Simple and secure peer-to-peer remote access to your home network Gizmos - in one-click
..because we love awesome technology...
What is the Nabto-box? Pronounced (nab-toe)
The Nabto-box takes the ability of peer-to-peer technology (like Skype) and allows you to remotely connect anything from anywhere, yes you read that correctly - ANYWHERE! Also, the ability of VPN to create a virtual network cable spanning long distances across the Internet, mix and stir and put it in a box. Well, that is pretty much it in a nutshell.
Peer-to-peer technology makes it easy to setup the direct connection, VPN technology makes your PC, smartphone and tablet think they are connected to a remote network. Join the two, put it in a box and you will wield the same power as large scale VPN solutions for accessing company networks. The only difference is that instead of being an advanced and complicated solution it is a seamless and easy solution in a small box, just plug it into your home network and it will deliver remote access to your home network from anywhere.
Always be connected to your home.. Imagine you could establish a remote connection to your home network just as easy
as you make a call on Skype or sending an email. One simple box located in your home connected to your network allows you to seamlessly create a remote connection and be connected to your home network with just one
Access anything connected.. You can access, readout the status and control your networked thermostats, stream files from your PVR or media server, view the output of your surveillance cameras, alarm-system, get files from your NAS box or file-server, stop or start your lawn irrigation system, pool control system, even if the devices didn't have an remote connect option installed... the possibilities are endless.
The final product we are aiming at
(we are changing the power socket to USB)
Nabto-box is a retrofit solution for non-remote accessible networked Gizmos. A lot of Gizmos are born with network capabilities (like Ethernet or WIFI) and some newer Gizmos can also be reached remotely with the right remote access APP or software (which btw. is what we normally do), however the vast majority of Gizmos was only designed with local network access in mind, combined with cumbersome remote access. This is not a direct reflection of the vendor, it's because remote P2P access is hard to do.
Increase value of your existing Gizmos
The Nabto-box will extend the functionality and value of your existing networked Gizmos by making them reachable from anywhere, don't you think it is a cliché that you are able to reach out to most of the world via the Internet, but not be able to reach your own home?Other usages - Be your own VPN service provider
When you connect to the Nabtobox, all traffic will be directed to the box and onto your home network. Therefore if you are surfing the internet your public IP address will be the current IP address of your router.
Occasionally internet services are bound only service customers to a specific IP range of specific geographic locations. Many streaming services for music and movies have only acquired the rights for the material for a certain geographic area. With a connection established to a Nabtobox on your home network to these services the IP address revealed will be the one from your home network.
Yes it can be done today; we just make it super easy...
Have you ever tried to setup Internet based remote access for Gizmos placed on your home network? If you have you will know that this can be an awfully cumbersome, teeth grinding and nail-biting experience, in which you might end up with no result, but a lot of waste of your time and hair-loss from extensive pulling.
Nobody likes to read thick heavy manuals ...
Setting up remote access involves reading
heavy technical manuals on how to configure your router/firewall with stuff
like Dynamical DNS, Port-forwarding, setting static IP addresses on your
gizmo, or maybe creating a SSH-VPN tunnel etc.
And sometimes it cannot be done...
Or perhaps your Internet Service Provider doesn't even allow you to administer your own router and firewall then you are really stuck!
Here's some examples from the web (sounds easy?):
Even if you successfully are able to get through all of the mumbo-jumbo firewall configuration and got it to work. Are you aware that you just created an open door for the whole internet to access your Gizmo? A black-hat hacker or script-kiddie with a port scanner and knowledge of a security breach could break into your home and immediately your network is exposed.
Now if you are an expert, coped with the firewall and you are even so smart that you setup some security measures (or so you think) and got it all right the Nabto-box can still be something for you. If we reach our goal the box not only delivers remote access to your home network, but also remote USB access and we even have an option with interfaces for the hardcore electronic geeks (UART and general I/O) for connecting other non-connected stuff (NB: both virtual P2P USB and UART & I/O are stretch goals).
How and what do I need to do?
You of course need to get your hands on the box. Then, you will need to connect the power supply and connect the Ethernet port to your router. Voila now the box is on your local network - and after a short installation of software you can connect to it from anywhere.
Let's take a peek at the steps involved - the software
You will need to configure the box when you are at home, so the box knows who you are and only letting you connect. This involves pairing your end-user device (PC or similar) and email with the box.
