Learn how to configure reverse tunnel functionality for your UniFi controller when your local machine doesn't have a public IP address. This guide covers a reverse SSH tunneling setup that creates a secure connection between your private network and Spotipo's captive portal system.
Reverse tunnel technology enables remote access to UniFi controllers that operate behind network address translation (NAT) or firewalls. Instead of requiring port 22 to be publicly accessible, SSH reverse tunneling creates an outbound connection from your local port to a remote SSH server, establishing remote port forwarding for secure communication.
Why Set Up a Reverse Tunnel on UniFi?
Your UniFi controller likely doesn't have a public IP address accessible from the internet. Reverse SSH tunnelling solves this by:
Creating SSH connections from your local machine to external servers
Establishing secure connection pathways through firewalls
Enabling remote access without exposing your private network
Supporting tunneling work for captive portal integration
Prerequisites
Before configuring a reverse tunnel on your UniFi controller:
Administrative access to your UniFi device via command line
SSH daemon enabled or debug mode activated
Network connectivity for outbound SSH connections on port 22
Access to localhost 22 for local tunnel testing
1. Locate a script to run on your Unifi controller
On your Spotipo site, go to Settings->Unifi Settings->Gear Icon. From there, select what kind of controller you're using (Unifi OS for devices such as UDM, UCG, USG, UX, etc. , Self Installed Controller for your software controller running on a server.)
Use Self installed software for Self hosted controllers (Cloud hosted controllers can't use reverse proxy option). For everything else (UXDM,UDMP,Ultra, Express, CloudKey, etc.). Please use Unifi OS option.
β
β Next, select a Reverse Proxy option. Since you don't have any publicly available addresses that you can use to reach the controller.
After that, you will be greeted with a script. You will use that script to enable reverse tunnel, but first, it is necessary to enable either SSH or debug mode on your Unifi controller.
2. Using the script
This part of the setup requires having either SSH or Debug tools enabled on your Unifi controller. If you haven't already, please enable this.
Guide: SSH and Debug tools setup
Once you've used SSH or Debug tools to access your controller, copy the script generated in the previous step, paste it into the terminal and let it run. It usually takes around a minute or two for the script to finish running.
After the script has completed running, you should see the output similar to the one in the picture below.
You have now successfully created the reverse tunnel!
Next Steps for UniFi Integration
Your reverse SSH tunnelling configuration is now active. The established secured connection enables seamless integration between your UniFi controller and Spotipo's captive portal system, regardless of your local port or IP address limitations.
If you experience issues after running the script or don't see the expected status message, contact support via chat or at [email protected].
Once your controller connects successfully, complete the setup by following our main UniFi configuration guide.