Bypassing NAT

It is possible to access your device over the Internet even if you are behind NAT device (e.g. Wi-Fi router or on mobile network). There are some ways to achieve this, but will require installing additional software and a bit of configuration.

Tor
Accessing device via Tor is the most secure and effective method - offers strong end-to-end encryption (onion services don't use 'exit' node), virtual ports (e.g. 80 port without root), your service won't be visible on plain Internet.

However, this method requires setting up a Tor Onion Service.

Installing needed packages
The main package is tor. Install it by running this command: pkg install tor

You may want to install a `torsocks` for accessing the Tor Network: pkg install torsocks

Setting up Onion Service
You will have to modify the default configuration file of tor. Here is an example of configuring SSH Onion Service: SOCKSPort 127.0.0.1:9050
 * 1) Enable TOR SOCKS proxy

HiddenServiceDir /data/data/com.termux/files/home/.tor/hidden_ssh HiddenServicePort 22 127.0.0.1:8022
 * 1) Hidden Service: SSH

Then you need to make a directory where information about Hidden Service will be stored: mkdir -p ~/.tor/hidden_ssh

Now you can execute in console. If start was successfull, you can get your onion service hostname: cat ~/.tor/hidden_ssh/hostname Output should be like this:

Accessing your service
First of all make sure that on client device `tor` is running and you have all necessary software for accessing Tor Network (in this case package `torsocks`).

To access the onion service created in previous step, run this: torsocks ssh g3yv3tvqrbow7koz.onion

If everything is ok, the output should be like this: The authenticity of host 'g3yv3tvqrbow7koz.onion (127.42.42.0)' can't be established. ED25519 key fingerprint is SHA256:WGualHEq7SJdvVeXgy8a+btPQCd7uxTeXjlWdHHLwLc. Are you sure you want to continue connecting (yes/no)?

Remember, `tor` should be running on both (client/server) sides, otherwise you will get connection errors. You can configure other servers (e.g. Nginx) in the same way as shown in above example for SSH.

Learn more about Onion Services
Better explanation about Onion Services and other Tor-related things you can found at torproject.org.

Ngrok
Homepage: https://ngrok.com/

Warning: this service may intercept and analyze your traffic.

Ngrok is a service for exposing your local ports to the Internet. Software is closed source, but still can be executed on Termux.

Restrictions
Ngrok is a paid service, but it provides a free plan with some restrictions. Depending on your requirements, these restrictions may be unsuitable for you.

What is available on free plan:


 * HTTP/TCP tunnels are only on random URLs/ports
 * 4 tunnels per account
 * 40 connections per minute

Installation
Go to the Ngrok downloads page, and choose a binary with architecture correct for your device. You can follow instructions available on the downloads page, but for better experience you can follow these instructions that will install binary to the Termux environment.

In these instructions will be assumed, that yours architecture is AArch64 (i.e. arm64), and Ngrok's version is 2.2.8.

1. Unzip downloaded archive:

unzip ngrok-2.2.8-linux-arm64.zip

2. Move binary to the right place:

mv -i ngrok $PREFIX/bin/

3. Set executable permissions:

chmod 700 $PREFIX/bin/ngrok

4. You need to authorize your ngrok installation. Here will be assumed that you registered an account on https://ngrok.com/signup so you can proceed with:

ngrok authtoken {your auth token}

Note that authentication token should be retrieved from your account's page. The token is similar to this string:.

Usage example
In this example will be shown how to forward SSH port via Ngrok. Before proceed, make sure that Ngrok is installed and authenticated, otherwise you will get errors.

Type in your console this:

ngrok tcp 8022

You should see an output similar to this:

ngrok by @inconshreveable                                      (Ctrl+C to quit) Session Status               online Account                      XXXXXX XXXXXXXX (Plan: Free) Version                      2.2.8 Region                       United States (us) Web Interface                http://127.0.0.1:4040 Forwarding                   tcp://0.tcp.ngrok.io:13766 -> localhost:8022 Connections                  ttl     opn     rt1     rt5     p50     p90 0      0       0.00    0.00    0.00    0.00

Here, a string  represents an URL of your service (in this case SSH) available on the Internet.

You can verify if it works by doing:

ssh -p 13766 0.tcp.ngrok.io

Tmate
Tmate is utility for sharing terminals. It is very easy to use, though it will destroy connection once client disconnected.

Utility can be installed with.

Usage example
1. Make sure that all your devices have SSH key in  directory. If not, on each device do:

pkg install openssh mkdir ~/.ssh ssh-keygen -t rsa -f ~/.ssh/id_rsa

2. Execute the following command within Termux:

tmate

3. Once you done previous step, you should see a colored line at the screen bottom with link. Save it, because it is your connection token. It looks like

Bff5fhJquRpO105c3OL62Icfp@fk2.tmate.io

4. On another device from which you want to connect to Termux, run

ssh Bff5fhJquRpO105c3OL62Icfp@fk2.tmate.io

Important note: link shown above is just example and should not be copy-pasted !