This is the steps involved in getting the box up and running:
Explained in more detail:
- Install the client software on your PC. The software will automatically discover the box and the box will automatically be able to see that you are connecting from the same local network and will assign you administrator permissions by default. The unique box name (identity) will be remembered by the client software and pair your box and PC (the ID of the box is something like: 4e12.nabtobox.net and this will be remembered by the software)
- The software will ask you about your email account and a password - don't fret! Behind the scenes: a private and public key will be generated and the public-key is sent to a CA and a certificate will be issued to you with the assigned email you typed. The private key will be protected with the password.
- Now go remote. Right click on the Nabto icon in your task-bar and click "Connect home" you will in matter of seconds be remote connected directly to your home network. What happens is that your operating system will detect a new virtual network interface installed by the software and all traffic on this network will be directed to the Nabto-box on your home network.
Right click on the Nabto icon and click "Connect home"
Isn't that Connect - Simple and Secure?
The Nabto-box ships mainly to Europe (EU and EFTA) and North America .
We have offices in both EU and United States, so we are sure we can get boxes to you in these locations. Also EFTA (European Free Trade Association) and countries with free trade agreements should be no problem. Please see http://www.efta.int/ (the free trade map).
If you order the "International Shipping" option we will promise to put your address on the box, pay for the shipping and deliver it to the mailing service. But you need to handle customs and import restrictions yourself (the box contains strong encryption). We will also promise to help you as much as we can with information etc., but we know from experience that international shipping can be troublesome.
Currently planned goal and stretch goals:
So now you’ve got the basics! This should be all you need to know if you
are interested in owning a Nabto-box or how to operate the product.
Keep reading if you want to know more about us as a company, our plan and how we are able to deliver on our promises. Some of the text is somewhat technical, we really try to make it easy to understand, but sometimes we fall short (we are engineers) so bear with us, or possibly help us help you.
TechnologyWhy not start with our passion...
The quick and dirty explanation of the concept for tech people: It's a Peer-to-peer VPN and port tunneling solution (which you probably already guessed).
A more detailed explanation:
A Virtual Private Network (VPN) interface is installed on your computer and a secure peer-to-peer connection is made from your computer to your Nabto-box on your home network. Your computer will be "fooled" into thinking it is directly attached to your home network and you can make the connections to your home Gizmos, as usual. You could also regard it as a very, very, VERY long network cable (just virtual) that is always connected from your computer to your home network.
Another method is to tunnel the underlying protocol, normally TCP, which is a well-known approach used in solutions like SSH. A P2P (Peer-to-Peer) based TCP tunnel is created from the client-end-user-device to the Gizmo on your home network. This TCP tunnel is normally the port 80 of a Web-server interface. A "channel" to the port 80 of the Gizmo is opened on the end-user-device (a port) and when f.x. the browser is communicating with this "channel" it is fooled to believe it is communicating with the web-server on the Gizmo.
The protocol underneath the VPN is the same type of P2P technology that you experience every day in products like Skype. Basically you use a well-known rendezvous point (a server) on the Internet to get two devices to collaborate and create a direct connection between them. The rendezvous point is just a place to exchange Internet addresses and other information of how the two device can meet up.
The rendezvous is done fairly quickly and will only transfer limited information between the parties to successfully create the final P2P channel. Once this P2P is established the rendezvous server is not needed and one server can hence be rendezvous point for multiple (not unlimited, but a fairly large number with at least 6 figures depending on the server hardware) clients and boxes.
You can read more about the basics of peer-to-peer connection establishment here:
Keep in mind.. our task is to hide all this and make it simple and secure for you. The NAT-traversal described in the above is quite simple; you are able to do different tricks to get a better results.
Read more on the Nabto software here:
Here you can also play around with the generic device software (Linux, Windows, and different embedded platforms). Notice, this is software for skilled embedded software engineers with an in depth understanding of software and Internet protocols:
What about security?
If every person on the Internet was able to just create a P2P connection to your box, off course we solved nothing, we just made things worse. A two way authentication system is designed as part of the rendezvous connection protocol; this protocol is based on the same mechanisms inside of the well-known SSL (TLS) protocol. Public key infrastructure is used to establish authentication and establish symmetric keys (AES), which then are used to encrypt the P2P communication channel.
