Open Source Tunneling Software
Sort By:
Tunneling Software
View 8778 business solutionsBrowse free open source Tunneling software and projects below. Use the toggles on the left to filter open source Tunneling software by OS, license, language, programming language, and project status.
-
Our Free Plans just got better! | Auth0You asked, we delivered! Auth0 is excited to expand our Free and Paid plans to include more options so you can focus on building, deploying, and scaling applications without having to worry about your security. Auth0 now, thank yourself later.
-
AI-powered service management for IT and enterprise teamsGive your IT, operations, and business teams the ability to deliver exceptional services—without the complexity. Maximize operational efficiency with refreshingly simple, AI-powered Freshservice.
-
1
Amnezia VPN
Amnezia VPN Client (Desktop+Mobile)
Amnezia is an open-source VPN client, with a key feature that enables you to deploy your own VPN server on your server. -
2
S-UI
An advanced Web Panel • Built for SagerNet/Sing-Box
S-UI is an advanced web-based management panel built on top of SagerNet and Sing-box, designed to simplify the configuration and monitoring of proxy and networking services through an intuitive graphical interface. It provides a centralized dashboard where users can manage inbound and outbound connections, configure routing rules, and monitor traffic usage in real time. The platform supports multiple protocols and clients, making it flexible for different networking scenarios such as proxy servers, tunneling, and custom routing setups. It includes features for generating subscription links in various formats, allowing easy distribution of configurations to client devices. The system is built with a full-stack architecture combining a Go backend and a modern frontend, ensuring both performance and usability. It also exposes API endpoints for automation and integration with external tools, enabling advanced users to build custom workflows. -
3
NekoBox for PC (NekoRay)
Qt based cross-platform GUI proxy configuration manager
NekoBox for PC is a Qt-based, cross-platform proxy configuration manager designed for Windows and Linux systems. It provides a user-friendly graphical interface for managing advanced proxy and tunneling configurations using the sing-box backend. NekoBox supports a wide range of modern proxy protocols, making it suitable for users who need flexible and powerful network routing options. The application offers portable builds that run without installation, allowing quick setup and easy deployment. With support for subscription-based configurations and custom cores, it caters to both casual users and advanced networking enthusiasts. Although the project has been archived and is no longer actively maintained, NekoBox for PC remains a popular and capable tool for managing complex proxy setups. -
4
Proton VPN Windows App
Official ProtonVPN Windows app
The ProtonVPN Windows app project hosts the official open-source client software that lets users securely connect their Windows machines to the ProtonVPN service with full system-wide VPN protection. It includes a modern GUI built with .NET and WPF that lets users authenticate, choose VPN servers, and configure features like split tunneling or kill switch, while a background Windows service manages VPN connections using the OpenVPN protocol and handles networking tasks such as firewall and adapter configuration. The app integrates a custom TAP driver and a split tunnel callout driver to help route traffic securely and prevent leaks, and is structured so the GUI and service components work together to deliver a smooth user experience on Windows desktops and laptops. ProtonVPN’s Windows client supports both free and paid users with access to Proton’s global server network, encrypted tunnels, and privacy-first policies that block logging and respect user anonymity. -
Go From AI Idea to AI App FastAccess Gemini 3 and 200+ models. Build chatbots, agents, or custom models with built-in monitoring and scaling.
