How Netrinos Edge Node Works

How Netrinos Works

Netrinos creates a secure private encrypted network between all of your devices. This allows devices within your network to communicate seamlessly as if they were on the same local network. Netrinos eliminates the need for complex routing or firewall configurations.

Each device in your network automatically receives a static IP address and DNS name on a private subnet that is not exposed to the public Internet. All communication within this private network is encrypted. Traffic always takes the most direct route, bypassing any central servers that could slow down performance or introduce security risks. The connections form a mesh structure where every node can talk to every other node directly.

To join your secure network, each device must run the Netrinos Client software and log in with a Netrinos account, creating a single private network for all devices associated with that account.

How Your Connections Work

Each device running the Netrinos software (node) will check in every minute or so with the Cloud Broker. Nodes keep checking in continuously throughout the day. 

The Broker's job is to keep track of the current public endpoint of each node. On each connection, it records the public endpoint (IP address and port number) that the connection originated from. In return, the client receives a list of endpoints of other nodes in your network. For instance, if a device changes networks, from a home network to a coffee shop, the endpoint will change. This change is promptly recorded and distributed to the other nodes within a minute or two. Then all of the members of your network will be reachable again.

Once Nodes have up-to-date endpoint information for the other nodes in your network, they can establish direct encrypted tunnels between them. From the end user's perspective, this mesh network looks like a normal LAN.

The Connection Process

  • Laptop contacts Broker
  • Reveals its endpoint
  • Receives connection details for other nodes
  • Desktop contacts Broker
  • Reveals its endpoint
  • Receives connection details for other nodes
  • Devices can now contact each other and form an encrypted connection
  • The connection is initiated by either end, whichever tries first

Edge Node adds NAT and Port Forwarding

The Edge Node edition is based on the regular Netrinos Client and adds Network Address Translation (NAT) and Port Forwarding capabilities. While typically running on small Edge Devices like a Raspberry Pi or other single-board computers (SBCs), the Netrinos Edge Node software can also be installed on full-size computers or servers. It requires a modern Linux distribution on either Intel or ARM architectures and currently does not support Windows or macOS.

Devices connecting to the Edge Node devices utilize the regular Netrinos Client software, which is compatible with Windows, macOS, and Linux operating systems.

Connections between a Technician's Laptop and the Edge Device within a home are established using the standard Netrinos Client, ensuring a private and encrypted connection. This connection bypasses the need for any configuration of customer equipment, as it seamlessly spans all network hardware.

The Edge Node software also features a NAT module with Port Forwarding, along with a Web UI for comprehensive management, all hosted on the Edge Device. Its functionality mirrors that of a typical home or ISP router, but with the added benefits of running on the existing edge device, being remotely configurable, and not exposing any services to the public internet.

Once port forwarding is configured, devices on the Home LAN can be accessed by any device within your private network, even if IP addresses conflict with other homes. This is possible due to the intermediate private network, which allows for seamless connectivity even if the Technician's Laptop and Edge Device have conflicting addresses.

Setting Up Port Forwarding

  • The technician opens the Netrinos Web Site in a browser and logs in
  • They see a list of all Edge Devices on their account
  • They click on the Edge Device they wish to contact
  • The Edge Device Web UI opens up via an encrypted tunnel
  • Log into the remote device
  • Initiate a network scan if it was not done previously
  • Browse the list of devices to locate the desired device
  • Open each device and configure the port forwarding
  • The Edge Node has no trouble accessing the local devices because they are on the same LAN
  • The Edge Node can also scan non-adjacent networks for devices. e.g. in the DMZ
  • Once configured, the device will be accessible via the configured URL
  • The connections happen via the encrypted tunnels and are not exposed to the public Internet
  • e.g. ->