Seamless Inbound Remote Access via Starlink

Enable secure, remote access to your Starlink network connected systems including cameras, routers, NAS, remote desktops, building management systems, and even industrial control system network. 

Reduce the time, cost, and complexity of connecting with precise control over user access and permissions.

No public IP, no VPN, no port-forwarding needed.

cyber-insurance-compliance

The lowest cost tier of Starlink doesn’t allow inbound VPN connections, port-forwarding, or any type of DMZ scheme as it uses IPv4 and Carrier-Grade NAT (CGNAT), meaning there are a limited number of public IP addresses (read more). Conventional workarounds for these connectivity constraints, such as a reverse VPN, are complex, expensive, and could introduce security risks.

Read more about how Agilicus AnyX achieves similar objectives of port-forwarding (more securely) with Starlink.

The easiest way to achieve remote connectivity to Starlink connected systems is through Agilicus AnyX. Security camera? HomeAssistant web? Remote Desktop? Industrial Control System? Synology NAS?

FAQ

Category: Starlink

No, we are not in anyway affiliated with SpaceX / Starlink.

Agilicus connector on an Apple Mac. There is no Apple server, so this is usually not needed, however, can be run under Docker.

Category: Starlink

No, Apple does not provide a server platform since the XServe. The connector is supported on Linux, Windows, various embedded platforms like Synology, pfSense, Mikrotik, etc. To run the connector on an Apple Mac, you may use the Docker instructions (see Install Docker Desktop on Mac).

If you are an enthusiast, consider running the connector under Docker on your Mac.

Category: Starlink

Yes, via Agilicus AnyX.

Category: Starlink

No. The Agilicus AnyX is a SaaS solution, cloud based. In order to work with your Starlink network, you will install a small piece of software on a single device you already own.

Category: Starlink

The Agilicus AnyX platform is almost entirely cloud SaaS. In order to work with your Starlink network, you will be installing the Agilicus Connector on a device you already have. This software will facilitate the incoming network traffic.

Category: Starlink

Yes, the end user can use the web-based profile as well as the desktop based launcher. The desktop-based launcher requires OSX 11 (last supported version by Apple) or later.

Category: Starlink

You can see an animated diagram on the Agilicus Connector page. But in general, this works the same way e.g. a Google Nest thermostat works. Something inside your home network makes a persistent outbound connection to our cloud. When you are away, you will connect to our cloud, it will confirm your identity, and bridge you across these two outbound connections.

Category: Starlink

Agilicus AnyX is an implementation of Zero Trust, a security best practice. You will use single-sign-on authentication via your Google or Microsoft account (there are no passwords). You can optionally enable multi-factor authentication. All traffic is encrypted with TLS 1.3 HTTPS. You can configure firewall rules in this system for e.g. geo-ip based access, as well as other more complex rules. You will have a full audit trail of who used what when.

Category: Starlink

You can see the pricing here. If you have only 2 users there will be no ongoing cost.

Category: Starlink

Certainly! Please either open the chat icon in the lower-left, fill in the form, or email us (info @ agilicus.com) and our team would be happy to discuss further with you.

Category: Starlink

Agilicus AnyX is an industrial, business product. The large set of features may make it too complex for a consumer environment.

Category: Starlink

Agilicus AnyX is an excellent solution for web applications, for SSH (e.g. command line access), for a Share (e.g. file access), and for remote desktop (Microsoft Remote Desktop, VNC). If you have complex networking needs that require layer-3 routing this is probably not the right solution for you.

Category: Starlink

The Agilicus Connector supports many device types. Windows, Linux, OpenWRT, Synology. You can see more information on the product guide page. In general, the machine will need about 100MB of storage, 20MB of ram to operate.

It is very unlikely the Agilicus Connector will install on your camera.

Category: Starlink

We do not recommend using the RTSP feature of your camera with Agilicus AnyX. Instead we recommend using the HTTP interface.

Category: Starlink

Many security cameras have a web interface. If you have a URL you can use from your browser at home, then you can use it while away with Agilicus AnyX.

