If you’ve landed on this page, you likely already have a good idea of what ngrok is and what it does. For those that don’t, the reader’s digest version is that it’s a simple way to securely tunnel to a device that sits behind a firewall/NAT device. It’s a slick implementation that is easy to install and allows a few different tunneling options. For the purpose of this blog, we’re using ssh and eliminating the need for port forwarding on the firewall.

Here are step-by-step instructions for turning up ngrok ssh services on Cumulus Linux. Note that these instructions work on the default VRF. You’ll need to take additional configuration steps to get this to work on Cumulus Linux with mgmt VRF enabled.

First, install the unzip package from the repo

Then wget the ngrok application, or optionally add the appropriate repo to your /etc/apt/sources.list and use apt to pull the package. You’ll obviously want to find the appropriate package for your switch (x86 or ARM).

If you don’t know the download link, navigate to https://dashboard.ngrok.com/get-started and copy the link address on the web link of the download section (right click the download link to snag the url).

Next, unzip the package

Setup your auth token. You’ll get your auth token from the status page of your ngrok site.

Start the service

Service is running

Check Tunnel status on ngrok site. You should have a tunnel listed under your status page and it’ll include your session port.

Test your tunnel