WireGuard-powered peer-to-peer tunnels, access policies, and MagicDNS — all running on your infrastructure.
Every peer-to-peer connection is secured with WireGuard — the fastest, most auditable VPN protocol available.
Define fine-grained ACL rules to control exactly which peers can reach which resources, with default-deny enforcement.
Run the management plane, signal server, and relay entirely on your own infrastructure — no third-party cloud required.
Automatically assign stable DNS names to every enrolled device so you never need to remember IP addresses again.
Expose entire on-prem subnets through a single agent, giving remote peers seamless access to internal services.
Every administrative action is recorded with timestamp and actor so you always have a complete trail.
One binary, zero dependencies. Runs on Linux, macOS, and Windows.
Authenticate with your identity provider — the device is enrolled automatically.
Peers connect directly via WireGuard tunnels. No traffic leaves through the relay unless needed.
Deploy in minutes on your own infrastructure.
Get Started Free