In most cases, if you have an NVR, this will work. If your camera supports ONVIF, we have specific support for some NVR with that.

Many people use Synology Surveillance Station or Shinobi NVR with Agilicus AnyX.

Sample setups for generic ONVIF cameras are here.

A sample setup for an older Hikvision is here.

role-based-access-controls

Pair Users with Resources.

Create user-resource pairings to enable secure remote access to specific systems within your Starlink network.

remote-connectivity

Access Anywhere. No Client. No VPN.

Seamlessly deploy in minutes not days. No new hardware, clients, or network changes are required.

cyber-security-policies

Outbound Only Connection.

An outbound only connection from your Starlink network means zero unauthorised traffic reaches your systems.

identity-aware-web-application-firewall

Enforce Security Controls for Access.

Implement security controls including multi-factor authentication, end-to-end encryption, detailed auditing and segmentation of users, resources, and systems.

Operated by SpaceX, Starlink provides high-speed, low-latency satellite internet coverage in 40 countries, empowering previously disconnected regions with internet access. Remote and rural businesses around the world have been able to connect to the internet and adopt new technologies that improve efficiency and operations.

Remote pumping site? Satellite office without local IT support staff? Lights out remote operation with building management (BMS)? Each of these require a simple way to get inbound connectivity through the satellite gateway.

As Starlink currently uses IPv4, there are less IP addresses available. Multiple Starlink subscribers could be sharing the same public IP address rendering traditional remote access tools like the VPN ineffective or overly complex.

shared-ip-starlink-access-issue

Unable to connect via IPv4.

The basic Starlink subscriber tier uses IPv4 and has a limited number of public IP addresses, achieved through a process known as Carrier-Grade NAT (CGNAT).

starlink-access-no-port-forwarding

No port forwarding due to CGNAT.

Port forwarding is complicated as IPv4 via CGNAT prevents traffic from properly rerouting to a specific device/machine in the network

starlink-remote-access-no-vpn

No port forward prevents VPN access.

Due to the limited number of available IP addresses and CGNAT and the inability to properly reroute traffic, it’s not possible to establish a standard VPN connection to your systems via Starlink.

starlink-remote-access-security-risks

Traditional tools require a risky, always on connection.

Traditional remote access tools require your organisation to accept the risks of overprivileged, always on connections to your systems.

What is Agilicus AnyX

Quickly and easily expand the reach of company resources without compromising on security, requiring a VPN, or juggling network changes. Agilicus AnyX is a Zero Trust Network Access platform that offers a secure alternative to perimeter-based network solutions and is suitable for organisations of all types and sizes. 

Enable simple, secure, and auditable access to shared resources with precise control of permissions for any authorised user with a low cost platform that scales with your organisation.

Without a routable IP address, using an inbound VPN is not an option for remotely connecting to systems over starlink. By using the Agilicus Connector on resources within your network, an outbound only connection to the Agilicus cloud can be established. Each user who requires access must verify their identity which is done via single sign-on and multi-factor authentication (OpenID connect + upstream identity providers). Direct access is achieved over HTTPS in any browser with a URL and a connection is only established once a user has verified their identity and has the required permissions for access.

Enhanced Security Through Zero Trust

Agilicus AnyX enables secure, identity-based, auditable access to specific resources with precise control of user permissions, while delivering a frictionless end-user experience.

secure-access

Frictionless End-User Experience
Single sign-on and multi-factor authentication provide a seamless, intuitive login flow.

role-based-access-controls

Simplified User Management
Centrally manage users and permissions through a single administrator portal.

secure-remote-access-any-device

Any User. Any Device. Anywhere.
Remote access over your Starlink network from anywhere, using any device.

There’s no need to setup a reverse VPN and worrying about Dynamic DNS, open ports, or setting up a DMZ. Remote access over Starlink through Agilicus AnyX not only makes it easy to connect to your systems, it empowers your organisation with access controls that keep your critical systems secure.

Get in touch with our team to get started with Agilicus AnyX to enable secure remote connectivity to resources within your Starlink network.