Effortless Hosting of Foundry VTT Using Secure SSH Tunnels

Lightning DeveloperLightning Developer
4 min read

Hosting a Foundry Virtual Tabletop (VTT) session for remote players often brings unexpected networking challenges, especially for users with limited technical expertise or restrictive internet setups. Traditional hosting typically involves navigating complex router configurations, firewall settings, and unstable IP addresses. However, by utilizing reverse SSH tunneling, you can securely expose your local Foundry instance to the web without ever needing to modify router settings or install complex software.

The Problem with Traditional Hosting Methods

Running a multiplayer Foundry VTT session from home sounds simple—until you try to make it accessible online. Here are the hurdles:

  • Router Port Forwarding: You must access your router’s admin interface, manually forward a port (like 30000), and ensure it maps correctly to your Foundry server. Not only is this process error-prone, but some routers don't even provide this flexibility.

  • Firewalls: Most home or corporate networks block incoming traffic for security. This means manually configuring firewall exceptions—another technical barrier for casual users.

  • Dynamic IPs: ISPs often change your public IP periodically. Without a dynamic DNS (DDNS) service, you’d need to share a new IP with your players each time it changes.

  • Carrier-Grade NAT (CG-NAT): ISPs like T-Mobile and Jio use CG-NAT to conserve IPv4 addresses. This prevents you from receiving incoming connections, making port forwarding impossible.

Together, these factors make traditional Foundry hosting unreliable and cumbersome for most users.

Foundry VTT

The Solution: Reverse SSH Tunneling

A reverse SSH tunnel turns the problem on its head. Instead of exposing your local machine to the world, it initiates a secure outbound connection to a public server, which then relays requests back to your Foundry instance. This workaround:

  • CG-NAT: Since the tunnel starts from your machine, NAT doesn’t block it.

  • Firewalls: Outbound connections are generally allowed, even on corporate networks.

  • Dynamic IPs: You connect to a stable public server that doesn't change, so your players always reach the right endpoint.

All you need is a basic SSH client—no extra installations or system modifications.

Introducing Pinggy: Simplifying SSH Tunneling

Pinggy is a lightweight, user-friendly tunneling tool that leverages SSH to expose local applications (like Foundry VTT) through publicly accessible URLs. It doesn’t require any software installation and is perfect for one-time sessions, prototyping, live demos, or collaborative online activities.

Quick Setup Guide: Host Foundry VTT in Minutes

  1. Launch Foundry VTT Locally
    Start your Foundry session as usual. It will typically run on http://localhost:30000.

Open a Secure Tunnel via Pinggy
Open a terminal or PowerShell and run:

ssh -p 443 -R0:localhost:30000 a.pinggy.io

This connects to Pinggy’s server using a secure, firewall-friendly port (443), and assigns a public URL pointing to your local Foundry instance.

  1. Share the URL with Players
    Pinggy provides a temporary HTTPS link like:

     https://yourgame123.pinggy.link

    Public URL

    Share this with your players—they can connect to your session instantly without any additional steps on their end.

Advanced Features: Control, Security, and Customization

1. Manage Sessions via Pinggy Dashboard

Create a Pinggy account and generate an access token. Use it in your tunnel command:

ssh -p 443 -R0:localhost:30000 -t YOUR_TOKEN@a.pinggy.io

This grants you access to a dashboard where you can view stats, manage connections, and terminate tunnels as needed.

2. Add Access Protection with Login Prompts

To secure your session with a username and password, append this to your command:

ssh -p 443 -R0:localhost:30000 -t a.pinggy.io b:USERNAME:PASSWORD

Users will be prompted to authenticate before accessing the game, providing an extra layer of security.

Dashboard

3. Get Persistent URLs and Use Custom Domains

If you run recurring campaigns or host frequent sessions, you can upgrade to a Pinggy Pro Plan, which offers:

  • Reusable custom subdomains (e.g., https://mycampaign.pinggy.link)

  • Integration with your domain via CNAME records (e.g., https://vtt.yoursite.com)

  • Automatic HTTPS certificate handling for a professional, secure setup

Key Benefits of Using SSH Tunnels with Pinggy for Foundry VTT

  • No router or firewall configuration required

  • Works through CG-NAT and dynamic IPs

  • Public HTTPS links with optional authentication

  • An optional dashboard to monitor and control sessions

  • Ideal for one-shots, campaign hosting, demos, and testing

Conclusion

Hosting a Foundry VTT session shouldn't be a networking nightmare. With reverse SSH tunnels and Pinggy, you can deploy a secure, reliable gaming session online within minutes—no IT background required. Whether you're storytelling a one-off encounter or managing a full campaign, this method keeps the tech out of your way so you can focus on immersive gameplay.

Further Resources:

0
Subscribe to my newsletter

Read articles from Lightning Developer directly inside your inbox. Subscribe to the newsletter, and don't miss out.

Founder vttssh-tunnelingsshWeb DevelopmentGame DevelopmentlocalhostDeveloper

Written by

Lightning Developer
Lightning Developer