Skip to content
Switch branches/tags
Go to file
Cannot retrieve contributors at this time


About REMOTE REMOTE provides secure remote access to connected devices via HTTP or other TCP-based protocols and applications such as secure shell (SSH), secure file transfer (SFTP), Virtual Network Computing (VNC) or remote desktop (RDP). With REMOTE, any network-connected device running the REMOTE Device Agent software (WebTunnelAgent, contained in this SDK) can be securely accessed remotely over the internet from browsers, mobile apps, desktop, server or cloud applications.

This even works if the device is behind a NAT router, firewall or proxy server. The device becomes just another host on the internet, addressable via its own URL and protected by the REMOTE server against unauthorized or malicious access. REMOTE is a great solution for secure remote support and maintenance, as well as for providing secure remote access to devices for end-users via web or mobile apps.

Visit to learn more and to register for a free account. Specifically, see the Getting Started page and the Frequently Asked Questions for information on how to use this SDK and the included WebTunnelAgent executable.

There is also a blog post showing step-by-step instructions to connect a Raspberry Pi.

About This SDK

The REMOTE SDK is based on the POCO C++ Libraries. You may want to read README_POCO as well as it contains important information regarding the directory structure and the build system of the SDK.

The SDK contains the WebTunnel library, which implements the tunnel protocol used by REMOTE. Furthermore, the following executables are included:

  • WebTunnelAgent: This executable, also known as REMOTE Device Agent, runs on the device and creates the secure tunnel between the device and the REMOTE server. This is the most important component of the REMOTE SDK.
  • remote-client: This executable can run on a client machine (Windows, macOS or Linux) to create a secure tunnel from the client machine to the remote device, via the REMOTE server. It is required for tunneling TCP-based protocols not directly supported by REMOTE, such Modbus/TCP, OPC-UA, database connections, etc.
  • remote-ssh: This is a variant of remote-client that first creates a tunnel connection from your local machine (Windows, macOS or Linux) to the remote device, then launches a SSH client using that tunnel connection.
  • remote-scp: This is a variant of remote-client that first creates a tunnel connection from your local machine (Windows, macOS or Linux) to the remote device, then launches a SCP (Secure/SSH File Copy) client (scp) using that tunnel connection.
  • remote-sftp: This is a variant of remote-client that first creates a tunnel connection from your local machine (Windows, macOS or Linux) to the remote device, then launches a SFTP (Secure/SSH File Transfer Protocol) client using that tunnel connection.
  • remote-vnc: This is a variant of remote-client that first creates a tunnel connection from your local machine (Windows, macOS or Linux) to a remote device running a VNC (Virtual Network Computing) server, then launches a VNC remote desktop client using that tunnel connection.
  • remote-rdp: This is a variant of remote-client that first creates a tunnel connection from your local machine (Windows, macOS) to a remote Windows device (which must have the remote desktop feature enabled), then launches a Microsoft Remote Desktop (RDP) client using that tunnel connection.

The REMOTE SDK is licensed under the Boost Software License.

Pre-Built Executables

Pre-built executables for Windows, macOS and some Linux distributions (including Raspberry Pi OS) are available from the website.

Easy Install from Source (Linux and macOS)

The easiest way to install the above mentioned executables on a Linux or macOS system from source is to download and run the installer script with the following command:

$ curl | bash

The script should work on most Debian and RedHat-based Linux distributions including Ubuntu and Raspberry Pi OS. On macOS, Homebrew must be installed.

The script will install all required dependencies, then get the sources from GitHub and run the steps necessary (see below) to build and install the binaries in /usr/local/bin/.

If you do not want to or cannot run the installer script, please see the following instructions.

External Dependecies


The REMOTE SDK requires OpenSSL 1.0 or newer on Linux and macOS systems. We recommend using at 1.1.1l or newer. Note: OpenSSL 3.0 is not yet supported.

Most Unix/Linux systems already have OpenSSL preinstalled. If your system does not have OpenSSL, please get it from or another source. You do not have to build OpenSSL yourself - a binary distribution is fine. For example, via Debian APT:

$ apt-get install openssl libssl-dev

On macOS, the easiest way to install OpenSSL is via Homebrew:

$ brew install openssl@1.1

On Windows, OpenSSL is optional. The default (with CMake) is to build using Windows native SSL/TLS support. However, it's also possible to use OpenSSL instead. The easiest way to install OpenSSL on Windows is to use a binary (prebuild) release, for example the one from Shining Light Productions that comes with a Windows installer.


A C++ compiler (C++14 or newer) is required to build the SDK and applications. The system's default compiler (gcc on Linux, clang on macOS) should be fine on reasonably recent systems. On Windows, Visual C++ is recommended (any version from 2015 to 2019 will do).

CMake 3.2 (or newer) is the recommended way to build the SDK.

Installing All Dependencies (Linux and macOS)

All dependencies can be installed with the following commands:

Debian Linux (including Ubuntu and Raspberry Pi OS)

$ sudo apt-get -y update && sudo apt-get -y install git g++ make cmake libssl-dev

RedHat Linux

$ sudo yum install -y git gcc-c++ make cmake3 openssl-devel

macOS (with Homebrew)

$ brew install cmake openssl@1.1

Building with CMake (Linux, macOS, Windows)

CMake (version 3.2 or newer) is the recommended build system for building the REMOTE SDK.

