ClawKit Logo
ClawKitReliability Toolkit
Back to Registry
Official Verified

ztm-tunnel

Create and manage TCP/UDP tunnels between ZTM network endpoints. Use this to establish secure P2P port forwarding through the ZTM mesh network.

skill-install — Terminal

Install via CLI (Recommended)

clawhub install openclaw/skills/skills/caishu97/ztm-tunnel
Or

ZTM Tunnel Skill

Create and manage TCP/UDP tunnels between ZTM network endpoints.

Prerequisites

  1. ZTM Agent must be running

    ztm start agent

  2. Join a mesh network

    ztm join <mesh-name> --as <your-endpoint-name> --permit <permit-file.json>

  3. Tunnel app must be installed

    ztm app install tunnel

Concepts

  • Inbound: The local endpoint that listens for connections and forwards them to the remote
  • Outbound: The remote endpoint that receives connections and forwards them to target services
  • Tunnel: A complete connection consisting of inbound + outbound

List Tunnels

List all tunnels in the mesh:

ztm tunnel get tunnel

List inbound tunnels (local listening ports):

ztm tunnel get inbound

List outbound tunnels (remote targets):

ztm tunnel get outbound

Create a Tunnel

Scenario: Expose a local service to another endpoint

Step 1: On the remote endpoint (outbound), specify target services:

ztm tunnel open outbound my-tunnel --targets 192.168.1.100:8080

Step 2: On the local endpoint (inbound), set up port forwarding:

ztm tunnel open inbound my-tunnel --listen 0.0.0.0:9000 --exits <remote-endpoint-id>

This creates a tunnel where:

  • Local port 9000 listens for connections
  • Connections are forwarded to remote endpoint
  • Remote forwards to 192.168.1.100:8080

Quick One-Liner (Same Command on Both Ends)

Create both ends at once by running on respective endpoints:

# On endpoint A (listening side)
ztm tunnel open inbound tunnel-name --listen 0.0.0.0:9000 --exits <endpoint-B-id>

# On endpoint B (target side) 
ztm tunnel open outbound tunnel-name --targets 127.0.0.1:8080

Delete a Tunnel

Close the inbound end:

ztm tunnel close inbound my-tunnel

Close the outbound end:

ztm tunnel close outbound my-tunnel

Tunnel Details

View detailed tunnel information:

ztm tunnel describe tunnel tcp/my-tunnel

View inbound details:

ztm tunnel describe inbound tcp/my-tunnel

View outbound details:

ztm tunnel describe outbound tcp/my-tunnel

Common Use Cases

Access Home Server from Anywhere

# On home endpoint
ztm tunnel open inbound home-server --listen 0.0.0.0:22 --exits <office-endpoint-id>

# On office endpoint
ztm tunnel open outbound home-server --targets 192.168.1.10:22

Forward Web Service

# Remote endpoint exposes local web service
ztm tunnel open outbound web-tunnel --targets 192.168.1.100:80

# Local endpoint listens on port 8080
ztm tunnel open inbound web-tunnel --listen 0.0.0.0:8080 --exits <remote-endpoint-id>

UDP Tunnel (for DNS, VoIP, etc.)

ztm tunnel open outbound dns-tunnel --targets 8.8.8.8:53
ztm tunnel open inbound dns-tunnel --listen 0.0.0.0:5300 --exits <remote-endpoint-id>

Troubleshooting

Read Full Documentation on GitHub

Metadata

Author@caishu97
Stars1865
Views1
Updated2026-03-03
View Author Profile
AI Skill Finder

Not sure this is the right skill?

Describe what you want to build — we'll match you to the best skill from 16,000+ options.

Find the right skill
Add to Configuration

Paste this into your clawhub.json to enable this plugin.

{
  "plugins": {
    "official-caishu97-ztm-tunnel": {
      "enabled": true,
      "auto_update": true
    }
  }
}
Safety NoteClawKit audits metadata but not runtime behavior. Use with caution.