Bypassing NAT

It is possible to access your device over the Internet even if you are behind NAT device (e.g. Wi-Fi router or on mobile network). There are some ways to achieve this, but will require installing additional software and a bit of configuration.

Tor
Accessing device via Tor is the most secure and effective method - offers strong end-to-end encryption (onion services don't use 'exit' node), virtual ports (e.g. 80 port without root), your service won't be visible on plain Internet.

However, this method requires setting up a Tor Onion Service.

Installing needed packages
The main package is tor. Install it by running this command: pkg install tor

You may want to install a `torsocks` for accessing the Tor Network: pkg install torsocks

Setting up Onion Service
You will have to modify the default configuration file of tor. Here is an example of configuring SSH Onion Service: SOCKSPort 127.0.0.1:9050
 * 1) Enable TOR SOCKS proxy

HiddenServiceDir /data/data/com.termux/files/home/.tor/hidden_ssh HiddenServicePort 22 127.0.0.1:8022
 * 1) Hidden Service: SSH

Then you need to make a directory where information about Hidden Service will be stored: mkdir -p ~/.tor/hidden_ssh

Now you can execute in console. If start was successfull, you can get your onion service hostname: cat ~/.tor/hidden_ssh/hostname Output should be like this:

Accessing your service
First of all make sure that on client device `tor` is running and you have all necessary software for accessing Tor Network (in this case package `torsocks`).

To access the onion service created in previous step, run this: torsocks ssh g3yv3tvqrbow7koz.onion

If everything is ok, the output should be like this: The authenticity of host 'g3yv3tvqrbow7koz.onion (127.42.42.0)' can't be established. ED25519 key fingerprint is SHA256:WGualHEq7SJdvVeXgy8a+btPQCd7uxTeXjlWdHHLwLc. Are you sure you want to continue connecting (yes/no)?

Remember, `tor` should be running on both (client/server) sides, otherwise you will get connection errors. You can configure other servers (e.g. Nginx) in the same way as shown in above example for SSH.

Learn more about Onion Services
Better explanation about Onion Services and other Tor-related things you can found at torproject.org.

Ngrok
Homepage: https://ngrok.com/

Warning: this service may intercept and analyze your traffic.

Ngrok is a service for exposing your local ports to the Internet. Software is closed source, but still can be executed on Termux.

Restrictions
Ngrok is a paid service, but it provides a free plan with some restrictions. Depending on your requirements, these restrictions may be unsuitable for you.

What is available on free plan:


 * HTTP/TCP tunnels are only on random URLs/ports
 * 4 tunnels per account
 * 40 connections per minute

Installation
Go to the Ngrok downloads page, and choose a binary with architecture correct for your device. You can follow instructions available on the downloads page, but for better experience you can follow these instructions that will install binary to the Termux environment.

In these instructions will be assumed, that yours architecture is AArch64 (i.e. arm64), and Ngrok's version is 2.2.8.

1. Unzip downloaded archive:

unzip ngrok-2.2.8-linux-arm64.zip

2. Move binary to the right place:

mv -i ngrok $PREFIX/bin/

3. Set executable permissions:

chmod 700 $PREFIX/bin/ngrok

4. You need to authorize your ngrok installation. Here will be assumed that you registered an account on https://ngrok.com/signup so you can proceed with:

ngrok authtoken {your auth token}

Note that authentication token should be retrieved from your account's page. The token is similar to this string:.

Usage example
In this example will be shown how to forward SSH port via Ngrok. Before proceed, make sure that Ngrok is installed and authenticated, otherwise you will get errors.

Type in your console this:

ngrok tcp 8022

You should see an output similar to this:

ngrok by @inconshreveable                                      (Ctrl+C to quit) Session Status               online Account                      XXXXXX XXXXXXXX (Plan: Free) Version                      2.2.8 Region                       United States (us) Web Interface                http://127.0.0.1:4040 Forwarding                   tcp://0.tcp.ngrok.io:13766 -> localhost:8022 Connections                  ttl     opn     rt1     rt5     p50     p90 0      0       0.00    0.00    0.00    0.00

Here, a string  represents an URL of your service (in this case SSH) available on the Internet.

You can verify if it works by doing:

ssh -p 13766 0.tcp.ngrok.io

Serveo.net
Homepage: https://serveo.net/

Warning: this service may intercept and analyze your traffic.

Status: disabled due to phishers using it, try https://localhost.run/ instead.

A free service for exposing your local ports to the Internet. Since it uses SSH to forward ports, it does not require any configuration. Everything that you need is a running server on your device, for example Nginx, and package OpenSSH or Dropbear.

Usage example
Here will be assumed that you have a web server running on port 8080 and you want to share it over Internet. Make sure that SSH client is installed. Note that in case of web service, serveo.net will provide access via both http and https.

Run in your Termux the following command:

ssh -R 80:localhost:8080 serveo.net

If everything is okay, you will see output like this:

Forwarding HTTP traffic from https://colo.serveo.net Press g to start a GUI session and ctrl-c to quit.

This means that your service is now available via. By default, serveo.net will reserve a random subdomain for your connection. To customize it, proceed to the next example.

Customizing subdomain
You may want to use a custom subdomian. In this example, a subdomain  will be used.

Custom subdomains work only with ports 22, 80 or 443 !

Execute this in your console:

ssh -R mytermux.serveo.net:80:localhost:8080 serveo.net

If subdomain was free, you should receive this output:

Forwarding HTTP traffic from https://mytermux.serveo.net Press g to start a GUI session and ctrl-c to quit.

Otherwise, you will see an error which indicates that you should select a different subdomain:

Warning: remote port forwarding failed for listen port 80

Tmate
Tmate is utility for sharing terminals. It is very easy to use, though it will destroy connection once client disconnected.

Utility can be installed with.

Usage example
1. Make sure that all your devices have SSH key in  directory. If not, on each device do:

pkg install openssh mkdir ~/.ssh ssh-keygen -t rsa -f ~/.ssh/id_rsa

2. Execute the following command within Termux:

tmate

3. Once you done previous step, you should see a colored line at the screen bottom with link. Save it, because it is your connection token. It looks like

Bff5fhJquRpO105c3OL62Icfp@fk2.tmate.io

4. On another device from which you want to connect to Termux, run

ssh Bff5fhJquRpO105c3OL62Icfp@fk2.tmate.io

Important note: link shown above is just example and should not be copy-pasted !