-
frp
A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.
-
InfluxDB
Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.
-
sshuttle
Transparent proxy server that works as a poor man's VPN. Forwards over ssh. Doesn't require admin. Works with Linux and MacOS. Supports DNS tunneling.
-
SaaSHub
SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives
-
rathole
A lightweight and high-performance reverse proxy for NAT traversal, written in Rust. An alternative to frp and ngrok.
-
pgrok
Poor man's ngrok - a multi-tenant HTTP/TCP reverse tunnel solution through SSH remote port forwarding
-
wstunnel
Tunnel all your traffic over Websocket or HTTP2 - Bypass firewalls/DPI - Static binary available
-
boringproxy
Simple tunneling reverse proxy with a fast web UI and auto HTTPS. Designed for self-hosters.
-
wiretap
Wiretap is a transparent, VPN-like proxy server that tunnels traffic via WireGuard and requires no special privileges to run.
-
pgrok
Discontinued Free Introspected tunnels to localhost, like ngrok but free and unlimited (by jerson)
-
bore
Reverse HTTP/TCP proxy to help you expose a local server behind a NAT or firewall to the internet via secure SSH tunnels. (by jkuri)
-
docker-wireguard-tunnel
Connect two or more Docker servers together sharing container ports between them via a WireGuard tunnel
-
punchmole
Punchmole is a simple tool to give your locally running HTTP servers a public URL and is an easy to self-host alternative to `ngrok` and/or `tunnelmole`.
-
Gravitational Teleport
The easiest, and most secure way to access and protect all of your infrastructure.
-
Netmaker
Netmaker makes networks with WireGuard. Netmaker automates fast, secure, and distributed virtual networks.
-
netbird
Connect your devices into a single secure private WireGuard®-based mesh network with SSO/MFA and simple access controls.
-
firezone
Open-source VPN server and egress firewall for Linux built on WireGuard. Firezone is easy to set up (all dependencies are bundled thanks to Chef Omnibus), secure, performant, and self hostable.
-
SaaSHub
SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives
If you want to self-host, there are many options. For something production ready frp is probably what you want. If you're a developer, I'd recommend starting with my own SirTunnel project and modifying it for your needs. For non-developers and those wanting more of a GUI experience, I created boringproxy. It's my take on a comprehensive tunnel proxy solution. It's in beta but currently solves almost everything I want. Once the server is running this is a very easy tool to use and has some nice features.
If you want to self-host, there are many options. For something production ready frp is probably what you want. If you're a developer, I'd recommend starting with my own SirTunnel project and modifying it for your needs. For non-developers and those wanting more of a GUI experience, I created boringproxy. It's my take on a comprehensive tunnel proxy solution. It's in beta but currently solves almost everything I want. Once the server is running this is a very easy tool to use and has some nice features.
tunnel.pyjam.as - No custom client; uses WireGuard directly instead. Written in Python. source code
ngrok 1.0 - Original version of ngrok. No longer developed in favor of the commercial 2.0 version.
localtunnel/localtunnel - Written in node. Popular suggestion.
sshuttle - Open source project originally from one of the founders of Tailscale. Server doesn't require root; client does. Explicitly designed to avoid TCP-over-TCP issues.
chisel - SSH under the hood, but still uses a custom client binary. Supports auto certs from LetsEncrypt. Written in Go.
bore - Minimal tunneling solution. MIT Licensed. Written in Rust.
rathole - Similar to frp, including the config format, but with improved performance. Low resource consumption. Hot reload. Written in Rust.
expose - ngrok alternative written in PHP.
sish - Open source ngrok/serveo alternative. SSH-based but uses a custom server written in Go. Supports WebSocket tunneling.
progrium/localtunnel - As far as I know this is the first ever tool of this kind, predating ngrok and the other localtunnel. No longer maintained, but here for posterity. MIT License. Written in Go.
gost - Looks like a comprehensive option. TCP and UDP tunneling. TAP/TUN devices. Load balancing. Web API. Written in Go.
go-http-tunnel - Uses a single HTTP/2 connection for muxing. Need to manually generate certs for server and clients.
pgrok/pgrok - A multi-tenant HTTP reverse tunnel solution through SSH remote port forwarding.
wstunnel - Proxies over WebSockets. Focus on proxying from behind networks that block certain protocols. Written in Rust with executables provided.
tunnelto - Open source (MIT). Written in Rust.
zrok - Aims for effortless sharing both publicly and privately. Supports multiple types of resources, including HTTP endpoints and files. Built on OpenZiti (see overlay section below). Apache 2 License. Written in Go.
gsocket/Global Socket - The Global Socket Tookit allows two users behind NAT/Firewall to establish a TCP connection with each other. Securely. Written in C.
boringproxy - Designed to be very easy to use. No config files. Clients can be remote-controlled through a simple WebUI and/or REST API on the server.
jprq - Proxies over WebSockets. Written in Go.
Tunnelmole - Open source and optionally self hostable. The client and server are both written in TypeScript.
Wiretap - Transparent tunneling over WireGuard (UDP) using userspace network stack. Root not required on server. Supports multiple clients and servers. Written in Go.
