Skip to content

IoT Device Management

Connect and manage IoT device fleets with mesh tunnels. Raspberry Pis, sensors, cameras — each gets its own URL. No VPN or static IPs needed.

You have devices in the field — sensors, cameras, Raspberry Pis, industrial controllers. Each runs a local service. You need to reach any specific device from your office or monitoring system, but every single one is behind NAT.

Localport's mesh tunnels give each device its own URL without VPNs, static IPs, or complex networking.

Architecture

Your Dashboard / Monitoring System

    ├─ https://sensor-1.fleet.tunnel.localport.dev  → Sensor 1 (warehouse A)
    ├─ https://sensor-2.fleet.tunnel.localport.dev  → Sensor 2 (warehouse B)
    ├─ https://camera-1.fleet.tunnel.localport.dev  → Camera 1 (entrance)
    └─ tcp://sensor-3.fleet.tunnel.localport.dev:25003  → Sensor 3 (loading dock)

One mesh tunnel. One token. Every device individually addressable.

Deployment steps

1. Create a mesh tunnel

In the dashboard, create a mesh tunnel for your fleet. You get a single token that all devices share.

2. Install on each device

curl -fsSL https://get.localport.dev | sh
localport http 8080 --token FLEET_TOKEN --name $(hostname)

Using $(hostname) means each device automatically uses its hostname as its mesh name. You can also hardcode names if you prefer.

3. Set up as a system service

sudo tee /etc/systemd/system/localport.service << 'EOF'
[Unit]
Description=Localport IoT Tunnel
After=network-online.target
Wants=network-online.target

[Service]
ExecStart=/usr/local/bin/localport http 8080 --token FLEET_TOKEN --name %H
Restart=always
RestartSec=10

[Install]
WantedBy=multi-user.target
EOF

sudo systemctl enable --now localport

The %H in the systemd unit expands to the machine's hostname.

Addressing devices

Each device gets:

  • HTTP URL: https://[name].[tunnel-subdomain].tunnel.localport.dev
  • TCP port (if using the tcp protocol): tcp://[name].[tunnel-subdomain].tunnel.localport.dev:[port]

Your monitoring system, scripts, or dashboards just need to know the naming convention. No IP tracking, no port spreadsheets.

Reconnection behavior

Network hiccups happen in the field. When a device reconnects within 60 seconds, it gets the same address back — same port, same subdomain. Your monitoring dashboards don't need to update.

If the device is offline longer than 60 seconds, it gets a new port but keeps its name-based subdomain.

Design for reconnection

Name your devices predictably (by hostname, serial number, or location). Even if a port changes, the subdomain based on the name stays consistent.

Security

  • No inbound ports on devices — all connections are outbound
  • IP whitelisting (all plans) — restrict who can reach your devices
  • Token-based auth — revoke access from the dashboard without touching devices
  • URLs are not discoverable — you need to know the address to connect

Next steps

Previous Homelab Remote Access Next Expose a Local LLM