Localtonet: Secure Tunneling for Any Protocol
Localtonet is a multi-protocol tunneling platform that lets you securely expose local services to the internet without port forwarding, firewall changes, or VPN setup. It supports HTTP/HTTPS, TCP, UDP, mixed TCP-UDP, file server tunnels, and HTTP/SOCKS5 proxy tunnels, all managed from a single dashboard or API. Whether you are running web apps, databases, game servers, IoT devices, AI agent backends, or mobile proxy infrastructure, Localtonet connects your local services to the world through encrypted tunnels.
What Is a Secure Tunnel and How Does It Work?
A secure tunnel is an encrypted connection between your local machine and a public server. When someone visits the public URL, their request travels through the tunnel to your local service and the response comes back the same way. Your machine initiates the connection outward, so no inbound ports need to be open on your router or firewall.
This is different from traditional port forwarding, which requires you to modify your router settings, know your public IP address, and manage firewall rules. Tunneling services like Localtonet replace all of that with a single binary and a dashboard.
Most devices are behind NAT (Network Address Translation) or CGNAT (Carrier-Grade NAT), which means they do not have a directly reachable public IP address. Tunneling bypasses this entirely. Your local service gets a real public HTTPS URL without any network reconfiguration.
What Is Localtonet?
Localtonet is a multi-protocol tunneling platform for developers, teams, businesses, and infrastructure operators. It lets you expose and access local services over the internet without complex network configurations.
The platform supports six tunnel categories: HTTP/HTTPS, File Server, TCP, UDP, mixed TCP-UDP, and proxy tunnels (HTTP and SOCKS5). Every tunnel type shares the same infrastructure: encrypted connections, a centralized dashboard, a REST API, and support for custom domains.
The single binary has zero dependencies and runs on every major platform. A separate token is issued per device, so you can manage multiple machines from one account.
Supported Tunnel Types
Modern infrastructure rarely relies on a single protocol. A typical stack uses HTTP for APIs and webhooks, TCP for databases and internal services, and UDP for real-time traffic like gaming and VoIP. Localtonet brings all of these together in one platform.
| Tunnel Type | Common Services | Auto TLS | Use Case Category |
|---|---|---|---|
| HTTP / HTTPS | Web apps, APIs, webhooks, AI agents, MCP services | ✓ | Web development |
| File Server | SFTP, WebDAV, Default file manager | ✓ | File access and sharing |
| TCP | SSH, RDP, databases, mail, CI/CD, AI inference backends | ~ | Infrastructure access |
| UDP | Game servers, VoIP, IoT, live streaming | ✕ | Real-time and gaming |
| TCP + UDP Mixed | Multiplayer games, communication tools, media apps | ✕ | Hybrid workloads |
| Proxy (HTTP / SOCKS5) | Mobile proxies, USB modem proxies, geo-routing | ✓ | Proxy infrastructure |
HTTP / HTTPS
TCP
UDP
Proxy (HTTP / SOCKS5)
1. HTTP and HTTPS Tunnels
HTTP / HTTPS Tunnels
HTTP tunnels are the most common tunnel type for developers. They expose any local web service through a secure public HTTPS URL with automatic TLS certificate management. You do not need to configure SSL certificates manually or handle renewals. Localtonet provisions and rotates certificates automatically.
How to Create an HTTP Tunnel
Install and authenticate Localtonet
Download Localtonet for your OS, run it with your AuthToken from My Tokens.
Go to the HTTP Tunnel page
Open localtonet.com/tunnel/http in your browser.
Configure and create the tunnel
Select your Process Type (Random Subdomain, Custom Subdomain, or Custom Domain), select your AuthToken, choose a server, enter the IP and port of your local service, then click Create.
Start the tunnel
Press Start from the tunnel list. Your public HTTPS URL is immediately active.
HTTP Tunnel Use Cases
HTTP tunnels support three URL options: a random subdomain (e.g., abc123.localto.net), a custom subdomain you choose, or your own domain. To use a custom domain, add it to the Localtonet DNS Manager and update your domain's nameservers to ns1.localtonet.com and ns2.localtonet.com at your registrar.
2. File Server Tunnels
File Server Tunnels
File Server tunnels let you expose a local directory through a secure public URL without uploading files to any cloud service. Your files stay on your machine. The tunnel is the access pathway. Localtonet supports three file server types, each suited to a different workflow.
