Remote access for device fleets

Reach every device in your fleet.
Behind any NAT.

Your devices sit in customer networks you don't control. ProxyPass gives you secure access — no VPN, no port forwarding, no firewall changes on their end.

ProxyPass is a remote access platform for companies that deploy hardware or software into networks they don't own: EV chargers, digital signage, kiosks, vending, and on-premise installs.

See How It Works

Typical pilot: first invoice is €0.

proxypass — 4 nodes
node-7 Berlin ✓ reachable
node-12 Munich ✓ reachable
node-28 Vienna · CGNAT ✓ reachable
node-3 Hamburg · LTE — offline

3 online · 1 offline NAT · CGNAT · LTE
< 5 min from script to a reachable device
0 firewall changes on their side
100% outbound-only connections
EU 🇩🇪 hosted · GDPR compliant

Your devices are deployed.
Now you need to reach them.

Any business that puts hardware or software into networks they don't own faces the same problem. ProxyPass solves it.

EV Charging & Energy

Monitor and update charging stations deployed across parking garages, hotels, and corporate sites — without touching their firewalls.

→ push an OCPP config to 40 sites before 9 AM

💻

Digital Signage & Kiosks

Push content updates and pull diagnostics from screens and terminals in malls, airports, and retail locations.

→ RDP into the player stuck behind the mall's CGNAT

🏭

Vending & POS

Manage inventory systems, payment terminals, and vending machines sitting behind customer networks at scale.

→ pull last night's sales from 200 machines

🏠

IoT & Smart Building

Access Shelly, Tasmota, KNX gateways, and other HTTP-based devices in customer LANs through a simple REST call.

→ toggle a Shelly relay in a customer LAN with one REST call

🖥

On-Premise Software

Remote-maintain your software installations in customer data centers without requiring them to open ports or set up VPNs.

→ SSH into the on-prem box and ship a hotfix

🔧

Managed IT Services

Service and monitor infrastructure across all your client networks from a single pane of glass.

→ reach every client site from one console

Running devices in networks you don't control?

Deploy a node. Use it three ways.

Install a lightweight node on any machine in the target network. It connects outbound — no open ports, no firewall changes, no VPN needed on the customer side.

1

Deploy the node

Paste one script, hit enter. The node connects outbound and is live in under 5 minutes. Nothing to configure on the customer side.

$ curl -sSL "https://proxypass.cloud/api/downloads/install.sh?key=…" | sudo bash — that's the whole install
Linux + Docker Windows
2

Access the network

Use the node as a proxy, send API calls through it, or mount its files. Three modes, pick what fits your workflow.

Mode A — CONNECT Proxy

Like sitting at their desk

Point your browser, SSH client, or RDP at the proxy. All traffic exits from the customer network — full LAN and internet access.

Browser SSH RDP Any TCP Full Internet
Mode B — REST Bridge

One HTTPS call. Any LAN device.

Send a standard HTTPS request with three headers. ProxyPass relays it through the tunnel to any HTTP device behind the node and returns the response.

REST API Webhooks IoT Devices No Proxy Setup Automation
Mode C — File Mount (WebDAV)

Their files, your network drive.

Mount the filesystem behind the node as a network drive. Browse logs, pull files, drop in a patch — straight from your file explorer, no SSH session needed.

WebDAV Network Drive Browse Logs Pull Files

Why not just a VPN?

The honest comparison — against the three things teams usually reach for to access devices in someone else's network.

ProxyPass Site-to-site VPN Remote-desktop tools Port forwarding
Firewall changes on their side None Required Often Required
Customer IT sign-off needed No Yes Sometimes Yes
Works behind CGNAT / LTE Yes No Depends No
Scriptable access Proxy + REST + WebDAV Network-level GUI-first Per port
Reaches the whole LAN Yes Yes Single host Single service
Added attack surface None — outbound only Broad network tunnel Vendor agent Open inbound port
Cost model at 150 sites €699/mo, per node Hardware + config per site Per-seat licenses Per port + DDNS

Comparisons are against the general approach, not any specific product. Want the detail? See vs. VPN, vs. remote desktop, and vs. port forwarding.

