Follow

Tunnelling using the Ardexa Agent

Having services and open ports available to the public Internet is a very high security risk.

The ArdexaTunnel application enables you to securely and remotely access services (e.g. Web, SSH, FTP) without the need to make those services public.

Using your on-site Ardexa Agent, the ArdexaTunnel allows you to reach into your protected remote network over an encrypted channel and get your work done without ever leaving the office.

Installing the tunnel client

Instructions to install the Ardexa Tunnel Client 

How it works

The ArdexaTunnel works by connecting to an Ardexa Agent via our API and creating a "tunnel" between your local computer and the remote service.

The reason it is called a tunnel is because ArdexaTunnel will take a remote port and make it available on your local machine as if the service was running on your local machine. Any requests to the local port and bundled up and sent over to the remote machine via an encrypted tunnel, and then the response is delivered back to the local port in the same way.

In total, there are five critical pieces of information needed to make the tunnel work:

  • The agent you wish to tunnel through
    • Workgroup ID
    • Device ID
  • Details of the remote service
    • IP address
    • Remote port
  • Where to open the tunnel on your local machine
    • Local port
 

Use the Ardexa Web App to generate the tunnel command

This step is optional. If you already know the details, please skip to the next step.

  • Log in to the Ardexa Web App
  • Open the target Workgroup and browse to Devices
  • Select the target Device and open the TUNNEL tab
  • Enter the details of the Remote Service and the Local Port
    • The IP address of the remote machine you wish to connect to
      • 127.0.0.1 if you want to connect to the Ardexa machine
      • Any IP address accessible from the remote machine. Please use the Discovery tools if you are unsure what's available on the remote network.
    • The port number you want to tunnel to on the remote machine (Remote Port)
      • Please see the Common Service Ports section below for a list of commonly used services and ports
    • The Local Port number that you want the client to listen on
      • if you wish to listen on a port below 1024, you will need super user privileges

 

Run ArdexaTunnel to start the connection

Open your command prompt and type or paste the ardexa-tunnel command.  For example:

ardexa-tunnel 123123123 c5e9f077-7221-41a2-b3ab-93c47497579f 127.0.0.1 22 2222

You will then be prompted to enter your login details for the Ardexa API.  You will need to enter your Email address and Password to proceed.  Once you are authenticated, there will be a short wait while the tunnel is established and then you will see the message "Connected".

Your tunnel is now ready to use.

Running multiple tunnels on the same local port

If you need to use multiple concurrent tunnels and are unable to alter the local port (e.g TIA Portal), you can tell the ArdexaTunnel client to bind to a specific IP address. For example:

ardexa-tunnel $workgroupId $deviceId 10.0.0.4 102 102 -b 127.0.0.4
ardexa-tunnel $workgroupId $deviceId 10.0.0.5 102 102 -b 127.0.0.5

By binding each tunnel to a specific loopback address, you can connect as many tunnels as you need.

Common Service Ports & Examples

 

SSH: 22

HTTP: 80

HTTPS: 443

Using a TIA Project

 

Was this article helpful?
3 out of 3 found this helpful
Have more questions? Submit a request

0 Comments

Please sign in to leave a comment.