Network Attached Storage (NAS) have enjoyed wide adoption both at home and in enterprises, offering a more secure and lower cost local storage as an alternative or complement to cloud based storage. With NKN’s secure remote file access service, users can access their NAS files from anywhere without the need to host a central server, saving development and maintenance effort, as well as time and money. And users can enjoy even higher levels of security and privacy when accessing NAS remotely.

Key Benefits

  • Secure Access from Anywhere — Access your files securely from anywhere even if your NAS is behind a router/firewall with no public IP address or open ports, by using NKN’s unique NKN addressing and network architecture
  • Reliable — NKN’s network of up to 20,000 servers in more than 40 countries ensures there is always a relay node available.
  • One Connection — Access all the files and services on your NAS from one connection.

Solution Overview

NKN secure remote file access service creates an end-to-end encrypted tunnel between the NAS device and the remote application. In order to accomplish this, internet connections are established by both the NAS device and remote application to a series of relay nodes within NKN’s public server network. Multiple nodes are used for both reliability as well as to enable faster transfer speed via multi-path data routing and aggregation . These relay nodes provide the interconnect to establish a single virtual tunnel between the NAS device and remote application. Relay nodes also provide a publicly available connection point for the NAS device, which are often connected behind a firewall or NAT gateway and do not have a public IP address or open ports. Please see figure 1 below.

Fig1: NKN Tunnel via multiple relay node

Once a connection between the NAS device and relay node is established it will begin listening on a unique NKN Address (For example: 20d72feef55…) as shown in Figure 2. This is a routable address within the NKN network and will be used by the remote application to establish a connection to the same relay nodes as the NAS. In addition, this NKN Address also includes a public key which will help establish E2E encryption without the need to consult a 3rd party Certificate Authority (CA).

Figure 2: NKN Address used to establish E2E encryption

Once the tunnel is established, the remote application will have access to any of the local services available on the NAS including access to the users content such as photos, movies, and other files.

There are additional security measures that the NAS device can set up for even more protection:

  • Create a whitelist of allowed user applications, as identified by user app’s NKN address
  • Enforce user IAM (Identity and Access Management) roles and privileges to better manage file access rights in a finer grain


Typically for best user experience, NAS vendors work with NKN technical team to integrate NKN tunnel service with their NAS firmware and their mobile app. However, if you just want to try out NKN secure remote file access solution without commiting to integration, you can use the following steps to test it out.

Download the nkn-tunnel SDK

In order to implement NKN’s secure remote file access solution, you must run nkn-tunnel as a standalone program or SDK on both the NAS device and remote application.

Download the latest Mac, Windows, and Linux releases at:

NOTE: nkn-tunnel is written in Go and can be compiled to work in your preferred environment such as Android, iOS, and more.

Start nkn-tunnel service

NAS Setup

To start nkn-tunnel on NAS (server side), you can run the following command:

./nkn-tunnel -from nkn -to -s <seed>

The use of -s is optional, for example if you wish to recover a pre-existing encryption key (or seed, 64 digit HEX). Otherwise a new key will be generated if this option is not set.

The nkn-tunnel application will connect to the nkn network and will begin listening for secure connections on port 8080. The output will show an NKN specific listening-address (see example below) which will be used by the remote application to connect.

Example Output:

2020/03/02 13:33:53 Listening at 5177bc471bed64cc98b8d39c1b465b5d316cb756c1eeeb99d6b13700d86809f9

Remote Application Setup

To start nkn-tunnel on the remote application (client side), you can run the following command:

./nkn-tunnel -from -to <listening-address>

The listening-address is the unique NKN address that was displayed when launching nkn-tunnel on the NAS device.

For more information on nkn-tunnnel and its usage, please visit our github for the latest release notes.

Success Stories

NKN’s Secure Remote File Access service has been successfully integrated and available on our customer’s consumer product deployed to more than 15,000 customers worldwide.


NKN’s Secure Remote File Access service for Network Attached Storage turns your local storage into a universally accessible global storage. You can remotely connect to your NAS, even if your device is behind a firewall or gateway, with no public IP address or open ports, and our all of your data is accessed via end-to-end encrypted tunnel for security. The service also offers accelerated performance for downloading data from your NAS with several times faster download experience compared to a cloud based solution. It only takes a few steps to setup and configure and we offer a free open source SDK to get you started.

You can also find more product information and web-based test drive at:

Universally accessible NAS, accelerated data transfer, and low cost to deploy… Enhance your NAS product today with NKN!