The answer for your customer's
IT department.

Every deal in this market hinges on one question: "what does this do to our network?" Here is the answer you can give them — in writing.

What their IT sees

One outgoing TLS connection — traffic patterns indistinguishable from a routine software update check. Nothing inbound, nothing to scan.

Outbound only, by design

The node connects outward. No listening port, no inbound rule, no scannable surface added to the customer network.

End-to-end encrypted

All tunnel traffic is TLS encrypted. Data never leaves the tunnel unprotected, end to end.

EU hosted, GDPR compliant

Servers in Germany, data stays in the EU. Built for GDPR — not a US cloud with an EU label.

Ingress & egress control

Define exactly what a node may reach and what may reach it — rules per node and per group. Least privilege right at the tunnel.

Dedicated infrastructure at scale

Groups above 500 nodes can run on their own isolated server, up to 1 Gbit/s — on request.

Independently verified.

A public security report you can hand straight to your customer's IT department — no NDA, no sales call.

Read the security overview →
VerifiedApp verified security report

Per node. Not per request. Not per user.

Graduated volume pricing. Fair-use traffic included. No setup fees, no hidden costs. Billed by the day — you only pay for the days a node actually exists.

Nodes
Per Node / Month
1 – 99
€5.00
100 – 199
€4.00
200 – 399
€3.50
400+
€3.00
Example: 150 nodes = 99 × €5 + 51 × €4 = €699/month
Graduated tiers — each bracket billed separately. You always get the best rate.
Billed by the day: a node added on the 29th of a 31-day month only costs the remaining days — €5 × 2/31 ≈ €0.32, not a full month.
Groups above 500 nodes can run on dedicated, isolated infrastructure on request.

Questions buyers actually ask.

What is ProxyPass?

ProxyPass is a remote access platform for companies that deploy hardware or software into networks they don't own — EV chargers, digital signage, kiosks, vending machines and on-premise installations. A lightweight node makes outbound-only connections, so you reach your devices without VPNs, port forwarding or firewall changes on the customer side. It is not related to the Apache mod_proxy ProxyPass directive.

Do my customers need to change their firewall?

No. The node connects outbound over TLS, like any software calling home for updates. There is no inbound port to open, no firewall rule to add and nothing to configure on the customer network.

How is ProxyPass different from a VPN?

A site-to-site VPN needs configuration and sign-off on the customer's network and opens a broad link between two networks. ProxyPass installs a single outbound-only node, needs no customer-side IT involvement, works behind CGNAT and LTE, and exposes only the access you define per node and per group.

Which protocols are supported?

Three access modes: a CONNECT proxy for any TCP protocol (SSH, RDP, browsers, MQTT and more), a REST bridge that relays a single HTTPS request to any HTTP device on the LAN, and a WebDAV file mount that exposes the node's filesystem as a network drive.

What does my customer's IT department see?

One outgoing TLS connection from the node, with traffic patterns indistinguishable from a normal software update check. No listening port, no inbound traffic, nothing scannable. You can hand them our independently verified security report.

Is ProxyPass GDPR compliant?

Yes. Servers are hosted in Germany, data stays in the EU and the service is built for GDPR compliance — not a US cloud with an EU label.

What does it cost at scale?

Pricing is per node, graduated from €5.00 down to €3.00 per node per month at volume — for example, 150 nodes is €699/month. Billing is by the day, so a node added on the 29th only costs the remaining days (€5 × 2/31 ≈ €0.32). Groups above 500 nodes can run on dedicated, isolated infrastructure on request.

How fast can I get started?

Under five minutes. You paste one install command on any machine in the target network, it connects outbound and the device is reachable. Typical pilot onboarding is within 24 hours.

Ready to reach your devices?

Start a pilot. We onboard every customer personally to make sure your deployment scales from day one.

Typical pilot: first invoice is €0 · onboarding under 24 hours

An unhandled error has occurred. Reload 🗙

Connection lost

Attempting to reconnect...

Connection failed

The server is not reachable.