-
5
Clash Verge
A Clash Meta GUI based on Tauri
Clash Verge Rev is an open-source desktop application that provides a modern graphical interface for managing network proxy configurations and routing internet traffic through rule-based tunneling systems. Built using the Tauri framework and Rust, it delivers a lightweight yet high-performance experience across Windows, macOS, and Linux platforms. The application is based on the Mihomo (formerly Clash Meta) core, which enables advanced proxy routing capabilities, allowing users to define rules for how network traffic is handled and routed through different proxy nodes. It is designed to simplify complex proxy management tasks by offering a clean, user-friendly interface while still exposing powerful configuration options for advanced users. The tool supports features such as system proxy management, TUN mode for virtual network interfaces, and detailed rule editing, making it suitable for both everyday use and more technical networking scenarios. -
6
Clash for Windows
Windows GUI client application built on the Clash core proxy engine
Clash for Windows is a desktop GUI client application built on the Clash core proxy engine, providing a user-friendly interface for managing and routing network connections through customizable rule sets and multiple proxy protocols. It targets advanced users who need fine-grained control of how traffic is routed on Windows systems, enabling scenarios like split-tunneling, region-based routing, and domain-specific proxy selection. Using Clash’s rule syntax and support for diverse inbound and outbound protocols (including SOCKS5, Shadowsocks, V2Ray, and others), this client lets users define when to route traffic through a proxy or bypass it entirely, making it useful for privacy, latency optimization, testing, and censorship circumvention. The application typically includes tools to import subscription URLs, live traffic statistics, log views, and configuration editors, reducing the complexity of managing text-based YAML configs manually. -
7
DNS2SOCKS
DNS to SOCKS or HTTP proxy
This is a command line utility to resolve DNS requests via a SOCKS tunnel like Tor or a HTTP proxy. -
8
Cloudflare Tunnel Client
Cloudflare Tunnel Client
Contains the command-line client for Cloudflare Tunnel, a tunneling daemon that proxies traffic from the Cloudflare network to your origins. This daemon sits between Cloudflare network and your origin (e.g. a webserver). Cloudflare attracts client requests and sends them to you via this daemon, without requiring you to poke holes on your firewall --- your origin can remain as closed as possible. Extensive documentation can be found in the Cloudflare Tunnel section of the Cloudflare Docs. All usages related with proxying to your origins are available under cloudflared tunnel help. You can also use cloudflared to access Tunnel origins (that are protected with cloudflared tunnel) for TCP traffic at Layer 4 (i.e., not HTTP/web socket), which is relevant for use cases such as SSH, RDP, etc. Such usages are available under cloudflared access help. -
9
Clash Verge Rev
A modern GUI client based on Tauri
Clash Verge Rev is an open-source desktop application that provides a modern graphical interface for managing network proxy configurations and routing internet traffic through rule-based tunneling systems. Built using the Tauri framework and Rust, it delivers a lightweight yet high-performance experience across Windows, macOS, and Linux platforms. The application is based on the Mihomo (formerly Clash Meta) core, which enables advanced proxy routing capabilities, allowing users to define rules for how network traffic is handled and routed through different proxy nodes. It is designed to simplify complex proxy management tasks by offering a clean, user-friendly interface while still exposing powerful configuration options for advanced users. The tool supports features such as system proxy management, TUN mode for virtual network interfaces, and detailed rule editing, making it suitable for both everyday use and more technical networking scenarios. -
Train ML Models With SQL You Already KnowBuild and deploy ML models using familiar SQL. Automate data prep with built-in Gemini. Query 1 TB and store 10 GB free monthly.
-
10
Clash Meta for Android
A rule-based tunnel for Android
Clash Meta for Android is an Android application that functions as a rule-based network tunneling and proxy management tool, enabling users to control how their internet traffic is routed through different proxy servers. Built on the Clash.Meta core, it allows advanced routing based on customizable rules, making it possible to selectively direct traffic for specific apps, domains, or regions. The application is commonly used for bypassing network restrictions, optimizing routing performance, and managing multiple proxy configurations in a unified interface. It provides a user-friendly mobile interface while maintaining powerful underlying functionality for advanced users who need granular control over network behavior. The project is actively maintained and integrates updates from the Clash.Meta kernel, ensuring compatibility with evolving proxy protocols and features. It supports various proxy types and configurations, making it highly flexible for different networking scenarios. -