Only authenticated persons will be able to make the remote connection once created, with the heavy encryption it will then be very secure.
The specific ways to interface the remote connection
There are 4 ways to interface the remote connection. Although it is possible with the hardware this is not all inclusive, if our goals are exceeded it will be included.
Virtual network P2P access. A virtual network interface will be created on your client device. When activated it will create a P2P communication channel with the Nabto-box and to your client device with the software running on it, it will resemble the client device connected to your home network. This is not always possible - it requires that the two networks are not in the same IP range to avoid conflict. When two Gizmos are assigned to the same IP address, the one on your home network and the other located on the network you are currently attached to, the software is unable to determine which Gizmo you actually want to talk to. Ways to circumvent this (disabling your local network traffic or advanced NAT techniques) exists, but this is definitely not for the first versions of the software. Another way to accomplish what you want is TCP port tunneling.
TCP port tunneling. A specific communication port on your Gizmo will be forwarded and bound to a port (normally the same) on your client device (PC, smartphone or tablet). When you
access this port on your local client device a P2P connection will
automatically be setup to your Gizmo forwarding all traffic back and
Our long-term goals are identified with the remaining two ways:
Stretch goal 1: GPIO. Since the NXP LPC1758 SoC (System on Chip) has many general purpose IO's and we want to make a PIN out header on the board and make software for easy accessing both digital and analog interfaces. By doing this, the box can be used to connect to all kinds of electronics and sensors. Here is an example of how you can connect a relay to PIN's on another board we have done: http://www.youtube.com/watch?v=a_OOZYgIYHQ
Stretch goal 2: Virtual remote USB. Since the NXP LPC1758 SoC is born with a USB OTG interface it could be possible to access non-connected
gizmos via USB. Most SoC's are born with a USB interface, so if this options is included similar to the virtual network interface above, you will be able to remotely reach the USB interface via a virtual USB interface on your client device. The only requirement would be that the gizmo would have USB
interface and you are then able to seamlessly remote access it from
anywhere. Simply activate the virtual USB interface and tell it to connect to the USB interface on the Nabto-box. Your client device will think it is a local USB port. We have experienced issues with this. Combination of high latency connections (let's say across the Atlantic) and bad USB protocol designs can be a challenge (100ms latency combined with a one byte request/response protocol makes a 10 bytes/second transmission rate). This will only be available for Windows, Linux and Mac.
What We Need & What You Receive
We have a proof-of-concept prototype currently up and running, both hardware and software. In order to complete this and start production the time and cost to manage these tasks are needed.Below, you will find a picture of a prototype of the enclosure of the final product. The box contains sockets for Ethernet, USB and Power sockets. However, on the final product we will do a row of holes with LED-light guides for colored LED's on the PCB that will indicate the status of the device.
Makerbot print of early enclosure prototype
The base station is planned to run in Amazon EC2 services. Been there, done that. TCP tunneling is already part of the basic software. We have a prototype of a P2P-VPN solution, but it will need some adjustments and a lot of testing. Also we have a P2P virtual USB prototype solution, but this will definitely require some work, why we also will do it as stretch goal.
The board will be completed based upon an existing design, with a track record of years of proven stability and tolerance to heat, cold, moisture, and housewives banging with vacuum cleaners. The only portion that will be enhanced is the MCU, and the UART to RS485 level converters and RJ45 sockets (not the Ethernet) etc. will be dropped. It has to be a little more compact, but otherwise it is the same board. The USB socket and connection has to be enabled (you can spot the pin-outs just behind the black RJ45 on the right side).
The SoC (system on chip) will be a LPC1758FBD80, ARM cortex M3, 100Mhz, 512kb flash, and 64kb of RAM. Ethernet and USB OTG. A SoC in a LFPQ casing that people (with a very steady hand and a lot of patience) are able to hand solder "easily" (as opposed to BGA). With more power for the purpose, a lot more than the current need. We have concluded it would be nice and could come in handy later and all while being cost efficient.
You could ask, why not WIFI? Well, for simplicity reasons and cost-efficiency. To plug a box into a home network (the router or similar) this is something everyone can do. The box doesn't need mobility, as long as it is on the network it doesn't matter where it is physically placed. Ghz signals are also as close to magic and wizardry as you can get (PCB wiring is not just "wiring" anymore in the Ghz spectrum, why we would like to stay in the Mhz spectrum).
