In the following example we will go through the Tunnel Step-by-Step Guide with an extra setup guide for the Raspberry Pi (RPI).

The idea is to make a Nabto P2P connection to make a TCP tunnel to the SSH server on a Raspberry PI so you can remote connect to the RPI using this TCP tunnel and SSH. 

You can read more about Nabto tunnels here.

The existing TCP Client application in the above drawing is the SSH client on the desktop and the existing TCP Server application is the SSH server on the RPI. The idea is to make an TCP (server) endpoint on the client that mirrors the server port on the RPI.

This of course itself is an useful application of Nabto, being able to remote connect to a RPI via SSH, but also is a simple way of establishing a proof-of-concept with Nabto. The encapsulation of SSH could of course be any type of TCP protocol, HTTP, telnet, SMTP, but in this example we just show SSH.

Step 1: Setting up your RPI

For further details and a more indepth documentaion, see the Rasperry Pi Documentaion.

Note: Before you begin, make sure to enable SSH either manually through the RPI interface in the Raspberry Pi Configuration, or through the command sudo raspi-config and Interfacing Options
Also make sure to be on the same wifi, both your PC and RPI in order to connect.

A freshly installed RPI comes with the hostname known as raspberrypiwhich is widely used to connect to the RPI commandline using the secure shell (SSH) protocol. SSH in turn needs the IP address of the RPI.

So, to begin with we will ping the RPI, and if the RPI is reachable, the IP will be shown, as seen down below.

Use the following command: ping raspberrypi.local

[[email protected] ~ % ping raspberrypi.local

PING raspberrypi.local ( 56 data bytes

64 bytes from icmp_seq=0 ttl=64 time=15.038 ms

64 bytes from icmp_seq=1 ttl=64 time=14.757 ms

Now we can use SSH to connect to the RPI command line, using the IP of the RPI.

Use the following command: ssh [email protected]<IP> (Where <IP> is the IP address of your RPI).

[[email protected] ~ % ssh [email protected]

You will be prompted to enter a password, for a freshly installed RPI this will be “raspberry”.

If everything is entered as previously stated, your command line text should turn green, as shown below, indicating a successful connection to the RPI command line.

You are now ready to execute commands on your RPI command line.

Step 2: Setting up Nabto cloud console and embedded SDK

Following the steps of the Tunnel Step-by-Step Guide for setting up an account in the Nabto Cloud Console, you should add a Public TCP Tunnel Client, like seen below:

Now go to Configurated Devices and create a new single device, like this:

Following the next steps of the guide, either follow the build instructions of the general SDK or download the pre-compiled binaries. In this guide, we will simply download and follow the steps of the general SDK from the build instructions.

Note: If CMake is not installed see the following link.

You have now successfully downloaded nabto-embedded-sdk, and can run the Nabto Embedded Tunnel Application. Find where you have installed the “nabto-embedded-sdk” folder on your RPI, afterwards insert the following command to go the correct sub folder:

cd _build && cd apps && cd tcp_tunnel_device 

You will now be able to use the next command from the Tunnel Step-by-Step Guide.

./tcp_tunnel_device –init

Afterwards you can see the steps in the guide and enter the product/device ID found in the Nabto Cloud Console.

If asked about new user roles, just select Standard.

After following the steps of the tunnel guide, you will be given a fingerprint and in my case, mine looks like this:


Now go back into you Nabto Cloud Console and insert the fingerprint into your tcp device, it should look something like this:

cloud console device configuration

Now click “Save”.

The device is now ready to roll, try typing the following command, which should now look like something from the guide:


Step 3: Setting up the client

In order to use the embedded device, we will need the client as well. This can be accomplished by following the guide.

The idea is to have the embedded part on the RPI and the client part on the PC.

First step is to download the client SDK, do this anyway you’d like, I will be using the terminal. I will install it to my desktop for easy access, and afterwards use the following command:

gh repo clone nabto/nabto-client-edge-tunnel 

Note: If “gh” is unrecognizable, I recommend installing it using brew: brew install gh 

Afterwards, follow the guide. 

After having installed and build the client application, there’s one last step. Depending on your OS, download one the contents of one of the following folders.

The contents are then pasted into the nabto-cleint-edge-tunnel/_build folder, and when everything is done correctly, you can now execute the following command.

./edge_tunnel_client –pair-local

Afterwards, it should look like the following:

Scanning for local devices for 2 seconds.
Found 1 local devices.
Choose a device for pairing:
[q]: Quit without pairing
[0]: ProductId: pr-w34yvehn DeviceId: de-3tfkvxfn

In this example, the device found is my own, your device will look different, but nonetheless, press the number corresponding to the right device. (In this case, 0)

Following the directions of the Tunnel Step-by-Step Guide, select the Local Initial pairing method, as seen below:

Connected to the device. ProductId: pr-w34yvehn DeviceId: de-3tfkvxfn
Several pairing modes exists choose one of the following.
[0]: Password Invite
[1]: Local Initial
Coose a pairing mode: 1

Step 4: Using the tunnel

The last part will essentially follow nabto’s Tunnel Step-by-Step Guide under the “Using the tunnel” part. 

We can now fully utilize nabto’s tunnel example, and with the following command:

./edge_tunnel_client –help

A list of possible commands and functions for the client command line can be seen.

Leave a Reply

Your email address will not be published.