AEGIS local
setup for Windows / Linux / macOS
Run AEGIS directly on your own machine — as a host or client — without a VPS. ~15 minutes.
📋 Contents
1. How it works
YOUR PC (Host) ├── AEGIS running in Host mode ├── Port 9999 open and listening │ ├── ← Client A connects ├── ← Client B connects └── ← Client C connects
NOTE The host must keep AEGIS running for the whole session. If the host closes the app, everyone disconnects.
2. Two ways to connect
| Method | Difficulty | Privacy | Works without router access |
|---|---|---|---|
| Port Forwarding | Medium | Public IP exposed | ❌ No |
| Tailscale | Easy | Private VPN, no exposed ports | ✅ Yes |
RECOMMENDED Tailscale is strongly recommended — no router config, no public IP exposure.
3. Setting up as a host
Step 1 — Launch AEGIS and select Host mode
┌─────────────────────────────────┐ │ Mode: [Host] / Client │ │ Port: 9999 │ │ Password: •••••••• │ │ │ │ [ Start Hosting ] │ └─────────────────────────────────┘
Set a password – all clients will need it. Once started, AEGIS shows the server fingerprint in the log. Share this fingerprint with your clients for verification.
Option A: Port forwarding (your public IP)
1. Find your local IP (run in Command Prompt):
ipconfigLook for IPv4 Address under your active adapter, e.g. 192.168.1.105.
2. Log into your router (usually http://192.168.1.1 or 192.168.0.1).
3. Create a port forwarding rule:
| Field | Value |
|---|---|
| Name | AEGIS |
| Protocol | TCP |
| External Port | 9999 |
| Internal Port | 9999 |
| Internal IP | your local IP (e.g. 192.168.1.105) |
4. Find your public IP: visit https://ifconfig.me — share this with clients.
⚠️ Dynamic IP warning: Most home connections change IP after reboot. If clients can’t connect, check if your public IP changed.
Option B: Tailscale (recommended)
Tailscale creates a private encrypted network between devices. Both host and clients must install Tailscale and be on the same tailnet.
Once Tailscale is running, your Tailscale IP looks like 100.x.x.x. Share this IP instead of your public IP. See section 6 for install details.
4. Setting up as a client
Step 1 — Launch AEGIS and select Client mode
┌─────────────────────────────────┐ │ Mode: Host / [Client] │ │ IP: 82.123.45.67 │ │ Port: 9999 │ │ │ │ [ Connect ] │ └─────────────────────────────────┘
Enter the host’s IP (public or Tailscale) and port 9999. Click Connect.
Step 2 — Trust the fingerprint
On first connection, AEGIS shows the host’s fingerprint. Verify it matches what the host shared, then click Yes.
Step 3 — Enter the password
If the host set a password, type it when prompted.
5. Finding your IP address
Local IP (for port forwarding):
ipconfig # look for IPv4 AddressPublic IP (to share over internet):
curl ifconfig.me or visit https://ifconfig.meTailscale IP (to share over Tailscale):
tailscale ip6. Tailscale setup
Install Tailscale from tailscale.com/download (Windows, macOS, Linux). Sign in with a Google/Microsoft/GitHub account (free).
Host and all clients must be in the same tailnet. The host can share an invite link from Tailscale admin console → Share next to the device.
Verify connectivity:
ping 100.x.x.x # from a client to the host's Tailscale IP7. Windows Firewall
Even with port forwarding, Windows may block AEGIS. Allow port 9999 inbound:
# PowerShell (as Admin)
New-NetFirewallRule -DisplayName "AEGIS Chat" -Direction Inbound -Protocol TCP -LocalPort 9999 -Action AllowOr manually: Windows Defender Firewall → Advanced Settings → Inbound Rules → New Rule → Port (TCP 9999, Allow).
Tailscale users: Usually no manual firewall rule needed; if issues persist, add the rule above.
8. Troubleshooting
Check:
- Is AEGIS running in Host mode on the host PC?
- Port number matches on both sides (default 9999)?
- Windows Firewall: ensure rule for port 9999 exists (see section 7).
- If using port forwarding: double-check router rule and that the host's public IP hasn't changed.
- If using Tailscale: confirm both machines are connected (
tailscale status).
Linux/macOS: sudo ufw status (if ufw is used).
The host restarted AEGIS, which generates a new keypair. The client has the old fingerprint saved.
Delete the saved fingerprint from the Windows Registry:
reg delete "HKCU\Software\AegisChat\TrustedFingerprints" /v "server_fingerprint" /fThen reconnect – you will be asked to trust the new fingerprint. Save this as a .bat file for quick access:
@echo off
reg delete "HKCU\Software\AegisChat\TrustedFingerprints" /v "server_fingerprint" /f
echo Fingerprint cleared. You can now reconnect.
pauseMake sure you are typing the exact password the host set – it is case‑sensitive.
The host can check or reset the password in the config UI before starting the session.
# Check Tailscale is running
tailscale status
# Ping the host
ping 100.x.x.x
# Restart Tailscale if needed
tailscale down
tailscale upIf the host doesn't appear in tailscale status, they may not be signed into the same tailnet. The host should share an invite link from the Tailscale admin panel.
This is a common router limitation called NAT hairpinning. Clients on the same local network as the host should connect using the host's local IP (e.g. 192.168.x.x), not the public IP. Only clients on a different network use the public IP.
Another service is already using port 9999. Change the AEGIS port in the config UI or stop the conflicting service.
Live host logs (if started from terminal) help: look for fingerprint, errors, or connection messages.
Quick reference
HOST SETUP
──────────────────────────────
1. Select Host mode, set password
2. Share your IP (public or Tailscale)
3. Share port: 9999, password, fingerprint
CLIENT SETUP
──────────────────────────────
1. Client mode, enter host IP & port 9999
2. Trust fingerprint
3. Enter password
FINGERPRINT RESET (Windows)
──────────────────────────────
reg delete "HKCU\Software\AegisChat\TrustedFingerprints" /v "server_fingerprint" /f
TAILSCALE CHECK
──────────────────────────────
tailscale status
ping 100.x.x.x
— AEGIS local setup, host from your own machine —