Infrastructure Management Running the Tunnel Client

The tunnel client allows you to securely connect your local network or specific subnets to the platform. This guide walks you through downloading the correct binary for your operating system, generating a secure connection token, and executing the tunnel command.

flowchart LR
    A[Dashboard UI] -->|1. Download Binary| B(Local Machine)
    A -->|2. Generate Command| B
    B -->|3. Execute Command| C["Secure Gateway"]

Getting Started

To establish a tunnel, you will need to download the client executable and run it with a dynamically generated connection blob.

  1. 1

    Download the binary

    Navigate to the Network Configuration section in the dashboard. Select your operating system and architecture to download the client.

    The file will download as threatexploit-tunnel. If you are downloading for Windows, the system will automatically append the .exe extension.

  2. 2

    Configure your subnet

    Locate the subnet input field in the dashboard. Enter the target subnet you want to route through the tunnel using standard CIDR notation (for example, 192.168.1.0/24).
    The system will validate your input. Once validated, it automatically generates a unique connection token (blob) that is valid for 36 minutes.

  3. 3

    Copy and run the command

    Click the COPY COMMAND button below the generated code block. Open your terminal, navigate to the folder where you downloaded the binary, and paste the command.

The Connection Command

When you copy the command from the dashboard, it will look similar to this:

chmod +x threatexploit-tunnel && sudo ./threatexploit-tunnel gateway --connect <YOUR_CONNECTION_BLOB>

Command breakdown

Command PartDescription
chmod +xModifies the file permissions to make the downloaded binary executable (required for Linux/macOS).
sudoRuns the client with administrative privileges, which is often required for configuring network routing.
gatewayInstructs the client to run in gateway mode.
--connectPasses the securely generated blob containing your subnet routing rules and authentication token.

Connection tokens expire 36 minutes after they are generated. If you wait too long before executing the command, the connection will fail, and you will need to generate a new command in the dashboard.

Troubleshooting

Why does the command box say 'Enter a valid subnet'?

The system requires a properly formatted CIDR notation to generate the routing rules. Ensure your input includes both the network address and the routing prefix (e.g., 10.0.0.0/16 or 192.168.1.0/24).

What if I see a 'Failed to generate token' error?

This usually happens if there is a temporary network disruption or if your dashboard session has expired. Refresh the page, ensure you are logged in, and try entering the subnet again.

Do I need to run 'chmod +x' on Windows?

No, the chmod +x command is specific to Linux and macOS environments. On Windows, you can simply open an Administrator Command Prompt or PowerShell and run threatexploit-tunnel.exe gateway --connect <YOUR_CONNECTION_BLOB>.