNC)
- Web Application
- Remote Command Execution
In this article, we’ll discuss how to configure and setup an IoT device for:
- Remote access IoT SSH without port forwarding and VPNs
- Remote access the GUI desktop of an IoT using VNC without port forwarding and VPNs
- Remote access the GUI desktop of an IoT using RDP without port forwarding and VPNs
- Remote access the web application in an IoT without port forwarding and VPNs
- Execute remote commands on IoT without port forwarding and VPNs
We will be using SocketXP IoT Management and Remote Access Platform to remotely connect to IoT devices behind NAT router and firewall without setting up VPNs or port forwarding.
What is SocketXP
SocketXP is a cloud based secure remote access solution to access, manage and debug embedded Linux devices such as IoT device, Nvidia Jetson or any IoT device over the internet.
SocketXP creates SSL/TLS encrypted reverse proxy tunnels to securely connect to remote IoT devices.
SocketXP does not use insecure methods such as port-forwarding techniques and Dynamic DNS(DDNS) which will expose your IoT device directly to the internet, permitting hackers and port scanners to access your devices.
SocketXP is an enterprise-grade IoT remote access and management platform trusted by thousands of customers around the world today for secure remote access to their IoT device behind NAT router and Firewall.
Let’s dive in and get started.
1. Remotely connect to IoT behind NAT router or firwall over the Internet using SSH
Secure Shell (SSH) is a network protocol that provides a secure means to connect to a raspberry terminal over an unsecured network such as the internet.
SSH follows a client server model – the SSH server runs on the IoT and the SSH client runs on the user laptop or PC. SSH server listens on TCP port 22 by default.
OpenSSH provides an open source implementation of the SSH server and client software.
Note: Your IoT device comes installed with an SSH server software in it.
SSH client needs to know the IP address of the device in which the SSH server runs so that it can connect to it.
Because IoT devices installed behind a NAT router and firewall cannot be access from the internet, we’ll use SocketXP’s IoT Remote Access solution to remotely connect to the IoT terminal using SSH over the internet.
To learn more refer to: how to setup and configure your IoT for remote SSH access without using port forwarding and VPNs
2. Connect to IoT behind NAT router and Firewall over the Internet using VNC
Virtual Network Connection(VNC) is a protocol for safely accessing the IoT Graphical User Interface(GUI) or desktop. VNC is typically used for remotely accessing the GUI of a Linux based platforms such as IoT.
VNC follows a client server model – the VNC server runs on the IoT and the VNC client runs on the user laptop or PC. VNC server listens on TCP port 5901 by default.
TightVNC is a open source based VNC software that can be installed on IoT for remote desktop access.
Because IoT devices installed behind a NAT router and firewall cannot be access from the internet, we’ll use SocketXP’s IoT Remote Access solution to remotely connect to the IoT GUI Desktop using VNC over the internet.
To learn more refer to: how to setup and configure your IoT behind NAT router and firewall for remote VNC access without port forwarding and VPNs
3. Connect to IoT Remote Desktop(RDP) behind NAT router and Firewall over the Internet using xrdp
Remote Desktop Protocol(RDP) is a proprietary protocol invented by Microsoft for accessing the Windows desktop of one Windows machine from another Windows machine in a local network.
RDP follows a client server model – the RDP server runs on the IoT and the RDP client runs on the user laptop or PC. RDP server listens on TCP port 3389 by default.
Microsoft has opened up the RDP for third parties to implement the same. xrdp is a open source implementation of the Microsoft RDP. xrdp is typically used for remotely accessing the GUI desktop of a Linux based platforms such as IoT.
Because IoT devices installed behind a NAT router and firewall cannot be access from the internet, we’ll use SocketXP’s IoT Remote Access solution to remotely connect to the IoT GUI desktop using xrdp over the internet.
To learn more refer to: how to setup and configure your IoT behind NAT router and firewall for remote desktop access without setting up port forwarding or VPNs
4. Remote Control IoT Behind NAT router or Firewall using a Web App
Installing and running a web application on your IoT is one way to remotely connect and control your IoT using a web client.
For example, you could write a simple python flask web server application to remotely access the files – images, videos from a web camera, configuration files, log files etc.
$ cat get_files.py
from flask import Flask, send_from_directory
app = Flask(__name__)
@app.route('/')
def send_report(path):
return send_from_directory('/', path)
if __name__ == '__main__':
app.run(host='127.0.0.1', port=3000, debug=True)
You can use a web browser to access this web server application running in your IoT from a local network. Just point your browser to: http://localhost:3000
But, IoT devices installed behind a NAT router and firewall cannot be access from the internet.
We’ll use SocketXP’s IoT Remote Access solution to remotely connect to the python flask web server application over the internet.
SocketXP creates a secure public web URL (HTTPS) for the local web app running in your Pi.
To learn more refer to: how to remote access IoT web app over the internet without setting up port forwarding or VPNs
5. Send Remote Commands to IoT over the Internet from Outside Network
Remote Command Execution - the ability to send one-off shell commands to your IoT to quickly fetch crucial information or take some corrective action on your remote IoT is immensely important.
It is cumbersome to always having to SSH login to your IoT using your login and password to execute even a simple command or a program.
This becomes even more tedious if you have to execute the same script or command on a fleet of IoT.
SocketXP’s IoT Remote Access solution provides you the ability to remotely execute shell script, command or any python program on a single IoT or on a fleet of IoT over the internet.
To learn more refer to: how to setup and configure your IoT behind NAT router and firewall for remote command execution without using port forwarding and VPNs
Conclusion The End of Port Forwarding
VPNs and port forwarding were fine in the early 2000s. But in today’s IoT world, they’re a liability.
With SocketXP, you can:
- Remotely access devices in under 30 seconds
- Skip router/firewall configs
- Get secure, encrypted, NAT-friendly access
- Scale from one Raspberry Pi to thousands of IoT devices
- Manage your IoT device fleet from a single dashboard
In this article, we discused the five different options available to remotely access IoT behind NAT router and firewall, such as: SSH, VNC, RDP, Web App and Remote Command Execution.
We also discussed how SocketXP’s IoT Remote Access solution offers a secure, powerful and convenient way to remotely manage and control your IoT devices.
With its user-friendly interface, advanced features, and unparalleled flexibility, this innovative solution is a must-have tool for IoT enthusiasts.
Take advantage of this cutting-edge solution and unlock the full potential of your IoT devices. Try SocketXP’s IoT Remote Access solution today and discover the convenience and versatility it can bring to your IoT projects.