| name | ztm-tunnel | |||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| description | Create and manage TCP/UDP tunnels between ZTM network endpoints. Use this to establish secure P2P port forwarding through the ZTM mesh network. | |||||||||||||||||||||||||||||||||||||
| metadata |
|
Create and manage TCP/UDP tunnels between ZTM network endpoints.
-
ZTM Agent must be running
ztm start agent
-
Join a mesh network
ztm join <mesh-name> --as <your-endpoint-name> --permit <permit-file.json>
-
Tunnel app must be installed
ztm app install tunnel
- Inbound: The local endpoint that listens for connections and forwards them to the remote
- Outbound: The remote endpoint that receives connections and forwards them to target services
- Tunnel: A complete connection consisting of inbound + outbound
List all tunnels in the mesh:
ztm tunnel get tunnelList inbound tunnels (local listening ports):
ztm tunnel get inboundList outbound tunnels (remote targets):
ztm tunnel get outboundStep 1: On the remote endpoint (outbound), specify target services:
ztm tunnel open outbound my-tunnel --targets 192.168.1.100:8080Step 2: On the local endpoint (inbound), set up port forwarding:
ztm tunnel open inbound my-tunnel --listen 0.0.0.0:9000 --exits <remote-endpoint-id>This creates a tunnel where:
- Local port
9000listens for connections - Connections are forwarded to remote endpoint
- Remote forwards to
192.168.1.100:8080
Create both ends at once by running on respective endpoints:
# On endpoint A (listening side)
ztm tunnel open inbound tunnel-name --listen 0.0.0.0:9000 --exits <endpoint-B-id>
# On endpoint B (target side)
ztm tunnel open outbound tunnel-name --targets 127.0.0.1:8080Close the inbound end:
ztm tunnel close inbound my-tunnelClose the outbound end:
ztm tunnel close outbound my-tunnelView detailed tunnel information:
ztm tunnel describe tunnel tcp/my-tunnelView inbound details:
ztm tunnel describe inbound tcp/my-tunnelView outbound details:
ztm tunnel describe outbound tcp/my-tunnel# On home endpoint
ztm tunnel open inbound home-server --listen 0.0.0.0:22 --exits <office-endpoint-id>
# On office endpoint
ztm tunnel open outbound home-server --targets 192.168.1.10:22# Remote endpoint exposes local web service
ztm tunnel open outbound web-tunnel --targets 192.168.1.100:80
# Local endpoint listens on port 8080
ztm tunnel open inbound web-tunnel --listen 0.0.0.0:8080 --exits <remote-endpoint-id>ztm tunnel open outbound dns-tunnel --targets 8.8.8.8:53
ztm tunnel open inbound dns-tunnel --listen 0.0.0.0:5300 --exits <remote-endpoint-id>Check if ZTM agent is running:
curl http://localhost:7777/api/statusCheck mesh status:
ztm get mesh
ztm get epCheck installed apps:
ztm get appIf tunnel app is not installed:
ztm app install tunnelView tunnel app logs:
ztm log app tunnelZTM CLI config is stored in ~/.ztm.conf:
{
"agent": "localhost:7777",
"mesh": "my-mesh-name"
}Or set via environment:
export ZTM_AGENT=http://localhost:7777
export ZTM_MESH=my-mesh-nameFor programmatic access, use the ZTM Agent HTTP API:
# Get all tunnels
curl http://localhost:7777/api/meshes/{mesh}/apps/ztm/tunnel/api/tunnel
# Get inbound tunnels
curl http://localhost:7777/api/meshes/{mesh}/apps/ztm/tunnel/api/inbound
# Create inbound
curl -X POST http://localhost:7777/api/meshes/{mesh}/apps/ztm/tunnel/api/inbound/tcp/tunnel-name \
-H "Content-Type: application/json" \
-d '{"listens":[{"ip":"0.0.0.0","port":9000}],"exits":["endpoint-id"]}'