11
ngrok
Unified ingress for developers
ngrok is a globally distributed, secure reverse proxy and tunneling service that exposes applications running on local machines behind NATs or firewalls to the public internet. It simplifies remote debugging, webhooks integration, and secure ingress by wrapping reverse proxy, firewall traversal, API gateway, and load-balancing functionality into a single tool. ngrok is a globally distributed reverse proxy that secures, protects and accelerates your applications and network services, no matter where you run them. You can think of ngrok as the front door to your applications. ngrok combines your reverse proxy, firewall, API gateway, and global load balancing into one. ngrok can capture and analyze all traffic to your web service for later inspection and replay. -
12
WireGuard for iOS and macOS
An application for iOS and for macOs
WireGuard for iOS and macOS is the official WireGuard client implementation for Apple platforms, including iOS, iPadOS, and macOS. The project delivers a native Swift-based application that integrates with Apple’s Network Extension framework to provide secure VPN tunneling with strong performance and reliability. It offers a polished graphical interface that allows users to create, import, and manage WireGuard configurations while maintaining the protocol’s emphasis on simplicity and modern cryptography. The software is designed to work seamlessly within Apple’s ecosystem, supporting keychain storage, system networking controls, and platform security features. Because WireGuard is known for its lean architecture, the Apple client maintains efficient resource usage while delivering fast connection speeds. Overall, wireguard-apple is intended for Apple device users and organizations that require a secure, modern VPN solution fully aligned with the Apple networking stack. -
13
Zphisher
An automated phishing tool with 30+ templates
Zphisher is an advanced open-source phishing tool for educational and penetration testing purposes. It provides a simple interface for launching phishing attacks by cloning login pages of popular websites. Built in Bash, Zphisher automates server deployment using tunneling services like Ngrok, Localhost.run, and others. It is intended for ethical hacking and security research to demonstrate how phishing attacks work and how to defend against them. -
14
UFTP
Encrypted UDP based FTP with multicast
UFTP is an encrypted multicast file transfer program, designed to securely, reliably, and efficiently transfer files to multiple receivers simultaneously. This is useful for distributing large files to a large number of receivers, and is especially useful for data distribution over a satellite link (with two way communication), where the inherent delay makes any TCP based communication highly inefficient. The multicast encryption scheme is based on TLS with extensions to allow multiple receivers to share a common key. UFTP also has the capability to communicate over disjoint networks separated by one or more firewalls (NAT traversal) and without full end-to-end multicast capability (multicast tunneling) through the use of a UFTP proxy server. These proxies also provide scalability by aggregating responses from a group of receivers. -
15
SikuliX
Now continued as OculiX — see oculix.org
SikuliX is now continued as OculiX at https://oculix.org. The active development,,releases, documentation and community have moved there. SikuliX (and now OculiX) automates anything you see on the screen of your desktop computer. Running Windows, Mac or some Linux/Unix. It uses image recognition powered by OpenCV to identify GUI components and can act on them with mouse and keyboard actions. This is handy in cases when there is no easy access to a GUI's internals or the source code of the application or web page you want to act on. This SourceForge entry is preserved for historical reference. Please get the latest version from https://github.com/oculix-org/Oculix/releases. -
16
Clash for Android
Mobile counterpart to desktop Clash clients for Android
Clash for Android is the mobile counterpart to desktop Clash clients, offering Android users a powerful proxy routing environment based on the Clash core, designed to let them control how network traffic is handled on their devices according to flexible rule sets. It provides a front end to define inbound and outbound proxy rules, supports various protocols like SOCKS5, Shadowsocks, V2Ray, and more, and lets users import configurations through URLs or local files, handling dynamic subscription updates. With its ability to route app or domain-specific traffic, Android users can implement split-tunneling, bypass geographic restrictions, and optimize latency for performance-sensitive apps without requiring full VPN profiles. The application usually includes features like logs, traffic monitoring, and status indicators so users can see how rules are applied in real time, and it fits into Android’s VPN API to create a local virtual network interface for routing. -
17
MasterHttpRelayVPN
Domain-fronted HTTP/SOCKS5 proxy tunneling traffic through Google Apps
