Hi Everyone,
Today we are releasing Remotly Private Relay Server v2 for Windows
Version 2 of the Remotly Relay Server adds support for TLS and access password.
Please note that even without TLS each connection is end-to-end encrypted using RSA4096 and AES256, but if you need an additional layer of security you can now benefit from it. TLS uses extra CPU power as it preforms additional redundant encryption over the already encrypted stream.
Relay access password allows protection from using your private server by random users who get to know your server's IP address and port.
Please follow the tutorial below on how to setup your private relay server for Windows with and without TLS.
====================================================================================
1. Download and unzip
====================================================================================
To run your private relay server, you need to download the appropriate version of the relay build supported by the operating system which will run your server.
Available builds:
remotly-relay-windows-amd64.exe – Windows build (64-bit Intel/AMD)
remotly-relay-linux-arm7 – Linux build for 32-bit ARM with ARMv7 support
remotly-relay-linux-arm64 – Linux build for 64-bit ARM
remotly-relay-linux-amd64 – Linux build for amd64 (64-bit Intel/AMD)
In this tutorial we are focusing on Windows operating system.
Thus you need to download the following zip which contains all needed files:
After unzipping a new folder will be created with the following files:
- RelayGoConfig.json (configuration file)
- RelayService.exe (service file that starts the main relay service executable)
- remotly-relay-windows-amd64.exe (the Relay server itself, x64 version only)
====================================================================================
2. Configuration
====================================================================================
Before running remotly-relay please edit the RelayGoConfig.json file and provide a valid configuration:
Non-TLS configuration:
{
"tlsEnabled": false,
"key": "",
"cert": "",
"forceTLS": false,
"domain": "",
"port": 443,
"max_bandwidth": 40000000,
"allowed_bandwidth": 30000000,
"password": "PasswordPasswordPasswordPassword"
}
TLS configuration (TLS not mandatory if communication works without it):
{
"tlsEnabled": true,
"key": "provide absolute path to private SSL key in PEM format",
"cert": "provide absolute path to SSL certificate in PEM format",
"forceTLS": false,
"domain": "domain name assigned to relay server IP in DNS",
"port": 443,
"max_bandwidth": 40000000,
"allowed_bandwidth": 30000000,
"password": "PasswordPasswordPasswordPassword"
}
TLS configuration (only TLS encapsulated connections are possible):
{
"tlsEnabled": true,
"key": "provide absolute path to private SSL key in PEM format",
"cert": "provide absolute path to SSL certificate in PEM format",
"forceTLS": true,
"domain": "domain name assigned to relay server IP in DNS",
"port": 443,
"max_bandwidth": 40000000,
"allowed_bandwidth": 30000000,
"password": "PasswordPasswordPasswordPassword"
}
Parameter descriptions:
"tlsEnabled" – Enables or disables additional TLS encryption. Remotly uses end-to-end encryption even if this is disabled. If enabled, valid paths for "cert" and "key" must be provided.
"key" – Path to the private key of the certificate in PEM format. In JSON, escape backslashes (e.g., "C:\\Path\\key.pem"). Use an online JSON string encoder if unsure.
"cert" – Path to the full-chain certificate in PEM format. Same escaping rules apply.
"forceTLS" - Set to "true" to only allow TLS1.2 or TLS1.3 connections for this relay server. Both client and host must use TLS to communicate (encapsulate AES256 stream into TLS protocol).
"domain" - optional domain assigned to relay's IP address in DNS configuration (highly recommended as this is used for SNI)
"port" – Port number used by remotly-relay for communication.
"password" – To restrict access, provide a password of at least 32 characters. If left blank, the server runs without password protection. If any character is entered, the server will not start unless the password is at least 32 characters long.
====================================================================================
3. Running the server
====================================================================================
To test the configuration, start cmd.exe with administrator rights and run the server:
remotly-relay-windows-amd64.exe --config=RelayGoConfig.json
If no errors appear and logs are visible, test the relay connection by visiting:
If tlsEnabled is false: http://[relay IP address]:[relay port]/connectionTest
If tlsEnabled is true: https://[relay domain from certificate]:[relay port]/connectionTest
If everything is working, you should see the message: "OK" in your browser.
Note: The application does not stay online after closing the cmd/powershell console or restarting the OS. To ensure it starts automatically register it as a Windows service:
Copy files RelayGoConfig.json, remotly-relay-windows-amd64.exe, RelayService.exe into one folder (executable files are digitally signed).
