Skip to main content

Documentation Index

Fetch the complete documentation index at: https://ngrok.com/docs/llms.txt

Use this file to discover all available pages before exploring further.

How does ngrok reach devices in remote networks?

The ngrok agent runs on a device or a gateway machine in the remote network and opens a single outbound TLS connection to the ngrok cloud on port 443. Your cloud services, technicians, and customers reach the device through standard URLs that ngrok manages for you. No inbound ports, firewall rules, or VPN setup required on the remote network.

How is this different from a VPN?

With a VPN, the network owner at the remote site must configure a VPN server, open inbound firewall ports, and grant access to the entire network segment. The ngrok agent connects outbound—no firewall changes, no IT coordination at the remote network, and each endpoint exposes exactly one service. See Secure Tunnels for a deeper comparison.

Do I need an agent on every device?

No. One agent on a gateway machine can route to any device on the local network behind it. You can also install the agent per-device if your topology requires it.

What protocols work through ngrok?

Any TCP-based protocol. HTTP, TLS, SSH, RDP, Modbus, and other proprietary industrial protocols all travel through the same outbound connection. Your technicians keep using their existing tools; only the gateway machine running the ngrok agent needs to be updated.

Where can the agent run?

The ngrok agent is a lightweight, dependency-free binary available for Linux, Windows, ARM64, Raspberry Pi, Docker, and Kubernetes. You can also embed connectivity directly in your own application using the ngrok SDK, which is useful when your software already runs in your customer’s environment.