Hi Everyone,
Today we are releasing Remotly Private Relay Server v2 for Windows
Version 2 of the Remotly Relay Server adds support for TLS and access password that will be fully functional next week (after Remotly web admin panel update).
Please note that even without TLS each connection is end-to-end encrypted using RSA4096 and AES256, but if you need an additional layer of security you can now benefit from it. TLS uses extra CPU power as it preforms additional redundant encryption over the already encrypted stream.
Relay access password allows protection from using your private server by random users who get to know your server's IP address and port.
Please follow the tutorial below on how to setup your private relay server for Windows with and without TLS.
====================================================================================
1. Download and unzip
====================================================================================
To run your private relay server, you need to download the appropriate version of the relay build supported by the operating system which will run your server.
Available builds:
remotly-relay-windows-amd64.exe – Windows build for amd64
remotly-relay-linux-arm7 – Linux build for 32-bit ARM with ARMv7 support
remotly-relay-linux-arm64 – Linux build for 64-bit ARM
remotly-relay-linux-amd64 – Linux build for amd64
In this tutorial we are focusing on Windows operating system.
Thus you need to download the following zip which contains all needed files:
After unzipping a new folder will be created with the following files:
- RelayGoConfig.json (configuration file)
- RelayService.exe (service file that starts the main relay service executable)
- remotly-relay-windows-amd64.exe (the Relay server itself, x64 version only)
====================================================================================
2. Configuration
====================================================================================
Before running remotly-relay please edit the RelayGoConfig.json file and provide a valid configuration:
Non-TLS configuration:
{
"tlsEnabled": false,
"key": "",
"cert": "",
"port": 9443,
"max_bandwidth": 40000000,
"allowed_bandwidth": 30000000,
"password": "PasswordPasswordPasswordPasswordPasswordPassword"
}
TLS configuration:
{
"tlsEnabled": true,
"key": "/path_to_private_key/key.pem",
"cert": "/path_to_certificate/crt.pem",
"port": 9443,
"max_bandwidth": 40000000,
"allowed_bandwidth": 30000000,
"password": "PasswordPasswordPasswordPasswordPasswordPassword"
}
Parameter descriptions:
"tlsEnabled" – Enables or disables additional TLS encryption. Remotly uses end-to-end encryption even if this is disabled. If enabled, valid paths for "cert" and "key" must be provided.
"key" – Path to the private key of the certificate in PEM format. In JSON, escape backslashes (e.g., "C:\\Path\\key.pem"). Use an online JSON string encoder if unsure.
"cert" – Path to the full-chain certificate in PEM format. Same escaping rules apply.
"port" – Port number used by remotly-relay for communication.
"password" – To restrict access, provide a password of at least 32 characters. If left blank, the server runs without password protection. If any character is entered, the server will not start unless the password is at least 32 characters long.
====================================================================================
3. Running the server
====================================================================================
To test the configuration, start cmd.exe with administrator rights and run the server:
remotly-relay-windows-amd64.exe --config=RelayGoConfig.json
If no errors appear and logs are visible, test the relay connection by visiting:
If tlsEnabled is false: http://[relay IP address]:[relay port]/connectionTest
If tlsEnabled is true: https://[relay domain from certificate]:[relay port]/connectionTest
If everything is working, you should see the message: "OK" in your browser.
Note: The application does not stay online after closing the cmd/powershell console or restarting the OS. To ensure it starts automatically register it as a Windows service:
Copy files RelayGoConfig.json, remotly-relay-windows-amd64.exe, RelayService.exe into one folder (executable files are digitally signed):
Then to install run:
RelayService.exe -install
To uninstall:
RelayService.exe -remove
====================================================================================
4. Registering the relay
====================================================================================
Log in to your account at remotly.com, go to CUSTOM RELAYS, and click Add relay server. Provide:
IP address of your relay server
Port from RelayGoConfig.json
Password (if set, currently not supported)
Once configured, when connecting to another computer with Remotly and Force Connect Anywhere is enabled, you should see only the country code of your relay server.
====================================================================================
TROUBLESHOOTING
====================================================================================
1. After entering https://[relay domain name provided in certificate]:[relay port number]/conectionTest or http://[ip address of your relay]:[relay port number]/connectionTest in browser you see "OK" message but connection through relay ("Force Connect Anywhere" enabled) ends with connection fail.
Likely cause: your server is not accessible from outside your network.
Solution: configure port forwarding on your public IP to the server behind NAT. Test from an external browser to confirm.
2. After entering https://[relay domain name provided in certificate]:[relay port number]/conectionTest or http://[ip address of your relay]:[relay port number]/connectionTest in browser you see "OK" message but connection through relay wtih "Force Connect Anywhere" enabled ends with connection through official remotly relay.
You probably forgot to add your custom relay to your Remotly account using the Remotly web admin panel.
3. Relay server is running but I can't connect to https://[relay domain name provided in certificate]:[relay port number]/conectionTest or http://[ip address of your relay]:[relay port number]/connectionTest from my browser.
If you can't connect to that address from your internal network, check if firewall on server does not block port opened by remotly-relay.
If you can't connect to that address from host outside your internal network but you can from host inside network it means that port forwarding on your
network router is misconfigured.
