7 Oct 2025
This guide outlines the process of deploying a portable device to gain full and secure access to any network it connects to via Ethernet or Wi-Fi. It details leveraging Twin Gate, a Zero Trust Network Access (ZTNA) solution, to achieve robust remote control for IT support and penetration testing purposes.
The described device grants comprehensive access to any connected network, identifying its IP address and enabling remote operations without requiring prior knowledge of the network configuration.
A primary motivation for this setup is to provide effective IT support, particularly for informal roles like a church's unofficial IT person, ensuring full network control for efficient troubleshooting.
The device also serves as a tool for ethical penetration testing, offering extensive network access, automated IP discovery, and the capability to run tools like Nmap scans and perform lateral movement.
A Raspberry Pi (any model like 4, 5, 3, 0), a NAS computer, or a laptop can function as the core device, requiring only physical placement within the target network and a power supply.
The solution employs Twin Gate, a Zero Trust Network Access (ZTNA) platform, which offers free access for up to five users, rapid setup, and seamless operation without concerns about firewalls, CGNAT, or complex networking issues.
Setting up a Twin Gate network involves creating a new account, defining a network name (e.g., 'Reach'), and authenticating through an identity provider such as Google.
Within the Twin Gate platform, remote networks are established, and 'connectors' – physical devices like the Raspberry Pi – are deployed to facilitate the connection to these remote networks.
Preparing the Raspberry Pi entails flashing its SD card with the Raspberry Pi OS using the Raspberry Pi Imager tool, which allows for pre-configuration of settings like hostname, username, password, and Wi-Fi credentials.
The Twin Gate connector software is deployed onto the prepared Raspberry Pi or other compatible device using a command line script generated by Twin Gate, which securely incorporates necessary authentication tokens.
The device can establish a connection to the remote network either via Ethernet, which is generally preferred for its stability and ease of deployment, or through pre-configured Wi-Fi, suitable for remote installation scenarios.
A Python script leveraging the Twin Gate API can automatically discover the private IP address of the deployed Raspberry Pi and provision it as a resource within Twin Gate, which is especially useful when the remote network's details are unknown.
Accessing the Twin Gate API requires generating an API token, which must be assigned appropriate permissions (e.g., 'everything') for tasks such as provisioning new resources.
Users access resources on the Twin Gate network by installing and signing into a Twin Gate client application, which is available across various operating systems like Windows, Mac, Linux, iOS, and Android.
Twin Gate enforces a 'least privilege' model, meaning access to resources is denied by default and must be explicitly granted. Advanced security policies can be implemented, restricting access based on device trust, operating system, hardware serial numbers, and even setting access expiration times.
Twin Gate integrates DNS functionality, allowing users to create custom aliases (e.g., 'connector.reach.rockwall.local') for network resources, simplifying access and management.
Once connected, the Raspberry Pi can run network scanning tools like Nmap to identify other devices on the remote network, such as printers, routers, and other computers, which can then be added as new resources in Twin Gate.
Twin Gate supports service accounts, enabling applications or headless clients (e.g., Uptime Kuma) to securely access and monitor network resources without the need to open traditional firewall ports.
You drop this device in any network and you suddenly have access to everything, not just that; it will tell you what network it's on.
| Aspect | Description | Key Benefit/Function |
|---|---|---|
| Access Device | A portable computing device like a Raspberry Pi, NAS, or laptop. | Deployed in a remote network to provide comprehensive access upon connection. |
| Twin Gate Platform | A Zero Trust Network Access (ZTNA) solution. | Offers secure, fast, and easy-to-set-up remote access, bypassing firewall and CGNAT complexities. |
| Connector | Twin Gate software installed on the access device. | Establishes and maintains the secure connection to the designated remote network. |
| API Script | A Python script utilizing the Twin Gate API. | Automates the discovery and provisioning of unknown network resources, like the private IP of the deployed device. |
| Twin Gate Client | An application installed on the user's local device (Windows, Mac, Linux, etc.). | Connects users to their Twin Gate network and allows access to authorized resources. |
| Security Policies | Granular rules for granting and restricting resource access. | Enforces least privilege, allowing control over users, devices, ports, and access durations. |
| Service Accounts | Dedicated accounts for applications or servers, not human users. | Enables automated monitoring and interaction with network resources without opening firewall rules. |
| DNS Integration | Allows creation of custom, internal DNS aliases for network resources. | Simplifies accessing devices by name instead of IP address within the secure network. |
