NoPorts Removes Your Attack Surface, Not Your Access
Zero-trust remote access. No open ports. No firewall rules. No VPN bottlenecks. Just invisible, encrypted connections to your devices.
NoPorts Personal
Free version perfect for home lab enthusiasts, hobbyists and more!
Get NoPorts PersonalNoPorts Personal is free forever. No credit card. Easy to set up.
Proud sponsor of FAFO
Winner | AI Agent Product of the Year
Gold Prize | Best Cloud Security Innovation
You Need Access.
You Don't Need Exposure.
You forward a port. Bots find it in minutes. Your auth logs explode. Or worse: your ISP stuck you behind NAT and there's no workaround.
NoPorts gives you zero-trust access to any device—home lab, Starlink workstation, that Pi in your closet—without opening a single inbound port.
No VPN bottleneck. No flat network risk. Just invisible, secure connections to the services you need.
How it actually works
No Open Ports
Outbound-Only Connections
- Both your client and your device make outbound connections to a rendezvous point. No inbound ports. No firewall rules. No attack surface.
- Port scanners see nothing. Shodan sees nothing. Your device is literally invisible to the internet.
- Works behind CGNAT, multiple NATs, and restrictive firewalls—because you're never waiting for inbound traffic.
atSign Identity
@device_name Instead of IP Addresses
- Self-sovereign. Cryptographically verified. No central registry to compromise.
- Forget dynamic DNS and static IPs. Every device gets a unique atSign identity (like
@mylabor@homeserver). - Your client discovers and authenticates devices by their atSign, not their IP. The device can move networks, change IPs, restart—doesn't matter. The identity stays the same.
End-to-End Encryption
Keys cut at the edge
- Encryption keys are generated on your devices and never leave them. The rendezvous point can't decrypt your traffic. We can't decrypt your traffic. Nobody can.
- Every connection is authenticated before a session even starts. Zero-trust by design, not as a marketing term.
- Your SSH session, your RDP connection, your data—all encrypted end-to-end with keys only you control.
Use cases & demos
The Invisible Homelab (SSH & Web Tunnels)
SSH into servers on private networks and tunnel web dashboards (like Proxmox or Home Assistant) to localhost—all without exposing a single port to the internet. In this demo, watch Colin connect to a private machine via SSH, then securely access a Proxmox web interface using TCP tunneling. No port forwarding. No VPN. Just invisible, encrypted connections.
Starlink/CGNAT
Starlink and 5G networks use Carrier-Grade NAT (CGNAT), making port forwarding impossible. In this demo, our CTO Colin accesses a Windows machine sitting behind a Starlink connection. No static IP, no port forwarding—just instant RDP access from a mobile hotspot.
Secure AI Development (Local LLM & MCP Servers)
Running local AI models or connecting Claude/GPT to your private data? Don't expose your Model Context Protocol (MCP) server or RAG pipeline to the internet. Jeremy shows how to give LLMs secure access to your local files, databases, and APIs—without opening ports or trusting cloud providers with your context.
Why we built this
Look, we're engineers too. We've all done the port forwarding dance, watched SSH brute force attempts pile up, and spent weekends rebuilding VPN configs.
Eventually we asked: why are we choosing between "exposed" and "complicated"?
So we built NoPorts—secure remote access that actually works, without opening ports or touching firewall rules. Behind NAT, over Starlink, wherever.
Open source. Free for personal use. Built by people who've been in your shoes.
FAQs for skeptics
Is this just a fancy SSH tunnel or reverse proxy?
No. Traditional tunnels still require a publicly accessible server with open ports—you've just moved the attack surface. NoPorts uses outbound-only connections from both sides to a rendezvous point, meaning there's literally nothing listening on the internet. No open ports anywhere. Your device is completely invisible to port scans, Shodan, everything.
How does this compare to Tailscale/ZeroTier/Cloudflare Tunnel?
Good tools, different approach. Tailscale/ZeroTier create mesh networks (you're adding devices to a VPN). Cloudflare Tunnel requires your traffic to route through their infrastructure. NoPorts creates direct, encrypted connections between specific services without putting devices on a shared network. No mesh overhead, no centralized traffic routing, no trust required in the middle. Your data is encrypted end-to-end with keys that only exist on your devices.
Can I see the code? Is this actually open source or "open core"?
Yes and yes. The atProtocol and NoPorts core are fully open source (BSD 3-Clause): github.com/atsign-foundation. We make money on Professional/Enterprise tiers (custom @signs, commercial use, support), not by hiding the tech. If you want to fork it, audit it, or build on it—go ahead. That's the point.
What happens if I try to use NoPorts Personal for a commercial purpose?
Using the free personal version for commercial purposes is a violation of our Terms of Service. We reserve the right to suspend or terminate your account if we determine you are using the free version commercially.
Sign up for our newsletter
NoPorts, developed by Atsign with our open-source SDK, represents the next generation of Internet technology—focused on simplicity, security, and privacy. For inquiries or feedback, please contact us.
