MCP Gateway for Secure Remote Access to Internal Tools

OpenZiti has released an MCP gateway that enables secure access to internal MCP tool servers from remote locations without exposing any public endpoints. The solution aggregates multiple MCP backends into a single connection and namespaces tools to prevent collisions.

How It Works

The gateway runs over a zero-trust overlay using OpenZiti and zrok, meaning nothing listens on a public address. Clients connect using a zrok share token and receive isolated sessions. This approach eliminates the need for opening ports, setting up SSH tunnels, or running a VPN.

Configuration

Claude Desktop configuration requires just one entry in the mcpServers section. The configuration provides fine-grained selection of tools from aggregated servers.

{
  "mcpServers": {
    "gateway": {
      "command": "mcp-tools",
      "args": ["run", "<share-token>"]
    }
  }
}

Practical Use Case

The developer at NetFoundry uses this daily for accessing internal resources like data warehouses across their 100% remote workforce. The gateway allows team members to access MCP servers running on various machines from their laptops through a single MCP connection.

The project is available under the Apache 2.0 license and can be found on GitHub. The developer invites others to share their approaches to remote MCP access with Claude Desktop.