MasterHttpRelayVPN is a networking tool designed to route traffic through HTTP-based relay systems, enabling VPN-like functionality over standard web protocols. It focuses on bypassing network restrictions by tunneling data through HTTP requests, making it effective in constrained or filtered environments. The system supports secure communication and can be configured to relay traffic across multiple endpoints. It is particularly useful for users who need to access restricted networks or maintain connectivity in limited conditions. The project emphasizes flexibility and adaptability in different network scenarios. It also provides tools for managing connections and monitoring traffic flow. Overall, it offers an alternative approach to traditional VPN solutions. -
18
Cntlm is an NTLM / NTLMv2 authenticating HTTP/1.1 proxy. It caches auth'd connections for reuse, offers TCP/IP tunneling (port forwarding) thru parent proxy and much much more. It's in C, very fast and resource-efficient. Go to http://cntlm.sf.net/
-
19
Another Redis Desktop Manager
A faster, better and more stable Redis desktop manager
AnotherRedisDesktopManager is a cross-platform GUI client for Redis that simplifies connecting, browsing, and manipulating data. It supports standalone, Sentinel, and Cluster modes, plus SSH tunneling and ACL credentials for secure access in varied environments. The UI provides tree and table views of keys with inline editors for strings, hashes, lists, sets, sorted sets, and streams, including TTL management and batch operations. Built-in monitoring lets you watch stats, slow logs, and command activity while an integrated console executes raw Redis commands. Quality-of-life features include JSON viewers, search and filter tools, favorite connections, and dark mode. For everyday operations and troubleshooting, it offers a friendlier alternative to the command line without hiding Redis’s power. -
20
OpenFortiVPN
Client for PPP+TLS VPN tunnel services
openfortivpn is a command-line SSL VPN client for connecting to Fortinet FortiGate gateways without relying on proprietary GUIs. It negotiates the SSL/TLS tunnel, authenticates with credentials (and commonly with two-factor methods), then brings up a secure point-to-point interface and installs routes and DNS settings. The tool aims to be minimal and dependable: a single binary with an INI-style config file, systemd compatibility, and clear runtime diagnostics. It handles details like MTU tuning, split tunneling via pushed routes, and reconnect logic to keep the session stable. Because it works with the standard tun interface, it integrates smoothly with common Linux networking stacks and pairs well with desktop frontends such as NetworkManager plugins. For admins and developers, it’s a scriptable, cross-platform-friendly alternative that makes FortiGate access reliable on servers and developer workstations alike. -
21
A client implementation of Secure Socket Tunneling Protocol (SSTP) for Linux / Mac OS-X that allows remote access via SSTP VPN to Microsoft Windows 2008 Server. This project has been moved to https://gitlab.com/eivnaes/sstp-client
-
22
XX-Net
A web proxy tool
XX-Net is an easy-to-use, anti-censorship web proxy tool from China. It includes GAE_proxy and X-Tunnel, with support for multiple platforms. -
23
gost
GO Simple Tunnel, a simple tunnel written in golang
A simple security tunnel written in Golang. Listening on multiple ports, multi-level forward proxies - proxy chain, standard HTTP/HTTPS/HTTP2/SOCKS4(A)/SOCKS5 proxy protocols support. Probing resistance support for web proxy, TLS encryption via negotiation support for SOCKS5 proxy. Support multiple tunnel types, tunnel UDP over TCP. Local/remote TCP/UDP port forwarding, TCP/UDP Transparent proxy, Shadowsocks Protocol (TCP/UDP), and SNI Proxy. Permission control, load balancing, route control, DNS resolver and proxy, and TUN/TAP Device. In GOST, GOST and other proxy services are considered as proxy nodes, GOST can handle the requests itself, or forward the requests to any one or more proxy nodes. In addition to configuring services directly from the command line, parameters can also be set by specifying the external configuration file with the -C parameter. -
24
Divert
WinDivert: Windows Packet Divert
Windows Packet Divert (WinDivert) is a user-mode packet interception library for Windows 7, Windows 8 and Windows 10. WinDivert can be used to implement user-mode packet filters, sniffers, firewalls, NATs, VPNs, IDSs, tunneling applications, etc. -
25
Tun2Socks
tun2socks , powered by gVisor TCP/IP stack
Proxy Everything: Handle all network traffic of any internet programs sent by the device through a proxy. Proxy Protocols: HTTP/Socks4/Socks5/Shadowsocks with authentication support for remote connections. Run Everywhere. Linux/macOS/Windows/FreeBSD/OpenBSD multi-platform support with specific optimization. Gateway Mode: Act as a layer three gateway to handle network traffic from other devices in the same network. Full IPv6 Support: All functions work in IPv6, tunnel IPv4 connections through IPv6 proxy and vice versa. Network Stack: Powered by user-space TCP/IP stack from Google container application kernel gVisor.
