One command exposes your localhost to the internet over HTTPS. Same tool gives you persistent SSH back to any Linux box, from anywhere. Self-hosted. Yours. No third-party SaaS.
curl -fsSL https://tnl.voxent.io/install.sh | bash
What you get
No subscription. No third-party SaaS. The server is on your VPS, the data is yours, and you can revoke any client from the dashboard in one click.
tunnel http 3000 gives you https://<halfmac>.tnl.voxent.io. Real Let's Encrypt wildcard cert, no warnings.
Install a systemd service on your home Linux box. ssh -p 2222 you@tnl.voxent.io works forever. Survives reboots, crashes, network blips.
Single Go binary. Per-client tokens you can revoke. Open source on GitHub. The traffic flows through your server.
How it works
Your machine dials out (no inbound ports needed). The connection stays open. Public requests get multiplexed back through it.
Step 1
One line. Auto-detects your OS, downloads the binary, asks for a token, you're done.
curl -fsSL https://tnl.voxent.io/install.sh | bash
Detects amd64/386/arm/arm64, installs to /usr/local/bin/tunnel, offers to set up persistent SSH.
curl -fsSL https://tnl.voxent.io/install.sh | bash
Works on Intel and Apple Silicon. Installs to /usr/local/bin/tunnel.
iwr -useb https://tnl.voxent.io/install.ps1 | iex
Drops tunnel.exe into %LOCALAPPDATA%\remotetunnel and adds it to your user PATH.
Prefer manual? Browse all binaries at /dl/
Step 2
Two ways: the installer asks you for an invite code automatically, or sign up right here in your browser.
Paste your invite code below. You'll get a token and the exact command to run on your machine.
Need access? Reach out to whoever invited you.
Step 3
tunnel http 3000
→ https://<halfmac>.tnl.voxent.io forwards to localhost:3000. Subdomain derived from your machine's MAC, stable across reboots.
tunnel http 3000 --hostname demo
→ https://demo.tnl.voxent.io. First-come-first-served on the server.
tunnel tcp 5432 --port 15432
→ External clients connect to tnl.voxent.io:15432, hit your local Postgres on :5432.
The big one
Install a systemd service on your Linux box. Restart=always. The tunnel stays up across reboots, crashes, network blips. From your laptop in any coffee shop: ssh -p 2222 you@tnl.voxent.io.
If you used install.sh earlier, it already asked. Otherwise:
sudo tunnel install ssh ssh --port 2222 sudo systemctl daemon-reload sudo systemctl enable --now tunnel-ssh
In an elevated PowerShell (right-click → Run as Administrator):
tunnel install ssh ssh --port 2222 sc.exe start tunnel-ssh
Auto-starts on boot. Restarts on crash. Remove with tunnel uninstall ssh.
ssh -p 2222 your-user@tnl.voxent.io
-p by adding to ~/.ssh/config:Host home HostName tnl.voxent.io Port 2222 User your-user
Now just: ssh home. Multiple Linux boxes? Give each its own public port (2222, 2223, 2224…) and add an entry per box.
sudo systemctl status tunnel-ssh # live status sudo journalctl -u tunnel-ssh -f # follow logs sudo systemctl restart tunnel-ssh # force reconnect sudo systemctl disable --now tunnel-ssh && sudo rm /etc/systemd/system/tunnel-ssh.service
When things go wrong
tunnel: command not foundOpen a fresh terminal — the installer just added it to PATH and your current shell hasn't reloaded. Or run with the full path: /usr/local/bin/tunnel on Unix, %LOCALAPPDATA%\remotetunnel\tunnel.exe on Windows.
tls: unknown authorityYour client's CA store is out of date. On Linux: sudo update-ca-certificates. As a dev escape hatch, add tls_insecure: true to ~/.config/tunnel/credentials.yaml.
client revokedYou revoked the token in the dashboard. Make a new one via + Add client and re-run tunnel login --token ….
Connection refused on port 2222Three checks: (1) sudo systemctl status tunnel-ssh on the target box. (2) Tunnels page on the dashboard should list it. (3) sudo systemctl status ssh on the target box (is sshd even running locally?).
One TCP port = one tunnel. Use different public ports per box (2222, 2223, 2224…). The SSH-config snippet above scales to many entries.