Skip to main content
ngrok helps you securely access APIs, databases, and other private services running in remote networks through site-to-site connectivity. This is useful for securely connecting to your customers’ on-prem environments, branch offices, data centers, and more, all without opening inbound ports or managing VPN infrastructure. You can run the ngrok agent inside remote networks, enabling you to enforce access control with IP restrictions, white-label connections with a custom connect URL, run redundant agents for high availability, and more.

Why use ngrok for site-to-site connectivity?

  • No inbound ports: The ngrok agent connects outbound over TLS on port 443. No firewall changes or open ports required in the remote network.
  • No VPN complexity: Replace VPN tunnels, VPC peering, and custom networking with a single agent and a Cloud Endpoint.
  • Centralized traffic control: Apply IP restrictions, authentication, rate limiting, and more using Traffic Policy—all managed from a single dashboard.
  • End-to-end encryption: TLS termination at the agent or upstream service, including mTLS for zero-knowledge encryption.

Next steps

Quickstart

Get a basic site-to-site connection working in minutes

Full tutorial

Walk through a complete setup with multiple endpoints, mTLS, and IP restrictions

End customer guide

Share this reference with customers who need to understand why ngrok is being installed in their network

Running in Kubernetes?

Achieve private site-to-site connectivity with the ngrok Kubernetes Operator