The RTOS and device software
The box will run FreeRTOS. This is a very small real time Operating System using very limited resources. The box could probably be done just running a simple scheduler loop, but having a RTOS is nice for all the reasons we currently don't know about.
Our standard supplier of (switching) power supplies needs a MOQ of 1000 pcs. If we cannot get to that, we'll find a replacement from a distributor. We started out with a 3.5x5.5mm power socket on the box. But due to request we are changing it to micro USB power in the process guessing its easier to come by and more standardized.
This is probably the largest pain. Doing plastic enclosures is difficult. To get the right quality, match the PCB, get the holes to match the sockets on the PCB, draft angles, and with just the right amount of spacing, not too much and not too little. We have experienced sub-suppliers who mirrored the 3D CAD drawings, supplying us with enclosures with everything right, in a mirrored Doppelgänger world, that is. The first prototype will be done on our own Makerbot Replicator 2, after 2-3 enclosures will be printed on a SLA machine (or similar).
If you own a 3D printer or have one available, you will be able to print the enclosures, in house. We will upload the drawings when finished.
Enclosure done in FreeCAD
What is our plan?
This is our plan:
- The first early prototype PCB rolls of 10 pcs, will not be public. Hopefully will be right in first shot (since we are reusing an old design with modifications). But we plan a second test-roll and possible third (hope not). We will do this when the campaign is running.
Hardcore tech-backers - Alpha release: First test production run will be 50 pcs available. We want to find people out there who can help test the boards but also test the first software shipments doing peer-to-peer transmissions and obtain results from various types of firewall and internet setups in conjunction with the board. We call this group "Hardcore tech-backers". This shipment will be the board alone with appropriate rubber/plastic spacers on the backside, i.e. low WAF. There will not be any fancy enclosures, but we will release the drawings (both the FreeCAD and STL) so the option to 3D print one would be available. The firmware would be an ALPHA firmware and only include basic functionality like the RTOS, IP stack and remote P2P TCP tunneling firmware when we ship it. But, it will be installed with a Ethernet based bootloader (our own TFTP based one) so you can upgrade it with the new versions of the firmware with any PC. New firmware versions would be continuously released. This initial batch is only for people with a fair amount of technical knowledge (and patience). All of the source code will be included together with instructions on how to compile, flash and debug if you choose to help us. In our software stack you would have the ability to (via the local network) get debug traces from the firmware. When in debugging mode the box will broadcasts all "trace" commands from the firmware (which can be gathered by special supplied software). Further, we have a plugin for Wireshark so it is simple to follow the network transmissions. The board will have a status of evaluation kit, so it will not be run through certifications (CE and etc.). To the hardcore techies, the board itself should be valuable as a way to play with FreeRTOS on an Internet connected and well-equipped board. Our goal is to have this completed and shipped by mid-September.
Beta tester: After the alpha tests, we will need a larger population of beta tester that actually test the board. This batch will be 250 pcs. It will include the first BETA of the production version of the firmware, which would be a more stable release and with more features implemented. This is a batch for people who are used to dealing with technology, but you don't need to be a hardcore C-programmer. At this stage the firmware should work and be error-free in most environments. The user tools would be packaged in neat applications (mostly error free), however we expect that you probably need to flash one or two new firmware versions to get full capabilities. This batch should be fairly "non-brickable"... but no promises. Target date: Late September or early October.
Adventurous: The next batch will be 500 pcs and will be the final shot at the production firmware (release candidate). It will be delivered with all client software packaged in nice GUI's, firmware that is 99.9% error free and a hardware that is stable. This will be the first batch in a plastic enclosure. Target date: late October.
Final product - early bird discount: For people who are early, who love the concept and just want the functionality, which would have been tested by all the backers before them. Only 1000 available. Target ship date: late November.
- Final product - retail discount: The final product. The is similar to the early bird, at a discounted retail price and including shipping. Also you would get early access due to the not being available on the market before Q1 2015 (at the earliest). Target date: Middle of December or it might be bundled with the late November shipment.
