The tunnel client allows you to securely connect your local network or specific subnets to the platform. This guide walks you through downloading the correct binary for your operating system, generating a secure connection token, and executing the tunnel command.
flowchart LR
A[Dashboard UI] -->|1. Download Binary| B(Local Machine)
A -->|2. Generate Command| B
B -->|3. Execute Command| C["Secure Gateway"]Getting Started
To establish a tunnel, you will need to download the client executable and run it with a dynamically generated connection blob.
- 1
Download the binary
Navigate to the Network Configuration section in the dashboard. Select your operating system and architecture to download the client.
The file will download as
threatexploit-tunnel. If you are downloading for Windows, the system will automatically append the.exeextension. - 2
Configure your subnet
Locate the subnet input field in the dashboard. Enter the target subnet you want to route through the tunnel using standard CIDR notation (for example,
192.168.1.0/24).
The system will validate your input. Once validated, it automatically generates a unique connection token (blob) that is valid for 36 minutes. - 3
Copy and run the command
Click the COPY COMMAND button below the generated code block. Open your terminal, navigate to the folder where you downloaded the binary, and paste the command.
The Connection Command
When you copy the command from the dashboard, it will look similar to this:
chmod +x threatexploit-tunnel && sudo ./threatexploit-tunnel gateway --connect <YOUR_CONNECTION_BLOB>Command breakdown
| Command Part | Description |
|---|---|
chmod +x | Modifies the file permissions to make the downloaded binary executable (required for Linux/macOS). |
sudo | Runs the client with administrative privileges, which is often required for configuring network routing. |
gateway | Instructs the client to run in gateway mode. |
--connect | Passes the securely generated blob containing your subnet routing rules and authentication token. |
Connection tokens expire 36 minutes after they are generated. If you wait too long before executing the command, the connection will fail, and you will need to generate a new command in the dashboard.
Troubleshooting
Why does the command box say 'Enter a valid subnet'?
The system requires a properly formatted CIDR notation to generate the routing rules. Ensure your input includes both the network address and the routing prefix (e.g., 10.0.0.0/16 or 192.168.1.0/24).
What if I see a 'Failed to generate token' error?
This usually happens if there is a temporary network disruption or if your dashboard session has expired. Refresh the page, ensure you are logged in, and try entering the subnet again.
Do I need to run 'chmod +x' on Windows?
No, the chmod +x command is specific to Linux and macOS environments. On Windows, you can simply open an Administrator Command Prompt or PowerShell and run threatexploit-tunnel.exe gateway --connect <YOUR_CONNECTION_BLOB>.