Default File Server
- Browser-based file manager, no client needed
- Online editor for text files
- Time-limited, password-protected share links
- Built-in recycle bin for recovery
- Per-user read, write, and delete permissions
SFTP and WebDAV
- SFTP: standard protocol, works with any SFTP client, ideal for CI/CD and automated backups
- WebDAV: mounts as a network drive in Windows Explorer or macOS Finder
- Both use encrypted tunnels, no open ports required
File Server Use Cases
3. TCP Tunnels
TCP Tunnels
TCP tunnels let you securely access any TCP-based service over the internet. They are widely used by developers for database access, system administrators for remote control, and DevOps teams for pipeline integration. Instead of opening raw ports or setting up a VPN, a TCP tunnel provides an encrypted pathway through Localtonet's infrastructure.
Common TCP Services
Setting up a VPN to give a contractor or teammate access to a single internal service is complex and often overkill. A TCP tunnel provides targeted access to one specific service on one specific port, without putting the entire remote machine on your network. This is faster to set up, easier to revoke, and lower risk.
4. UDP Tunnels
UDP Tunnels
UDP tunnels are built for speed and low latency. Unlike TCP, UDP does not wait for delivery confirmation, which makes it the right choice for services where responsiveness matters more than guaranteed ordering. Localtonet's UDP support is a significant differentiator: most competing tunneling services, including ngrok, do not support UDP tunnels at all.
If you need UDP tunneling for a game server, VoIP application, or real-time IoT system, ngrok is not an option. Localtonet, Pinggy, LocalXpose, and Playit.gg all support UDP. Among hosted services with full developer tooling, Localtonet is the only one that combines UDP with HTTP, custom domains, webhook inspection, and SSO.
UDP Use Cases
5. Mixed TCP-UDP Tunnels
TCP + UDP Mixed Tunnels
Some applications require both TCP and UDP at the same time. A multiplayer game might use TCP for authentication and match setup, then switch to UDP for the actual gameplay. A communication tool might use TCP for signaling and UDP for voice and video. Configuring separate tunnels for each protocol and keeping them synchronized adds complexity. Localtonet's mixed tunnel mode handles both protocols under a single tunnel configuration.
6. Proxy Tunnels (HTTP and SOCKS5)
HTTP and SOCKS5 Proxy Tunnels
Localtonet supports HTTP and SOCKS5 proxy tunnels for both proxy users and proxy providers. This means you can either route your own traffic through a private proxy endpoint, or you can publish proxy endpoints from your own devices and infrastructure so others can use them. This is a capability that most tunneling services do not offer at all.
For Proxy Providers: Device-Backed Proxy Infrastructure
Proxy providers typically need real device IP addresses rather than datacenter IPs. Localtonet lets you expose HTTP and SOCKS5 proxy nodes from real devices including Android smartphones, USB modems and dongles, and edge hardware, all through encrypted tunnels. This works even when devices are behind NAT or CGNAT, where direct inbound connections are not possible.
For Proxy Users: Private Traffic Routing
Teams and operators who need controlled outbound routing use Localtonet proxy tunnels to route traffic through private endpoints they control. This is useful for testing geo-specific behavior, running automation workflows through a known IP, and managing traffic on public networks.
Common Provider Scenarios
- Building mobile proxy infrastructure from Android devices
- Turning USB modems into remotely accessible proxy nodes
- Running distributed proxy fleets without port exposure
- Operating in NAT/CGNAT environments
Common User Scenarios
- Private proxy routing for testing and research
- Geo-specific routing through selected endpoints
- Safer traffic routing on public networks
- Controlled outbound access for automation workflows
The Localtonet Android app can turn any smartphone into a secure, remotely accessible proxy node. This enables real mobile-network-based proxy connectivity with remote management from the dashboard, useful for ad verification, geo-testing, and mobile data-based proxy services.
Platform Support
Localtonet runs on every major platform with a single portable binary and zero dependencies. Each device uses a separate AuthToken so you can manage multiple machines from one account.
Access Control and Security Features
Exposing a local service to the internet requires access control. Localtonet provides several layers of protection so you can share services selectively without leaving them open to anyone with the URL.
🔑 SSO Authentication (Google, GitHub, Microsoft, GitLab)
Require users to authenticate with an identity provider before accessing any tunnel. This is useful for internal tools and admin panels where you want to restrict access to team members with a specific email domain.
👤 Username and Password Authentication
Add basic authentication to any HTTP tunnel. Anyone visiting the public URL must provide the correct credentials before they can reach the underlying service.
🏷 Per-Device AuthTokens
Each device gets its own token. Revoking a token immediately disconnects all tunnels on that device without affecting other machines on your account.
📋 Webhook Inspector
HTTP tunnels include a built-in request inspector that captures, displays, and lets you replay incoming HTTP traffic in real time. Useful for debugging webhook integrations without modifying your local application.