$ git clone
$ cd sdk
$ mkdir cmake-build
$ cd cmake-build
$ cmake ..
$ cmake --build . --config Release

On macOS, it's necessary to tell CMake where to find the OpenSSL headers and libraries by setting the OPENSSL_ROOT_DIR CMake variable. For example, if OpenSSL 1.1.x has been installed with Homebrew, the cmake invocation becomes:

$ cmake .. -DOPENSSL_ROOT_DIR=/usr/local/opt/openssl@1.1

If you want to link statically with OpenSSL libraries (recommended on macOS), add the -DOPENSSL_USE_STATIC_LIBS=TRUE option, e.g.:

$ cmake .. -DOPENSSL_ROOT_DIR=/usr/local/opt/openssl@1.1 -DOPENSSL_USE_STATIC_LIBS=TRUE

Other common ways of building with CMake (e.g., cmake-gui) will also work.

There are also a number of project-specific CMake variables that can be changed, e.g., to build with OpenSSL on Windows.


With a proper CMake toolchain file (specified via the CMAKE_TOOLCHAIN_FILE CMake variable), the SDK can be cross-compiled for embedded Linux systems:

$ cmake .. -DCMAKE_TOOLCHAIN_FILE=/path/to/mytoolchain.cmake -DCMAKE_INSTALL_PREFIX=/path/to/target

Note: The resulting executables may contain debug information, which significantly increases their size. You should run xxx-yyy-linux-strip on the resulting executables to reduce their size before deploying them to the device.


The SDK can be optionally be installed by building the install target. However, in most cases this is not necessary. The resulting executables in the cmake-build/bin directory are statically linked per default and can be moved to any directory desired.

If required, the SDK header files and libraries can be installed with:

$ sudo cmake --build . --target install

The default install location is /usr/local/ on Linux and macOS and C:\Program Files (x64)\ on Windows and can be overridden by setting the CMAKE_INSTALL_PREFIX CMake variable.

WARNING: Be careful when installing to the default location if you also have the POCO C++ Libraries installed there, as both install locations are the same. If you need to install (e.g., in order to build the Remote Manager Gateway), specify an appropriate CMAKE_INSTALL_PREFIX.

Building on Linux and macOS with GNU Make

In addition to CMake, the GNU Make based build system from the POCO C++ Libraries is also supported.

The Easy Way

The easy way to build the SDK on Linux or macOS is to run the script:

$ git clone
$ cd sdk
$ ./

It will make the necessary invocations of the configure script and GNU make to build WebTunnelAgent and the client command-line tools, along with the required libraries. With this build, the required POCO libraries (Foundation, Net, Util, WebTunnel, Crypto and NetSSL_OpenSSL) will be linked statically into the final applications. If you don't want this, because you want to use other parts of POCO in your project and link the shared libraries, you'll have to run the necessary commands manually. You'll also have to do a manual build if your target does not have OpenSSL.

The resulting executables will be located in the bin directory.

For cross-compiling for an embedded platform, pass the name of a build configuration to the script. For example, to build for Angstrom:

$ ./ Angstrom

See the build/config directory for available build configurations. If there's no build configuration that fits your target, you'll have to create one yourself. This is best done by copying an existing one, making the necessary changes (typically, changing the name of the compiler and linker executables to match your particular toolchain, and modifying compiler/linker settings if necessary). Specify the name of your new build configuration in the call to

For more information regarding the build system, see the POCO C++ Libraries documentation at

A final note: only builds the release configuration. If you need a debug build, see below.

Customizing The SDK Build

To customize the SDK build, invoke the configure script and GNU make manually, as described in README_POCO.

$ ./configure --cflags=-DPOCO_UTIL_NO_XMLCONFIGURATION --no-tests --no-samples --static
$ make -s -j8 DEFAULT_TARGET=static_release
$ export POCO_BASE=`pwd`
$ cd WebTunnel/WebTunnelAgent
$ make -s DEFAULT_TARGET=shared_release

A few notes on the arguments:

  • --cflags=-DPOCO_UTIL_NO_XMLCONFIGURATION instructs the build system to omit support for XML configuration files. The result is that the PocoXML library does not need to be linked into the application, saving a few 100Ks of executable size.
  • --no-tests and --no-samples instruct the build system not to build the POCO sample applications and the testsuites.
  • --static instructs the build system to build static libraries.
  • DEFAULT_TARGET=static_release instructs the build system to only build the release configuration.
  • DEFAULT_TARGET=shared_release (in the second call to GNU make for building the WebTunnelAgent and command-line client executables) instructs the build system to link against the shared runtime libraries (C and C++ standard libraries, OpenSSL), but use the static POCO libraries (since only these are available).
  • WEBTUNNEL_ENABLE_TLS=1 enables SSL/TLS support for WebTunnelAgent and the command-line client tools.

If your system does not have OpenSSL, run configure and GNU make as follows:

$ ./configure --cflags=-DPOCO_UTIL_NO_XMLCONFIGURATION --omit=Crypto,NetSSL_OpenSSL --no-tests --no-samples --static
$ make -s -j8 DEFAULT_TARGET=static_release
$ export POCO_BASE=`pwd`
$ cd WebTunnel/Agent

For a cross-build for an embedded target, you must specify the build configuration in the call to ./configure and the final call to GNU make.

$ ./configure --cflags=-DPOCO_UTIL_NO_XMLCONFIGURATION --no-tests --no-samples --static --config=Angstrom
$ make -s -j8 DEFAULT_TARGET=static_release
$ export POCO_BASE=`pwd`
$ cd WebTunnel/WebTunnelAgent
$ make -s POCO_CONFIG=Angstrom DEFAULT_TARGET=shared_release