Skip to main content

Remote Access

Remote access lets members of your organization visualize and teleoperate devices through the Foxglove platform. A gateway running on the device authenticates with a device token and connects out to Foxglove, so the device is reachable even when it's behind a firewall or on cellular.

Built on WebRTC, remote access is designed for real-world networks:

  • NAT traversal. The Foxglove platform provides STUN and TURN relays, so the device doesn't need inbound ports or a public IP.
  • Efficient fan-out. The gateway uploads each stream at most once to a Foxglove-managed SFU (Selective Forwarding Unit), which multicasts to every connected client.
  • Low-latency delivery. Messages flow over lossy data channels by default to minimize latency on unreliable networks. Topics that need guaranteed delivery (like static transforms) can opt into reliable delivery.
  • Adaptive-bitrate video. Image data is transcoded into a video track whose quality adapts to available bandwidth on both legs of the connection (device to SFU, SFU to client).

Setting up a gateway

There are two ways to run a remote access gateway on a device.

Use the Foxglove SDK when you want full control over which data is published, or when working with a custom (non-ROS) robotics stack.

Use the Foxglove Bridge for a quick setup with an existing ROS 2 stack. See the bridge's remote access configuration for setup instructions.

Connecting to a device

On the Devices page, open the detail page for a device with an active gateway and click Connect to open it for live visualization and teleoperation.

Best practices

Publish images as image topics

Publish your camera data using raw or compressed image topics. The SDK and Foxglove Bridge automatically transcode these into a WebRTC video track, which is the most efficient way to move image data over remote access: encoding the stream as video lets WebRTC apply adaptive-bitrate streaming, scaling quality up or down to match the available bandwidth on each leg of the connection.

The supported image encodings are the same raw and compressed image encodings listed for the Image panel, with two exceptions: avif compressed images are not transcoded, and compressed video is not transcoded.

Keep messages small

By default, messages are delivered over a lossy data channel: effectively UDP without retransmission. A message larger than 1300 bytes is split into multiple fragments, and every fragment must arrive for the client to receive the message. The probability of successful delivery is roughly (1 - loss)^fragments, so it falls off exponentially with both the network loss rate and the number of 1300-byte fragments per message. In practice, large messages will not transmit reliably over a lossy network.

Keep individual messages small so they fit in as few fragments as possible. For image data, prefer image topics (see above) so the gateway can stream it as video rather than as large messages.

Authentication

Foxglove brokers every connection, so the device and client never connect directly. The gateway authenticates with a device token, and clients connect through their Foxglove session. Only organization members with access to the device's Project can connect.

Encryption

All traffic is encrypted in transit: signaling uses TLS over WebSocket, media uses SRTP over WebRTC, and data channels use SCTP over DTLS. Streams are not end-to-end encrypted, which means the Foxglove-managed SFU that fans out each stream can see the data it forwards.