Skip to content

Installation on GL.iNet (Asset Mode)

This guide provides instructions for installing the XplicitTrust agent on a GL.iNet device running the Rockchip-based (RK) firmware.

Asset mode means services (like SSH, HTTPS, remote desktop, etc) can be remotely accessed from an XplicitTrust client, or from another system running in asset mode.

Tested devices:

  • Comet (GL-RM1)
  • Comet POE (GL-RM1PE)

Installation

  1. Enable SSH on the device and connect to it as root.

  2. Run the following commands in the shell:

    wget https://dl.xplicittrust.com/xtna-agent_arm64.tar.gz
mkdir xtna-agent_arm64; cd xtna-agent_arm64
tar -xf ../xtna-agent_arm64.tar.gz
sh install.sh

Configuration

See the xtna-util reference for a complete list of available flags.

  1. To register the device as an asset: 
    xtna-util -user <XplicitTrust admin email address>
  2. Open the URL that xtna-util returns in a browser to authenticate.
  1. Go to the admin console settings page
  2. Create a new "Asset Creation Token", configure it, download and store it in a secure place.
  3. Use the token to register assets: 
    xtna-util -domain <tenant domain> -token <token>
  1. Go to the admin console assets page
  2. Click "Create new" button, fill out the form, and click "Apply".
  3. Click the "Download Config" icon at the top of the form box.
  4. Copy the configuration to the device and run: 
    xtna-util -import xtna-*.xtconfig

Firmware Updates

The agent binaries and runtime state are stored under /etc/kvmd/user/xtna/, which is preserved across GL.iNet firmware updates. After a firmware update, re-run the installer to recreate the /usr/bin symlinks and the inittab entries:

sh /etc/kvmd/user/xtna/install.sh

The existing enrollment, certificates, and configuration are retained — no re-registration is required.

Troubleshooting

If the registration fails or the agent is not able to get Online, check that outgoing HTTPS connections (TCP port 443) are allowed. For the best experience, allow outgoing connections on UDP port range 51820 - 60000.

Service logs are written to /var/log/xtna-service/.

Consult the FAQ to learn more about troubleshooting firewalls.