- Final product - retail price including shipping: The final product. This is similar to the early bird and retail discount. The price is the planned retail price but it including shipping as a discount and early access since the product not being available on the market before Q1 2015. Target date: Middle of December or it might be bundled with the late November shipment.
Our calculations determine we need to get past 1800 (around $75,000) backers to get past the point of the raw costs of hardware design, components, PCB and enclosure design and prototyping, molds for plastic enclosures, plastic enclosure production and the device software development costs, not to forget packaging and logistic costs. Also, we need to setup the cloud infrastructure and surrounding software. We know that even though we have planned this very thoroughly, something will happen, so we have included a buffer.
Our rough budget of our spending:
1800 backers will definitely not make us rich, we will have to invest all of our time and energy but we just love technology - we can't help it. The rough budget above is actually made on 3000 backers (firmware and software is somewhat fixed cost), so with more backers, there is more money for production.
The source codes and the schematic design of the box will be available, but not as free Open Source, all rights will be reserved. However we will supply you with the option of seeing what the box is running and allow you (if interested) to help us debug and possible even extend functionality and be creative. You will be able to flash it with a clean FreeRTOS and on that you could build your own application.
Why? Well, most of the source code is the Intellectual Property of Nabto and it has required fairly large investment. With this being the case, the software cannot be free, but we try to be as open as possible.
The team and the storyThe team is actually made of a cross-company team. All of us have worked together on existing projects so it's a well-knitted team of experienced members, all of who are experts in their field.
We are a small, Danish company started in 2007. We make software for doing peer-to-peer direct remote access to small electronic based devices via the Internet. The software is put into devices like surveillance cameras, alarm systems, air conditioners, heating systems, building controls, sky-lights, industrial controls, solar-inverters, wind turbines, pretty much everything that runs on electricity. We sell this software to vendors, most of them you may be familiar with. We then, help them incorporate our software into their devices and applications, so the end-users of the vendors get better and universal access to the products; this in turn increases the value of the product.
We have been asked numerous times about packaging our product into a box for retro-fitting existing device, gizmos and solutions. Each time we said no thanks, we don't want to do that, too much risk, and it is not our job. What about marketing and how could we reach the market?. Then one customer told us, why don't you launch a crowd-funding project? He explained what that could do for us. So finally we thought, well let's try putting it out there, if the demand is found to be high enough, we will do it. There is nothing stopping us!
What's the deal with the funny N?
The idea of the "funny" N is that it represents a bridge, creating a connection from one "leg" to the other.
Bridge from A to B
Nabto is an abbreviation for "Network Access Bridge TO" (like mailto:). Which is essentially what we do. Creating network bridges (remote access) between end-users and devices making the end-users able to read-out and gain knowledge about devices and control their devices from anywhere. The platform enables universal secure remote access to the devices, but you can read more about Nabto on out website.
The team at Nabto
Team at Nabto that will work on the project:
- Carsten Rhod Gregersen, founder and CEO of Nabto. Overall management of the project.
- Ulrik Gammelby, CTO of Nabto. Coordinate software development and technical management, while keeping up with milestones.
- Michael Madsen, All-round Developer at Nabto. Software development on cloud infrastructure, firmware, USB and VPN integration.
- Martin Rodalsgaard, Developer, primary HTML5 and user-interface design. Apple iOS and Android specialist.
- Jan Kullebo, Developer. Embedded firmware and board integration, and some user-interface design.
- Claus Anders, Developer. Mainly firmware. Key responsibility: Bootloader and production tools.
- Klaus Bay Madsen, Developer. Basestation and Windows integration.
We will commit more people if necessary.
FreeRTOS is both supplying the RTOS and more specific helping with getting the basics of the board up and running. Richard Barry the founder of FreeRTOS is the primary team member from FreeRTOS.
Read more about FreeRTOS
Majust is a hardware consultancy company with lots of experience in both creating hardware but also supplying the surrounding software. The main teammember from Majust is Jakob Justesen doing all the hardware, schematics, PCB wiring, soldering of prototypes, electrical certification etc. His co-founder Søren Madsen will maybe also be assisting with this project.
We have entities and offices in both Europe (Nabto ApS) and US (Nabto Inc.), the one in Denmark being our Headquarters, the US office primarily handling North American sales. We can ship to both EU and the US without much trouble (with customs).
So the product will be shipped to both EU and US.