🌐 Custom Domains with Auto HTTPS
Bring your own domain. Add it to the Localtonet DNS Manager, update your nameservers to ns1.localtonet.com and ns2.localtonet.com, and select Custom Domain when creating a tunnel. TLS certificates are provisioned automatically.
REST API and Programmatic Tunnel Management
All tunnel operations are available through Localtonet's REST API. You can create, start, stop, and delete tunnels programmatically without using the dashboard. This makes it practical to spin up temporary tunnels for CI/CD jobs, integration tests, and ephemeral preview environments, then shut them down automatically when the job finishes.
Localtonet also supports a zero-install option using the SSH client built into Windows 10+, macOS, and Linux. Create a tunnel in the dashboard, open the tunnel settings, click SSH Command, and copy the pre-built one-liner. Paste it into any terminal and the tunnel is active immediately, no binary installation required.
Full Use Case Reference
| Tunnel Type | Example Services and Workloads |
|---|---|
| HTTP / HTTPS | Web apps, REST APIs, webhooks (Stripe, GitHub, Slack), frontend previews, CMS platforms, admin panels, AI agent endpoints, MCP-compatible services |
| File Server | SFTP remote backups, WebDAV network drives, browser-based file sharing, DevOps artifact access, self-hosted storage |
| TCP | SSH, RDP, MySQL, PostgreSQL, MongoDB, Redis, SMTP, IMAP, MQTT, CI/CD agents, AI inference backends, agent workers, vector services |
| UDP | Minecraft, Valheim, CS2 game servers, VoIP and SIP, IoT telemetry, live media relay, WireGuard VPN |
| TCP + UDP Mixed | Multiplayer games (login + gameplay), communication tools (signaling + voice), media apps (control + stream), IoT gateways |
| Proxy (HTTP / SOCKS5) | Mobile proxy fleets, USB modem proxy nodes, geo-targeted routing, ad verification, privacy-focused traffic routing, device-backed proxy infrastructure |
Why Teams Choose Localtonet
Key Advantages
Frequently Asked Questions
What protocols does Localtonet support?
Localtonet supports six tunnel categories: HTTP/HTTPS (with automatic TLS), TCP, UDP, mixed TCP-UDP, file server tunnels (Default browser UI, SFTP, and WebDAV), and proxy tunnels (HTTP and SOCKS5). All tunnel types are managed from the same dashboard and REST API.
Do I need to manage SSL certificates with Localtonet?
No. Localtonet automatically provisions and manages TLS certificates for all HTTP tunnels. You do not need to configure certificates, set up Let's Encrypt manually, or handle renewals. This applies to both the default localto.net subdomain and to custom domains you bring.
Does Localtonet support UDP tunnels?
Yes. Localtonet supports full UDP tunneling for game servers, VoIP, IoT telemetry, live media relay, and other real-time services. This is a significant advantage: ngrok and several other competing tunneling services do not support UDP at all. Localtonet also supports a mixed TCP-UDP tunnel mode for applications that require both protocols simultaneously.
Can I expose localhost without port forwarding?
Yes. Localtonet works by creating an outbound encrypted connection from your device to Localtonet's servers. No inbound ports need to be open. This means it works behind NAT, CGNAT, corporate firewalls, and on mobile data networks without any router or firewall changes.
What is a mobile proxy tunnel?
A mobile proxy tunnel routes internet traffic through a real mobile device with a carrier-assigned IP address. With Localtonet's Android app, you can turn any smartphone into a remotely accessible HTTP or SOCKS5 proxy node. This is used for ad verification, geo-targeting tests, data collection, and building mobile proxy infrastructure. Localtonet manages the tunnel over an encrypted connection, so the device does not need to expose any ports directly.
Can I use Localtonet on multiple devices?
Yes. Localtonet supports multiple devices under one account. A separate AuthToken is required for each device. You can generate as many tokens as you need from the My Tokens page. Revoking a token disconnects all tunnels on that specific device without affecting others.
What is a reserved port in Localtonet?
A reserved port is a fixed port number assigned to your tunnel that stays the same every time you activate it. Without reservation, Localtonet may assign a different port each session. Reserved ports are useful for TCP and UDP services where clients and applications need to connect to a predictable, stable address. You can manage reserved ports from Add-ons in the dashboard.
What platforms does Localtonet run on?
Localtonet runs on Windows, macOS, Linux, Android, and Docker. The Android support is notable: Localtonet is the only major tunneling service with a dedicated Android app on Google Play and a native Termux package, making it suitable for mobile proxy infrastructure and server hosting from phones.
One Platform for Every Protocol
HTTP, TCP, UDP, file server, proxy. All tunnel types in one account. Start for free, scale as you grow.
Get Started Free →
