Guide

Connection Settings & VPN

Auto-reconnect, keep-alive, port forwarding, jump hosts, and VPN setup

Connection Settings & VPN

MTerm provides fine-grained control over connection behavior, from automatic reconnection to keep-alive intervals. This guide covers every connection setting, port forwarding, jump host configuration, and VPN options for reaching servers behind firewalls.

Connection Settings

These settings control how MTerm manages your SSH connection, especially around backgrounding and reconnection. All are configurable per host or globally in Settings.

SettingDefaultDescription
Auto-ReconnectONAutomatically reconnect when you return to MTerm from the background. Without this, you would need to manually reconnect every time you switch apps.
Max Retries10Maximum number of reconnection attempts before giving up. If the server is temporarily unreachable, MTerm will keep trying up to this limit.
Retry Interval3 secondsHow long to wait between reconnection attempts. A shorter interval reconnects faster but generates more connection attempts on the server.
Keep-Alive30 secondsHow often MTerm sends a keep-alive ping to the server. This prevents firewalls and NAT devices from closing idle connections. If your connections drop after being idle, try reducing this value.
Shell Restart Threshold300 secondsIf the app has been in the background longer than this, the shell session is restarted rather than resumed. This avoids issues with stale shell state.
Background DisconnectOFFWhen enabled, MTerm disconnects the TCP connection when the app moves to the background. You can configure a delay before disconnection occurs. This saves server resources and battery when you know you will be away for a while.
Shell Exit BehaviorAuto-closeWhat happens when the remote shell exits (e.g., you type exit or the server disconnects). Options: Auto-close (close the tab immediately), Confirm (ask whether to close), or Keep open (leave the tab open showing the exit status).

Unstable Wi-Fi (cafe, conference):

  • Auto-Reconnect: ON
  • Max Retries: 20
  • Keep-Alive: 15 seconds
  • Consider using Mosh instead of SSH for even better resilience

Stable network (home/office):

  • Default settings work well
  • Keep-Alive can be increased to 60 seconds to reduce unnecessary traffic

Battery conservation:

  • Background Disconnect: ON with a 30-second delay
  • Shell Restart Threshold: 30 seconds

Port Forwarding

Port forwarding lets you access services on your remote server as if they were running locally, or expose local services to the remote network.

Local Port Forward (-L)

A local port forward listens on a port on your device and tunnels traffic to a destination accessible from the remote server.

Example: Your remote server runs a PostgreSQL database on port 5432 that only accepts local connections. Set up a local port forward:

  • Local port: 5432
  • Remote host: localhost
  • Remote port: 5432

Now any app on your iPad can connect to localhost:5432 and reach the database on your server.

Common uses:

  • Access web applications running on the server (forward port 3000, 8080, etc.)
  • Connect to databases (PostgreSQL, MySQL, Redis)
  • Access admin panels that only listen on localhost

Remote Port Forward (-R)

A remote port forward listens on a port on the remote server and tunnels traffic back to your device (or a host accessible from your device).

Example: You want to expose a local development server running on your Mac (accessible from your iPad via the local network) to your remote server:

  • Remote port: 8080
  • Local host: 192.168.1.100
  • Local port: 3000

Now processes on the remote server can access localhost:8080 to reach your local development server.

Port Forward Management

  • Saved per host — Port forwards are stored as part of the host configuration, so they are ready every time you connect
  • Auto-reconnect — If the tunnel drops, MTerm automatically re-establishes it
  • Individual control — Start and stop each port forward independently
  • Status tracking — Each forward shows its current status: Active, Stopped, Starting, Error, or Reconnecting

Jump Hosts (Bastion Servers)

Many production environments require connecting through a bastion server (also called a jump host) rather than connecting directly to the target machine. MTerm handles this transparently.

How It Works

When you configure a jump host for a connection, MTerm:

  1. Establishes an SSH connection to the jump host
  2. Creates a tunnel through the jump host to the target server
  3. Establishes a second SSH connection to the target server through the tunnel

From your perspective, this is seamless — you tap the host and are connected. The jump host configuration is saved as part of the host profile.

Authentication Through Jump Hosts

MTerm supports RSA-SHA256 authentication through jump hosts. This means modern SSH servers that have disabled legacy SHA-1 signatures will work correctly even when accessed through a bastion server.

Configuration

In the host settings:

  1. Enable “Jump Host”
  2. Enter the jump host’s hostname, port, username, and authentication credentials
  3. The target host settings remain as usual

VPN Setup

When your servers are behind a firewall or on a private network, you need a VPN to reach them from your iPad or iPhone. MTerm works with any VPN that provides network-level access, but here are the two most popular options:

Tailscale

Tailscale is the easiest way to connect your devices to your servers. It creates a secure mesh network between all your devices with zero firewall configuration.

Setup:

  1. Install Tailscale on your server and your iPad/iPhone
  2. Sign in with the same account on both devices
  3. Your server gets a Tailscale IP (e.g., 100.x.x.x)
  4. In MTerm, use the Tailscale IP as the hostname

Tailscale handles NAT traversal, key management, and firewall rules automatically. If you are not sure which VPN to use, start with Tailscale.

WireGuard

WireGuard is a lightweight, high-performance VPN protocol. It is ideal if you prefer to self-host your VPN infrastructure and want maximum control over the configuration.

Advantages over Tailscale:

  • No third-party account required
  • Full control over the network configuration
  • Lower overhead (WireGuard is built into the Linux kernel)
  • Can be configured to route only specific subnets

Setup:

  1. Install WireGuard on your server and configure it as a VPN server
  2. Install the WireGuard app on your iPad/iPhone
  3. Import or create a client configuration
  4. Connect to the VPN
  5. In MTerm, use the server’s private network IP as the hostname

Other VPN Options

MTerm works with any VPN that provides network connectivity at the OS level, including:

  • OpenVPN
  • IPsec/IKEv2
  • Corporate VPN solutions (Cisco AnyConnect, GlobalProtect, etc.)

As long as the VPN gives your device a route to the server’s IP address, MTerm’s SSH connections will work through it.

Previous
Customization
Next
Plans & Device Comparison