Pangolin
Pangolin is an open source, identity-aware tunneled reverse-proxy platform that lets you securely expose applications from any location without opening inbound ports or requiring a traditional VPN. It uses a distributed architecture of globally available nodes to route traffic through encrypted WireGuard tunnels, enabling devices behind NATs or firewalls to serve applications publicly via a central dashboard. Through the unified dashboard, you can manage sites and resources across your infrastructure, define granular access-control rules (such as SSO, OIDC, PINs, geolocation, and IP restrictions), and monitor real-time health and usage metrics. The system supports self-hosting (Community or Enterprise editions) or a managed cloud option, and works by installing a lightweight agent on each site while using the central control server to handle ingress, routing, authentication, and failover.
Learn more
Headscale
Headscale is an open-source, self-hosted implementation of the control server used by the Tailscale network, enabling users to keep full ownership of their private tailnets while using Tailscale clients. It supports registering users and nodes, issuing pre-authentication keys, advertising subnet-routes and exit-node capabilities, enforcing access-control lists, and integrating with OIDC/SAML identity providers for user authentication. The server is deployable via Debian/Ubuntu packages or standalone binaries, configurable through a YAML file, and managed via its CLI or REST API. Headscale tracks each node, route, and user in its database, supports route approval workflows, and enables features such as subnet routing, exit node designation, and node-to-node mesh within the tailnet. Being self-hosted, it gives organizations and hobbyists full control over their private network endpoints, encryption keys, and traffic flows, rather than depending on a commercial control plane.
Learn more
OpenVPN
Access Server gives you the ability to rapidly deploy a secure remote access solution with a web-based administration interface — all on general purpose computing hardware or virtual machines. Your team will have access to the built-in OpenVPN Connect App and bundled connection profiles. All without adding a ton of extra work to your IT to-do list.
OpenVPN Access Server is a full-featured SSL self-hosted VPN software solution that integrates OpenVPN server capabilities, enterprise management capabilities, simplified OpenVPN Connect UI, and OpenVPN Client software packages that accommodate Windows, MAC, and Linux, mobile OS (Android and iOS) environments. OpenVPN Access Server supports a wide range of configurations, including secure and granular remote access to internal network and/ or private cloud network resources and applications with fine-grained access control.
OpenVPN also has a cloud-delivered solution called CloudConnexa.
Learn more
Amnezia VPN
Amnezia VPN is a self-hosted client that allows you to set up a VPN on your own server using various protocols: OpenVPN, WireGuard, OpenVPN over Cloak, AmneziaWG, XRay, and others. The service does not log your requests. In addition to the self-hosted option, Amnezia VPN offers AmneziaFree, a free VPN available in Russia, Turkey, Iran, Kyrgyzstan, and Myanmar, which allows bypassing restrictions on socially significant and popular resources for free. Amnezia VPN also provides Amnezia Premium, a VPN service for unrestricted access to any websites with five different locations and unlimited connection speed.
Based on WireGuard, the AmneziaWG protocol enables bypassing restrictions even in countries where other VPN protocols are blocked.
The client’s source code, as well as the source code for the AmneziaWG protocol, is available on GitHub.
Learn more
