Overview
The gateway is the technology that powers connections. It builds secure tunnels between servers in different organizations so data can flow without opening inbound firewall ports or exposing servers to the public internet.
You rarely interact with the gateway directly — you provision connections and the gateway does the rest — but understanding it helps when troubleshooting.
How connections are made
Section titled “How connections are made”The gateway supports two modes:
- Peer-to-peer (WebRTC / NAT traversal) — the default. Two servers establish a direct, encrypted channel using STUN/TURN to traverse firewalls and NAT. No inbound ports needed.
- Direct mTLS — a direct TCP connection secured with mutual TLS. Useful when both ends have reachable addresses and you prefer a straightforward, direct path.
In both modes, traffic is encrypted end to end and every connection is authenticated with a shared secret unique to that connection.
Signaling
Section titled “Signaling”To set up a peer-to-peer tunnel, the two sides first find each other through a lightweight signaling service (MQTT). Signaling only coordinates the connection setup — your actual data never passes through it.
The Gateway Connector
Section titled “The Gateway Connector”On a Mirth server, gateway connectivity is provided by the Gateway Connector plugin, which adds two connector types to your channels:
- A Gateway Listener (source) that receives data from authorized peers.
- A Gateway Sender (destination) that delivers data to a remote peer.
See The Gateway Connector for how these map to channels and connections.
When things go wrong
Section titled “When things go wrong”Most connectivity problems come down to networking (firewalls, TURN reachability) or a mismatched secret. Start with Troubleshooting connections.