Tunnelling using the Ardexa Agent

Having services and open ports available to the public Internet is a very high security risk.

The ArdexaTunnel application enables you to securely and remotely access services (e.g. Web, SSH, FTP) without the need to make those services public.

Using your on-site Ardexa Agent, the ArdexaTunnel allows you to reach into your protected remote network over an encrypted channel and get your work done without ever leaving the office.

Installing the tunnel client


Download ArdexaTunnelSetup.exe


curl -Lo ardexa-tunnel && chmod +x ardexa-tunnel && sudo cp ardexa-tunnel /usr/local/bin/ && rm ardexa-tunnel 


curl -Lo ardexa-tunnel && chmod +x ardexa-tunnel && sudo cp ardexa-tunnel /usr/local/bin/ && rm ardexa-tunnel


Open a command prompt

Windows: cmd or PowerShell

Mac: Terminal

Linux: Your preferred terminal


To check that ArdexaTunnel is correctly installed, run

ardexa-tunnel --help

And you should see instructions on how to use the command.


How it works

The ArdexaTunnel works by connecting to an Ardexa Agent via our API and creating a "tunnel" between your local computer and the remote service.

The reason it is called a tunnel is because ArdexaTunnel will take a remote port and make it available on your local machine as if the service was running on your local machine. Any requests to the local port and bundled up and sent over to the remote machine via an encrypted tunnel, and then the response is delivered back to the local port in the same way.

In total, there are five critical pieces of information needed to make the tunnel work:

  • The agent you wish to tunnel through
    • Workgroup ID
    • Device ID
  • Details of the remote service
    • IP address
    • Remote port
  • Where to open the tunnel on your local machine
    • Local port

Use the Ardexa Web App to generate the tunnel command

This step is optional. If you already know the details, please skip to the next step.

  • Log in to the Ardexa Web App
  • Open the target Workgroup and browse to Devices
  • Select the target Device and open the TUNNEL tab
  • Enter the details of the Remote Service and the Local Port
    • The IP address of the remote machine you wish to connect to
      • if you want to connect to the Ardexa machine
      • Any IP address accessible from the remote machine. Please use the Discovery tools if you are unsure what's available on the remote network.
    • The port number you want to tunnel to on the remote machine (Remote Port)
      • Please see the Common Service Ports section below for a list of commonly used services and ports
    • The Local Port number that you want the client to listen on
      • if you wish to listen on a port below 1024, you will need super user privileges


Run ArdexaTunnel to start the connection

Open your command prompt and type or paste the ardexa-tunnel command.  For example:

ardexa-tunnel 123123123 c5e9f077-7221-41a2-b3ab-93c47497579f 22 2222

You will then be prompted to enter your login details for the Ardexa API.  You will need to enter your Email address and Password to proceed.  Once you are authenticated, there will be a short wait while the tunnel is established and then you will see the message "Connected".

Your tunnel is now ready to use.




To SSH to the remote Ardexa machine, you would use the following details:
  • IP:
  • remote port: 22
  • local port: 2222
Then run SSH on your local machine to connect to the tunnelled port
ssh -p 2222 user@localhost

And you will be logged into the remote machine!


If you discover a web service on, you would use the following details:

  • IP:
  • remote port: 80
  • local port: 8080
And then use your Web Browser to browse to http://localhost:8080 to connect to the remote web service.

Common Service Ports

SSH: 22

HTTP: 80

HTTPS: 443


Was this article helpful?
2 out of 2 found this helpful
Have more questions? Submit a request


Please sign in to leave a comment.