Start cmd/powershell with administrator rights and navigate to the folder with files listed above.
Then to install the service run:
> RelayService.exe -install
Then to start the service run:
> net start "Remotly Relay Service"
To uninstall:
First to stop the service run:
> net stop "Remotly Relay Service"
Then to uninstall the service run:
> RelayService.exe -remove
====================================================================================
4. Registering the relay
====================================================================================
Log in to your account at remotly.com, go to CUSTOM RELAYS.
Click Add relay server and provide:
- IP address of your relay server
- Port(s) from RelayGoConfig.json
- Device name that will be visible in Remotly PC or mobile app
- Country code for this relay
- Password (mandatory to be the same as set in RelayGoConfig.json)
Once configured, when connecting to another computer with Remotly and Force Connect Anywhere enabled, you should see only the country code and name of your private relay server.
====================================================================================
TROUBLESHOOTING
====================================================================================
1. After entering https://[relay domain name provided in certificate]:[relay port number]/conectionTest or
http://[ip address of your relay]:[relay port number]/connectionTest in browser you see "OK" message but connection through relay ("Force Connect Anywhere" enabled) ends with connection fail.
Likely cause: your server is not accessible from outside your network.
Solution: configure port forwarding on your public IP to the server behind NAT. Test from an external browser to confirm.
2. After entering https://[relay domain name provided in certificate]:[relay port number]/conectionTest or
http://[ip address of your relay]:[relay port number]/connectionTest in browser you see "OK" message but connection through relay wtih "Force Connect Anywhere" enabled ends with connection through official remotly relay.
You probably forgot to add your custom relay to your Remotly account using the Remotly web admin panel.
3. Relay server is running but I can't connect to https://[relay domain name provided in certificate]:[relay port number]/conectionTest or http://[ip address of your relay]:[relay port number]/connectionTest from my browser.
If you can't connect to that address from your internal network, check if firewall on server does not block port opened by remotly-relay.
If you can't connect to that address from host outside your internal network but you can from host inside network it means that port forwarding on your network router is misconfigured.
Today we are releasing Remotly Private Relay Server v2 for Windows
Version 2 of the Remotly Relay Server adds support for TLS and access password.
Please note that even without TLS each connection is end-to-end encrypted using RSA4096 and AES256, but if you need an additional layer of security you can now benefit from it. TLS uses extra CPU power as it preforms additional redundant encryption over the already encrypted stream.
Relay access password allows protection from using your private server by random users who get to know your server's IP address and port.
Please follow the tutorial below on how to setup your private relay server for Windows with and without TLS.
====================================================================================
1. Download and unzip
====================================================================================
To run your private relay server, you need to download the appropriate version of the relay build supported by the operating system which will run your server.
Available builds:
remotly-relay-windows-amd64.exe – Windows build (64-bit Intel/AMD)
remotly-relay-linux-arm7 – Linux build for 32-bit ARM with ARMv7 support
remotly-relay-linux-arm64 – Linux build for 64-bit ARM
remotly-relay-linux-amd64 – Linux build for amd64 (64-bit Intel/AMD)
In this tutorial we are focusing on Windows operating system.
Thus you need to download the following zip which contains all needed files:
After unzipping a new folder will be created with the following files:
- RelayGoConfig.json (configuration file)
- RelayService.exe (service file that starts the main relay service executable)
- remotly-relay-windows-amd64.exe (the Relay server itself, x64 version only)
====================================================================================
2. Configuration
====================================================================================
Before running remotly-relay please edit the RelayGoConfig.json file and provide a valid configuration:
Non-TLS configuration:
{
"tlsEnabled": false,
"key": "",
"cert": "",
"forceTLS": false,
"domain": "",
"port": 443,
"max_bandwidth": 40000000,
"allowed_bandwidth": 30000000,
"password": "PasswordPasswordPasswordPassword"
}
TLS configuration (TLS not mandatory if communication works without it):
{
"tlsEnabled": true,
"key": "provide absolute path to private SSL key in PEM format",
"cert": "provide absolute path to SSL certificate in PEM format",
"forceTLS": false,
"domain": "domain name assigned to relay server IP in DNS",
"port": 443,
"max_bandwidth": 40000000,
"allowed_bandwidth": 30000000,
"password": "PasswordPasswordPasswordPassword"
}
TLS configuration (only TLS encapsulated connections are possible):
{
"tlsEnabled": true,
"key": "provide absolute path to private SSL key in PEM format",
"cert": "provide absolute path to SSL certificate in PEM format",
"forceTLS": true,
"domain": "domain name assigned to relay server IP in DNS",
"port": 443,
"max_bandwidth": 40000000,
"allowed_bandwidth": 30000000,
"password": "PasswordPasswordPasswordPassword"
}
Parameter descriptions:
"tlsEnabled" – Enables or disables additional TLS encryption. Remotly uses end-to-end encryption even if this is disabled. If enabled, valid paths for "cert" and "key" must be provided.