If there is significant interest from international backers, we will re-evaluate and possibly add an international option (outside US and EU). To be honest we already have experience with international exporting, so we are aware of the kind of trouble with f.x. customs we can run into, so we know it is not something we should do just for the "fun" of it.
Risks & Challenges
The majority of the parts of the solution is already running in our lab.
Supplying remote access on low-cost hardware to our customers is our main business since 2007, so we don't see many risks in getting the technology to work, that is kind of our normal bread and butter. An example of a project done in-house is the Nabduino board.
The simple, remote access evaluation Nabduino board:
Which is already selling around the world:
(it's a product mainly for embedded tech people..)
So we know what we are doing.
What we already have:
- Prototype board with power regulation, Ethernet and USB. The basic board has been running the last 2 years for another project, so we are fairly confident of the "basics".
- The basic networking VPN layers on Linux and Microsoft via tuntap - command line.
- TCP Port tunneling - command-line
- USB virtual remote via USP-IP project
- Enclosure design and printed 3D prototypes
- Identified and tested power supplies
The basic functionality is up and running, but there is still some way to go before it is packaged into a simple, nice product.
What needs more work?
- Adjust the current board so that it uses the LCP1758, power regulation and the "environment" should be fine. Some adjustment of LED, and the PCB needs to be a little smaller for the planned enclosure
- Package the command line tools into a nice GUI
- Cleanup the VPN code
- Obtain a sub-contractor to create a plastic mold for the enclosure with the right dimensions and holes for the USB, power and Ethernet sockets.
We have been doing production runs together, with and for customers as sub-contractors. Production of hardware is a risky business, short supply of components, receiving bad quality parts from sub-suppliers, receiving late shipments, finding alternative parts and getting them, any sudden change in production plans, quality testing and getting certification, the list goes on and on.. but, our team has dealt with this before.
This is not a no-risk operation, by any means, but we have been there and done it before. With the right amount of coffee, hard work and sweat (not to mention pizza, cola and angry wives/girlfriends waiting on us angry with frying pans "in-hand" when we get home late at night) we will get there again.
Extending the product
We have the following ideas beyond stretch-goals:
Wake on LAN (remote boot)
- LUA support so you can program the device
- WIFI via USB dongles
- Automatic discovery and integration to certain gizmos. That is if the box sees Gizmo's it knows about, it can do some magic to make easier for integration for the end-user (more than just generic port forwarding or P2PVPN). We will need backer help for this. We would need to know the MAC address range or something similar to discover and identify the Gizmo and what TCP ports to redirect automatically.
Other Ways You Can Help
If you are not able to contribute monetarily, but still wants to help. Help us:
- Get the word out and make some noise about our campaign.
- Or if you want to contribute with good ideas of what we can put into the firmware. We have chosen a rather large SoC, so we have room to expand.
- Are you proficient at coding? Especially people with Linux, Windows, Mac TUN/TAP or USB experience. You are welcome to join us!
Frequently Asked Questions
The hardware price seems high compared to others like Raspberry PI?
This is not just a hardware project, this is a product. Think of this as all-in-one software, enclosure, logistics, etc. We want to deliver a quality product and if the backing doesn't make room for that, we would rather not do the project. We believe the value of the product is high enough to carry the cost and if not, we will just let it be.
Why the NXP part and not X, Y, or Z part?
The LCP1758 is a neat MCU/SoC. Lots of power for a fair price. Ethernet and USB (along with a ton of different other I/O options we are not using in this project). We have other projects running on a similar NXP part and it has proven to be very stable and easy to work with. We find GCC support a major requirement. Yes other embedded compilers might be 5-10% better, but having an open tool-chain makes things so much easier, especially when working in a multi-contry and multi-group code project.
Why not a Linux (or Windows Embedded) based box?
We love Linux. We are all fans of Linux, but we need to chose the right tool for the job. The intention is not to create a multipurpose box, though with the right tools it can be modular and extendible (LUA). Running Linux would also require a faster processor, more memory, and more complexity. Using our generic hardware abstraction layer we might make the device software able to run on a Linux box, but that would be a very late milestone.
We have an existing relationship with the founder of FreeRTOS Richard Barry. We have a fairly amount of experience with the RTOS, that's why. Choosing something new would infer risk, and nobody likes risks.
..because we love awesome technology...