# MQTT Broker Remote Access

In this section, we'll discuss how to remotely access a private MQTT Broker located inside your office or home network behind a NAT router or a Firewall. We'll use the open source Mosquitto (opens new window) MQTT broker and client for this demo.

Remote access to a local MQTT broker is required when the IoT devices and sensors are placed remotely in your customer sites or in some remote locations in open fields to monitor and measure the environmental factors.

Data collected from the sensors needs to be streamed to the MQTT broker so that MQTT subscribers of the MQTT topic would receive the data for further processing and analysis.

You can find the instructions to download and install Mosquitto MQTT broker on your private server here (opens new window).

Let's see how to setup remote access to an MQTT broker using SocketXP IoT Remote Access Platform.

# Setup SocketXP IoT Agent for MQTT Broker Remote Access

You need to download and install a simple SocketXP IoT agent on your IoT devices and the server where your MQTT broker runs. You can find the instructions to download and install SocketXP IoT Agent here (opens new window).

Next, connect the MQTT Broker with the SocketXP IoT Cloud Gateway using the following command.

$ socketxp connect tcp:// 

Connected to SocketXP Cloud Gateway.
Access the TCP service securely using the SocketXP agent in IoT Slave Mode.


SocketXP automatically assigns a unique ID for each of your devices. Visit the SocketXP Portal Page and click the Devices tab to view your device details and device ID information.

# Connect IoT devices to the MQTT Broker in IoT Slave Mode

Next, setup SocketXP agent to run in IoT Slave Mode in all your IoT devices (both MQTT subscriber devices and the publisher devices)

$ socketxp connect tcp://localhost:3883 --iot-slave --peer-device-id 1234abcd-2233-18042021 --peer-device-port 1883

Listening for TCP connections at:
Local URL -> tcp://localhost:3883

# Subscribe to a topic

Make your IoT devices to subscribe to a topic they are interested in listening, so that they could take some action like powering ON a bulb. In the following example, the IoT device subscribes to the topic "office/floor1/bulb1"

Note: port 3883 is the local TCP port on which MQTT broker is reachable via the SocketXP agent running in IoT Slave Mode, providing secure TLS tunnel to the MQTT Broker.

$ mosquitto_sub -h -t "office/floor1/bulb1" -d -p 3883 
Client mosq-Q9Qsreqpu6epUSQdMH sending CONNECT
Client mosq-Q9Qsreqpu6epUSQdMH received CONNACK (0)
Client mosq-Q9Qsreqpu6epUSQdMH sending SUBSCRIBE (Mid: 1, Topic: office/floor1/bulb1, QoS: 0, Options: 0x00)
Client mosq-Q9Qsreqpu6epUSQdMH received SUBACK
Subscribed (mid: 1): 0

# Publish to the topic

Now it's time to publish some message to the topic "office/floor1/bulb1". Again use the local TCP port 3883 and local host IP address to reach the MQTT Broker via the SocketXP agent running in IoT slave mode.

$ mosquitto_pub -h -p 3883 -t "office/floor1/bulb1" -m "ON" -d
Client mosq-dAaaept2na6Hz8vqgV sending CONNECT
Client mosq-dAaaept2na6Hz8vqgV received CONNACK (0)
Client mosq-dAaaept2na6Hz8vqgV sending PUBLISH (d0, q0, r0, m1, 'office/floor1/bulb1', ... (2 bytes))
Client mosq-dAaaept2na6Hz8vqgV sending DISCONNECT

Check if the subscribers of the topic have received the ON message.

$ mosquitto_sub -h -t "office/floor1/bulb1" -d -p 3883 
Client mosq-Q9Qsreqpu6epUSQdMH sending PINGREQ
Client mosq-Q9Qsreqpu6epUSQdMH received PINGRESP
Client mosq-Q9Qsreqpu6epUSQdMH received PUBLISH (d0, q0, r0, m0, 'office/floor1/bulb1', ... (2 bytes))

We see that the "ON" message has been received by the subscriber.