Today we are releasing Remotly Private Relay Server v2 for Windows
Version 2 of the Remotly Relay Server adds support for TLS and access password that will be fully functional next week (after Remotly web admin panel update).
Please note that even without TLS each connection is end-to-end encrypted using RSA4096 and AES256, but if you need an additional layer of security you can now benefit from it. TLS uses extra CPU power as it preforms additional redundant encryption over the already encrypted stream.
Relay access password allows protection from using your private server by random users who get to know your server's IP address and port.
Please follow the tutorial below on how to setup your private relay server for Windows with and without TLS.
====================================================================================
1. Download and unzip
====================================================================================
To run your private relay server, you need to download the appropriate version of the relay build supported by the operating system which will run your server.
Available builds:
remotly-relay-windows-amd64.exe – Windows build for amd64
remotly-relay-linux-arm7 – Linux build for 32-bit ARM with ARMv7 support
remotly-relay-linux-arm64 – Linux build for 64-bit ARM
remotly-relay-linux-amd64 – Linux build for amd64
In this tutorial we are focusing on Windows operating system.
Thus you need to download the following zip which contains all needed files:
After unzipping a new folder will be created with the following files:
- RelayGoConfig.json (configuration file)
- RelayService.exe (service file that starts the main relay service executable)
- remotly-relay-windows-amd64.exe (the Relay server itself, x64 version only)
====================================================================================
2. Configuration
====================================================================================
Before running remotly-relay please edit the RelayGoConfig.json file and provide a valid configuration:
Non-TLS configuration:
{
"tlsEnabled": false,
"key": "",
"cert": "",
"port": 9443,
"max_bandwidth": 40000000,
"allowed_bandwidth": 30000000,
"password": "PasswordPasswordPasswordPasswordPasswordPassword"
}
TLS configuration:
{
"tlsEnabled": true,
"key": "/path_to_private_key/key.pem",
"cert": "/path_to_certificate/crt.pem",
"port": 9443,
"max_bandwidth": 40000000,
"allowed_bandwidth": 30000000,
"password": "PasswordPasswordPasswordPasswordPasswordPassword"
}
Parameter descriptions:
"tlsEnabled" – Enables or disables additional TLS encryption. Remotly uses end-to-end encryption even if this is disabled. If enabled, valid paths for "cert" and "key" must be provided.
"key" – Path to the private key of the certificate in PEM format. In JSON, escape backslashes (e.g., "C:\\Path\\key.pem"). Use an online JSON string encoder if unsure.
"cert" – Path to the full-chain certificate in PEM format. Same escaping rules apply.
"port" – Port number used by remotly-relay for communication.
"password" – To restrict access, provide a password of at least 32 characters. If left blank, the server runs without password protection. If any character is entered, the server will not start unless the password is at least 32 characters long.
====================================================================================
3. Running the server
====================================================================================
To test the configuration, start cmd.exe with administrator rights and run the server:
remotly-relay-windows-amd64.exe --config=RelayGoConfig.json
If no errors appear and logs are visible, test the relay connection by visiting:
If tlsEnabled is false: http://[relay IP address]:[relay port]/connectionTest
If tlsEnabled is true: https://[relay domain from certificate]:[relay port]/connectionTest
If everything is working, you should see the message: "OK" in your browser.
Note: The application does not stay online after closing the cmd/powershell console or restarting the OS. To ensure it starts automatically register it as a Windows service:
Copy files RelayGoConfig.json, remotly-relay-windows-amd64.exe, RelayService.exe into one folder (executable files are digitally signed):
Then to install run:
RelayService.exe -install
To uninstall:
RelayService.exe -remove
====================================================================================
4. Registering the relay
====================================================================================
Log in to your account at remotly.com, go to CUSTOM RELAYS, and click Add relay server. Provide:
IP address of your relay server
Port from RelayGoConfig.json
Password (if set, currently not supported)
Once configured, when connecting to another computer with Remotly and Force Connect Anywhere is enabled, you should see only the country code of your relay server.
====================================================================================
TROUBLESHOOTING
====================================================================================
1. After entering https://[relay domain name provided in certificate]:[relay port number]/conectionTest or http://[ip address of your relay]:[relay port number]/connectionTest in browser you see "OK" message but connection through relay ("Force Connect Anywhere" enabled) ends with connection fail.
Likely cause: your server is not accessible from outside your network.
Solution: configure port forwarding on your public IP to the server behind NAT. Test from an external browser to confirm.
2. After entering https://[relay domain name provided in certificate]:[relay port number]/conectionTest or http://[ip address of your relay]:[relay port number]/connectionTest in browser you see "OK" message but connection through relay wtih "Force Connect Anywhere" enabled ends with connection through official remotly relay.
You probably forgot to add your custom relay to your Remotly account using the Remotly web admin panel.
3. Relay server is running but I can't connect to https://[relay domain name provided in certificate]:[relay port number]/conectionTest or http://[ip address of your relay]:[relay port number]/connectionTest from my browser.
If you can't connect to that address from your internal network, check if firewall on server does not block port opened by remotly-relay.
If you can't connect to that address from host outside your internal network but you can from host inside network it means that port forwarding on your
network router is misconfigured.