Analysis updated 2026-06-21
Expose a home server or self-hosted web app to the internet securely without opening firewall ports.
Give team members zero-trust access to specific internal services like databases or SSH hosts without a full VPN.
Replace a traditional VPN with per-resource access control so users only reach the services they need.
Connect multiple private network sites together with outbound-only WireGuard tunnels through restrictive firewalls.
| fosrl/pangolin | pavlobu/deskreen | coze-dev/coze-studio | |
|---|---|---|---|
| Stars | 20,606 | 20,619 | 20,700 |
| Language | TypeScript | TypeScript | TypeScript |
| Setup difficulty | hard | easy | hard |
| Complexity | 4/5 | 2/5 | 4/5 |
| Audience | ops devops | general | developer |
Figures from each repo's GitHub metadata at analysis time.
Requires a VPS with a public IP for the server component, multiple infrastructure pieces including WireGuard must be configured before first access.
Pangolin is an open source, identity-based remote access platform built on WireGuard. It combines reverse proxy and VPN capabilities into a single platform, providing both browser-based access to web applications and client-based access to private network resources like SSH servers, databases, RDP, and entire network ranges. NAT traversal allows connections through restrictive firewalls without requiring public IP addresses or open ports. Key features include site connectors that create gateways into private networks using outbound tunnels, browser-based reverse proxy access where users authenticate through a web browser without installing any client software, automatic SSL certificates, load balancing and health checking, and DNS aliases for friendly resource names. Access control uses a zero-trust model with role-based access control (RBAC), allowing administrators to grant users access to specific resources rather than entire networks. External identity providers can be connected alongside the built-in user management. It is available as a fully managed cloud service at app.pangolin.net, as a self-hosted Community Edition (AGPL-3 licensed), and as a self-hosted Enterprise Edition (Fossorial Commercial License, free for personal use and businesses under $100K annual revenue). Client apps are available for Mac, Windows, Linux, iOS, and Android.
Pangolin is a self-hosted remote access platform that lets you securely reach private servers, databases, and web apps from anywhere using WireGuard tunnels and zero-trust access control, with no open firewall ports required.
Mainly TypeScript. The stack also includes TypeScript, WireGuard.
Community Edition is AGPL-3.0, any distributed or network-served version must be open source. Enterprise Edition is free for personal use and businesses under $100K annual revenue.
Setup difficulty is rated hard, with roughly 1h+ to a first successful run.
Mainly ops devops.
This repo across BitVibe Labs
Verify against the repo before relying on details.