explaingit

fosrl/pangolin

📈 Trending20,807TypeScriptAudience · developerComplexity · 4/5ActiveLicenseSetup · hard

TLDR

Identity-based remote access platform built on WireGuard that lets you securely access web apps and private network resources through a browser or client, with zero-trust access control.

Mindmap

mindmap
  root((Pangolin))
    What it does
      Browser web access
      Private network tunnels
      NAT traversal
      Zero-trust security
    Key features
      Site connectors
      Auto SSL certs
      Load balancing
      DNS aliases
    Access control
      Role-based permissions
      Identity providers
      User management
    Deployment options
      Cloud service
      Self-hosted Community
      Self-hosted Enterprise
    Client platforms
      Mac Windows Linux
      iOS Android

Things people build with this

USE CASE 1

Give remote team members secure browser-based access to internal web dashboards without VPN client installation.

USE CASE 2

Connect to SSH servers, databases, and RDP desktops on private networks from anywhere without exposing them to the internet.

USE CASE 3

Replace traditional VPN infrastructure with a zero-trust platform that grants access to specific resources instead of entire networks.

USE CASE 4

Set up NAT traversal to reach resources behind restrictive firewalls without public IPs or port forwarding.

Tech stack

TypeScriptWireGuardReverse proxy

Getting it running

Difficulty · hard Time to first run · 1day+

Requires WireGuard kernel module setup, reverse proxy configuration, and identity/auth system initialization across multiple components.

Community Edition is AGPL-3 (copyleft); Enterprise Edition is proprietary but free for personal use and businesses under $100K annual revenue.

In plain English

Pangolin is an open source, identity-based remote access platform built on WireGuard. It combines reverse proxy and VPN capabilities into a single platform, providing both browser-based access to web applications and client-based access to private network resources like SSH servers, databases, RDP, and entire network ranges. NAT traversal allows connections through restrictive firewalls without requiring public IP addresses or open ports. Key features include site connectors that create gateways into private networks using outbound tunnels, browser-based reverse proxy access where users authenticate through a web browser without installing any client software, automatic SSL certificates, load balancing and health checking, and DNS aliases for friendly resource names. Access control uses a zero-trust model with role-based access control (RBAC), allowing administrators to grant users access to specific resources rather than entire networks. External identity providers can be connected alongside the built-in user management. It is available as a fully managed cloud service at app.pangolin.net, as a self-hosted Community Edition (AGPL-3 licensed), and as a self-hosted Enterprise Edition (Fossorial Commercial License, free for personal use and businesses under $100K annual revenue). Client apps are available for Mac, Windows, Linux, iOS, and Android.

Copy-paste prompts

Prompt 1
How do I set up a Pangolin site connector to create a gateway into my private network?
Prompt 2
Show me how to configure role-based access control in Pangolin so different team members can access different resources.
Prompt 3
What's the difference between Pangolin's browser-based reverse proxy access and traditional VPN client access?
Prompt 4
How do I deploy Pangolin self-hosted Community Edition on my own infrastructure?
Prompt 5
Can I integrate Pangolin with my existing identity provider like Okta or Azure AD?
Open on GitHub → Explain another repo

Generated 2026-05-18 · Model: sonnet-4-6 · Verify against the repo before relying on details.