PageKite - Comprehensive open source solution with hosted options.
portr - Has a JavaScript/Python admin page and request inspection/replay features. AGPL-3.0 License. Tunneling implemented in Go.
Crowbar - Tunnels TCP connections over HTTP GET and POST requests.
tunneller - Open source. Written in Go.
onionpipe - Onion addresses for anything. onionpipe forwards ports on the local host to remote Onion addresses as Tor hidden services and vice-versa. Written in Go.
tunnel - This one is a Golang library, not a program you can just run. However, it looks easy to use for creating custom solutions. Uses a single TCP socket, and yamux for multiplexing.
tunnel - This one is a Golang library, not a program you can just run. However, it looks easy to use for creating custom solutions. Uses a single TCP socket, and yamux for multiplexing.
jerson/pgrok - Fork of ngrok 1.0, with more recent commits. Archived.
remotemoe - SSH-based, with custom golang server. Does some cool unique things. Instead of just plain tunnels, it drops you into a basic CLI UI that offers several useful commands interactively, such as adding a custom hostname. Also allows end-to-end encryption for both HTTPS and upstream SSH. Doesn't appear to offer non-e2e HTTPS, ie no auto Let's Encrypt support.
docker-tunnel - Simple Docker-based nginx+SSH solution.
hypertunnel - Public server appears to be down. MIT Licensed. Written in JavaScript.
hypertunnel - Public server appears to be down. MIT Licensed. Written in JavaScript.
tunwg - Wireguard in userspace based. Offers end to end encrypted TLS with LetsEncrypt certificates generated automatically by clients, with support for custom domains. Server can be self-hosted and doesn't require storing any data.
reverse-tunnel - Support TCP and UDP tunnels. Has docker images. Supports Let's Encrypt. MIT License. Written in Go.
gt - Supports peer-to-peer direct connection (P2P) and Internet relay. Focus on performance. Written in Go.
holepunch - Has nice hosted solution. Uses SSH for muxing.
jkuri/bore - Reverse HTTP/TCP proxy via SSH. Written in Go.
cactus-tunnel - 🌵 A charming TCP tunnel over WebSocket and Browser. Written in TypeScript.
docker-wireguard-tunnel - Connect two or more Docker servers together sharing container ports between them via a WireGuard tunnel.
tnnlink - SSH-based. Golang. Not maintained.
specter - Interesting approach utilizing a DHT. QUIC transport. MIT License. Written in Go.
ngtor - Easily expose local services via Tor. Written in Java.
Punchmole - Can be integrated directly into an existing Node.js project. Written in JavaScript.
ephemeral-hidden-service - Create ephemeral Tor hidden services from the command line. Written in Python.
Cloudflare Tunnel - Excellent free option. Nicely integrates tunneling with the rest of Cloudflare's products, which include DNS and auto HTTPS. Client source code is Apache 2.0 licensed and written in Golang.
inlets - Used to be open source; now focused on a polished commercial offering. Designed to work well with Kubernetes.
playit.gg - Specifically marketed as tunneling for game servers. Client is open source. Server is not. Has a free tier. TCP and UDP supported. Custom domains and dedicated IPs available. Client written in Rust.
StaqLab Tunnel - SSH-based. The client is open source. The server doesn't appear to be.
headscale - Open source implementation of Tailscale control server. Can be used with Tailscale's official open source client. Written in Go.
Tailscale - Built on WireGuard. Easy to use. Control server is closed source. Client code available with a BSD3 license + separate patents file.
Teleport - Comprehensive control plane tool, but also supports accessing apps behind NATs. Written in Go.
Nebula - Peer-to-peer overlay network. Developed and used internally by Slack. Similar to Tailscale but completely open source. Doesn't use WireGuard. Written in Go.
Nebula - Peer-to-peer overlay network. Developed and used internally by Slack. Similar to Tailscale but completely open source. Doesn't use WireGuard. Written in Go.
ZeroTier - Layer 2 overlay network. They take decentralization seriously, and like to say "decentralize until it hurts, then centralize until it works." Written in C++.
Netmaker - Layer 3 peer-to-peer overlay network and private DNS. Similar to Tailscale, but with a self-hosted server/admin UI. Runs kernel WireGuard so very fast. Not FOSS, but the source code is available. Written in Go.
NetBird - NetBird is an open-source VPN management platform built on top of WireGuard® making it easy to create secure private networks for your organization or home.
Firezone - Layer 3/4 overlay network. Runs on kernel WireGuard® and supports SSO using generic OIDC/SAML connectors. Distributed under Apache 2.0 license and written in Elixir/Rust.
n2n - - Built on nodes and supernodes. GPL-3.0 license. Written in C.
Related posts
-
Russia starts blocking VPN at the protocol (WireGuard, OpenVPN) level
-
WireGuard client that exposes itself as a HTTP/SOCKS5 proxy
-
Russia has started indiscriminately blocking all OpenVPN/WireGuard connections
-
Lpweb: Expose local HTTP service using libp2p
-
What is currently the bee's knees method for accessing your home stuff from outside?