"key" – Path to the private key of the certificate in PEM format. In JSON, escape backslashes (e.g., "C:\\Path\\key.pem"). Use an online JSON string encoder if unsure.
"cert" – Path to the full-chain certificate in PEM format. Same escaping rules apply.
"forceTLS" - Set to "true" to only allow TLS1.2 or TLS1.3 connections for this relay server. Both client and host must use TLS to communicate (encapsulate AES256 stream into TLS protocol).
"domain" - optional domain assigned to relay's IP address in DNS configuration (highly recommended as this is used for SNI)
"port" – Port number used by remotly-relay for communication.
"password" – To restrict access, provide a password of at least 32 characters. If left blank, the server runs without password protection. If any character is entered, the server will not start unless the password is at least 32 characters long.
====================================================================================
3. Running the server
====================================================================================
To test the configuration, start cmd.exe with administrator rights and run the server:
remotly-relay-windows-amd64.exe --config=RelayGoConfig.json
If no errors appear and logs are visible, test the relay connection by visiting:
If tlsEnabled is false: http://[relay IP address]:[relay port]/connectionTest
If tlsEnabled is true: https://[relay domain from certificate]:[relay port]/connectionTest
If everything is working, you should see the message: "OK" in your browser.
Note: The application does not stay online after closing the cmd/powershell console or restarting the OS. To ensure it starts automatically register it as a Windows service:
Copy files RelayGoConfig.json, remotly-relay-windows-amd64.exe, RelayService.exe into one folder (executable files are digitally signed).
Start cmd/powershell with administrator rights and navigate to the folder with files listed above.
Then to install the service run:
> RelayService.exe -install
Then to start the service run:
> net start "Remotly Relay Service"
To uninstall:
First to stop the service run:
> net stop "Remotly Relay Service"
Then to uninstall the service run:
> RelayService.exe -remove
====================================================================================
4. Registering the relay
====================================================================================
Log in to your account at remotly.com, go to CUSTOM RELAYS.
Click Add relay server and provide:
- IP address of your relay server
- Port(s) from RelayGoConfig.json
- Device name that will be visible in Remotly PC or mobile app
- Country code for this relay
- Password (mandatory to be the same as set in RelayGoConfig.json)
Once configured, when connecting to another computer with Remotly and Force Connect Anywhere enabled, you should see only the country code and name of your private relay server.
====================================================================================
TROUBLESHOOTING
====================================================================================
1. After entering https://[relay domain name provided in certificate]:[relay port number]/conectionTest or
http://[ip address of your relay]:[relay port number]/connectionTest in browser you see "OK" message but connection through relay ("Force Connect Anywhere" enabled) ends with connection fail.
Likely cause: your server is not accessible from outside your network.
Solution: configure port forwarding on your public IP to the server behind NAT. Test from an external browser to confirm.
2. After entering https://[relay domain name provided in certificate]:[relay port number]/conectionTest or
http://[ip address of your relay]:[relay port number]/connectionTest in browser you see "OK" message but connection through relay wtih "Force Connect Anywhere" enabled ends with connection through official remotly relay.
You probably forgot to add your custom relay to your Remotly account using the Remotly web admin panel.
3. Relay server is running but I can't connect to https://[relay domain name provided in certificate]:[relay port number]/conectionTest or http://[ip address of your relay]:[relay port number]/connectionTest from my browser.
If you can't connect to that address from your internal network, check if firewall on server does not block port opened by remotly-relay.
If you can't connect to that address from host outside your internal network but you can from host inside network it means that port forwarding on your network router is misconfigured.
Last edited: