Remote access to IoT devices behind NAT.
Reach a Raspberry Pi, industrial gateway, or field device without VPN appliances. Open a short-lived TCP/HTTP tunnel when you need to debug, then close it.
How it works
- 1
Install on the device or a companion host
Linux ARM binaries work on Raspberry Pi-class hardware.
brew install rustunnel - 2
Tunnel the management port
HTTP for a local dashboard, TCP for SSH or MQTT bridges.
rustunnel tcp 22 --server eu.edge.rustunnel.com:4040 - 3
Connect, fix, close
Use the public endpoint for the maintenance window, then stop the client so the device is no longer reachable from the internet.
Why rustunnel
Outbound-only connectivity
Devices dial the edge — no inbound firewall rules at the site.
Self-host for fleet control
Run your own rustunnel-server so device traffic never leaves your infrastructure.
Pairs with AI agents
An on-call agent can open a tunnel, run diagnostics, and close it via MCP when human hands aren't nearby.
Pricing that matches how you work
Open a tunnel only when you need it — idle devices cost $0 on pay-as-you-go.
Quick start: brew install rustunnel
Create a free accountFAQ
How do I get remote access to an IoT device behind NAT?+
Install the rustunnel client on the device (or a gateway on the same LAN), open a TCP or HTTP tunnel to the management port, and connect through the public endpoint.
Is this a full VPN replacement?+
For targeted admin access, often yes. For always-on mesh networking across hundreds of sites, evaluate Tailscale/WireGuard — rustunnel shines for on-demand service exposure.
Can I self-host for compliance?+
Yes. AGPL self-hosting keeps tunnel traffic on your servers. Managed cloud is optional convenience, not required.