Ngrok tunnel with Devolutions Gateway

Devolutions Gateway can operate behind Ngrok to add an additional layer of protection to an internal Devolutions Gateway installation or to allow an outbound tunnel when changing a firewall configuration is unavailable. Using Devolutions Gateway behind Ngrok is available for both Devolutions Server and Devolutions Hub Business. The Ngrok tunnel can be added to an already existing gateway by changing some settings in the gateway.json file.

Configure Ngrok

A paid subscription to Ngrok is required as the gateway needs to serve TCP traffic. The subscription also includes the use of custom domain names.

  1. Log into the Ngrok dashboard.

  2. Go to the Domains section which is under Cloud Edge.

  3. Click New Domain.

    New Domain
    New Domain
  4. Input the domain details and click Continue.

    Continue
    Continue
  5. Under Cloud Edge, select the TCP Addresses section and then click the New TCP Address button.

    New TCP Address
    New TCP Address
  6. Modify the information if needed and click Continue.

    Continue
    Continue

    It is advised to take note of the Domain, TCP Address, assigned TCP port as well as the Ngrok Authtoken.

  7. Go to Getting StartedYour Authtoken and click the Copy button.

    Copy
    Copy

Retrieve the Devolutions Server or Devolutions Hub Business provisioning key

  1. Log into the Devolutions Server or Devolutions Hub Business instance as a user with access to the Devolutions Gateway configuration.

  2. Go to AdministrationDevolutions Gateway.

  3. Click the More button and select Download public key.

    Devolutions ServerDevolutions Hub

This file needs to be accessible to the server hosting Devolutions Gateway behind Ngrok.

Install Devolutions Gateway with Ngrok

When using Ngrok with Devolutions Hub Business, the Devolutions Gateway Standalone web interface will be unavailable, therefore keep the Enable the Gateway web interface option unchecked. Devolutions Gateway Standalone requires a private provisioner key, which is not available with Devolutions Hub.

  1. Open a connection to the server hosting Devolutions Gateway and download the installer.

  2. Run the installer.

  3. Click Next.

    Run the installer
    Run the installer
  4. Once the desired installation path is selected, click the Next button.

    Next
    Next
  5. Check the Enable access over the internet using Ngrok option and click Next.

    Enable access over the internet using ngrok
    Enable access over the internet using ngrok
  6. Enter the Ngrok settings and click Next.

    Next
    Next
  7. Specify the path to the previously retrieved public key from Devolutions Server or Devolutions Hub Business and click Next.

    Public Key File
    Public Key File

    This key file must be accessible to the NetworkService account, which Devolutions Gateway runs as.

  8. Click Next and then click Install.

    Install
    Install

Configure Devolutions Server or Devolutions Hub Business

Devolutions Server

  1. Log into a Devolutions Server instance as a user with access to the Devolutions Gateway configuration.

  2. Go to AdministrationDevolutions Gateway.

  3. Click the Add (+) button and choose Gateway.

    Gateway
    Gateway
  4. Enter the previously retrieved details from Ngrok used to configure Devolutions Gateway.

    It may be needed to preface the Ngrok domain with https://. Auto-Detect will not work but Test connection will indicate if the Ngrok Domain is accessible.

  5. Click Save.

    Save
    Save
  6. Click the ellipsis (More) button next to the newly configured gateway and select Publish revocation list.

    1. If the Publish Gateway configuration option is available, it should be done before Publish revocation list.

      Publish revocation list
      Publish revocation list

Devolutions Hub Business

  1. Log into a Devolutions Hub Business instance as a user with access to the Devolutions Gateway configuration.

  2. Go to AdministrationDevolutions Gateway.

  3. Click the Add (+) button.

    Add
    Add
  4. Enter the previously retrieved details from Ngrok used to configure Devolutions Gateway.

    It may be needed to preface the Ngrok domain with https://. Auto-Detect will not work but Test connection will indicate if the Ngrok Domain is accessible.

  5. Go through any combination of Vaults, Groups or Users tabs to decide how the licenses will be distributed.

  6. Click Add.

    Add
    Add
  7. Click the ellipsis (More) button next to the newly configured gateway and select Publish Gateway configuration.

    Publish Gateway configuration
    Publish Gateway configuration
Devolutions Forum logo Give us Feedback