TCP and UDP tunnel links expose any non-HTTP service through ProxyLink — SSH, databases, VoIP, custom protocols.
TCP tunnels
TCP links require an active tunnel (VPN) — they cannot be created for non-tunnelled servers.
A random port in the range 10000–20000 is assigned automatically. Connect using:
Example — SSH access to a network device:
- Target:
192.168.1.1:22 (MikroTik SSH)
- ProxyLink URL:
tcp.proxylink.dev:17050
- Connect:
ssh admin@tcp.proxylink.dev -p 17050
UDP tunnels (VoIP / SIP)
UDP links are used for VoIP — SIP registration, RTP media streams. UDP tunnel links pass SIP and RTP traffic transparently.
Example — PBX behind a router tunnel:
- SIP port:
192.168.40.10:5060 → exposed as UDP on ProxyLink
- Phones register to ProxyLink’s SIP endpoint
- Calls work without a static IP on the PBX side
SSL termination on HTTPS ports
TCP links on ports 443, 8443, and 5001 automatically get SSL termination with a valid Let’s Encrypt certificate for tcp.proxylink.dev. This means web UIs that require HTTPS — Ubiquiti UniFi, Synology DSM, pfSense, OPNsense — show a trusted certificate in the browser with no manual cert setup.
For all other ports, connections are plain TCP (no SSL). Add HTTPS proxy links for those instead.
Use tcp.proxylink.dev (grey cloud, DNS only) for TCP/UDP links — not proxy.proxylink.dev. Cloudflare blocks non-HTTP ports.
