Security Best Practices

InTunnel is designed with security as a top priority. Follow these best practices to keep your tunnels secure.

Token Security

Your token is the key to your tunnel. Treat it like a password.

Do's

✅ Keep your token private
✅ Use environment variables to store tokens
✅ Regenerate tokens if compromised
✅ Use device binding for sensitive services

Don'ts

❌ Share your token publicly
❌ Commit tokens to version control
❌ Use the same token across multiple untrusted devices

Device Binding

Lock your token to specific devices to prevent unauthorized use.

How It Works

Go to Dashboard → Your Tunnel → Settings
Enable Device Binding
The first device to connect will be bound to that token
Other devices will be rejected

Resetting Device Binding

If you need to use a different device:

Go to your tunnel settings
Click Reset Device Binding
Connect from the new device

IP Whitelisting

Restrict tunnel access to specific IP addresses.

Use Cases

Internal team access only
Staging environments
Sensitive admin panels

Configuration

Go to Dashboard → Your Tunnel → Settings
Enable IP Whitelisting
Add allowed IP addresses (comma-separated)
Save changes

TIP

You can find your public IP at whatismyip.com

Two-Factor Authentication (2FA)

Protect your InTunnel account with 2FA.

Setup

Go to Dashboard → Settings → Security
Click Enable 2FA
Scan the QR code with your authenticator app
Enter the verification code
Save your backup codes securely

Recommended Apps

Google Authenticator
Authy
Microsoft Authenticator

HTTPS Encryption

All InTunnel tunnels use HTTPS encryption by default.

Traffic is encrypted between users and InTunnel servers
Valid SSL certificates are automatically provisioned
No configuration required

INFO

Your local service can run on HTTP. InTunnel handles HTTPS on the public side.

Network Security Tips

For Development

bash

# Only expose what you need
./intunnel -token YOUR_TOKEN -subdomain myapp -port 3000

For Production Testing

Use IP whitelisting to limit access
Enable device binding
Set up proper authentication on your local service

Reporting Security Issues

Found a security vulnerability? Please report it responsibly:

Email: security@intech-eg.tech
GitHub: Open a private security advisory

We appreciate responsible disclosure and will acknowledge your contribution.

Security Best Practices ​

Token Security ​

Do's ​

Don'ts ​

Device Binding ​

How It Works ​

Resetting Device Binding ​

IP Whitelisting ​

Use Cases ​

Configuration ​

Two-Factor Authentication (2FA) ​

Setup ​

Recommended Apps ​

HTTPS Encryption ​

Network Security Tips ​

For Development ​

For Production Testing ​

Reporting Security Issues ​