For registro de contenedores privado para acceso a red, the strongest matches are lldap/lldap (lldap is a lightweight LDAP identity provider for user), tzapu/wifimanager (WiFiManager is a captive portal framework for ESP8266 microcontrollers) and nmap/nmap (Nmap is a network scanning and device fingerprinting tool). yunohost/yunohost and casbin/casbin round out the shortlist. Each is ranked by relevance to your query, popularity and recent activity.
Curamos repositorios de código abierto en GitHub que coinciden con “network access registries”. Los resultados están clasificados por relevancia según tu búsqueda; usa los filtros de abajo para acotar o refina con IA.
lldap is a lightweight LDAP identity provider for user authentication, which is a building block of a network access control system, but it does not itself manage network device registries, RADIUS, captive portals, or policy-based access enforcement as required.
WiFiManager is a captive portal and web server framework used for configuring wireless credentials and network settings on ESP8266 microcontrollers. It provides an embedded network configuration interface that allows users to connect devices to a wireless network via a web browser rather than hardcoding credentials. The system functions by temporarily acting as a wireless host and redirecting incoming web requests to a local configuration page. It distinguishes itself through a customizable portal that supports user-defined input parameters, visual themes, and multi-language localization to c
WiFiManager is a captive portal framework for ESP8266 microcontrollers to configure WiFi credentials, not a system for managing authorized network devices or users—it lacks RADIUS, LDAP, policy-based access, VLAN assignment, and device fingerprinting, making it a building block rather than a full network access control solution.
Nmap is a command-line network security scanner and reconnaissance framework designed for infrastructure mapping and security auditing. It functions as a packet crafting utility that probes target systems to identify active hosts, detect open ports, and determine the services and operating systems running on a network. The tool distinguishes itself through its ability to perform raw socket packet injection and stateful connection tracking, allowing it to bypass standard operating system networking stacks. It utilizes an asynchronous concurrency model to manage large-scale network scans and em
Nmap is a network scanning and device fingerprinting tool that can assist with discovery and reconnaissance, but it is not a self-hostable network access control system managing authentication, policies, or VLAN assignment.
YunoHost is a self-hosted server management platform designed for deploying, configuring, and maintaining a suite of open source applications on a private server. It functions as a package-based application orchestrator that installs and updates software from a curated catalog using standardized deployment scripts. The platform features a centralized identity management system using a directory service to synchronize user accounts and credentials across hosted applications for single sign-on access. It includes an integrated reverse proxy to route network traffic to backend services based on
YunoHost is a self-hosted server management platform for deploying apps and managing users via LDAP, but it does not provide the core network access control features like MAC address management, RADIUS authentication, or captive portal—making it a poor fit for this search.
Casbin is an authorization library that provides a model-based engine for enforcing access control across diverse application environments. It decouples authorization logic from application code by using a configuration-driven approach, allowing developers to define access rules and evaluation logic independently. The system supports a wide range of access control models, including role-based, attribute-based, and relationship-based patterns, which are evaluated at runtime to determine if a subject is permitted to perform an action on a resource. The project distinguishes itself through a hig
Casbin is an authorization library for application-level access control, not a self-contained network access control system that manages devices, RADIUS, or captive portals — it is a building block for access logic, not the network-level system you need.
pfSense is an open-source operating system that turns a standard computer into a dedicated firewall and router with a web-based management interface. It runs on the FreeBSD kernel with the pf packet filter for stateful firewall and NAT processing, and manages all settings through a PHP-driven web interface that writes to XML configuration files. The platform provides a comprehensive set of network security capabilities accessible through its browser-based control panel. Users can configure packet filtering rules to control traffic flow between network segments, manage network address translat
pfSense is a full-featured firewall and router platform that supports captive portal and RADIUS authentication, but its core identity is not a dedicated network access control system—it lacks a built-in device registry and policy-based access control tailored to authorized network access management.
ntopng is a web-based network traffic monitoring tool and flow data aggregator. It functions as a network security monitor, an SNMP network management system, and an industrial protocol analyzer for OT and SCADA environments. The system provides specialized inspection for industrial protocols such as Modbus, DNP3, and IEC 60870. It distinguishes itself through behavioral threat detection, encrypted traffic analysis via handshake fingerprinting, and the ability to identify hardware and operating systems using DHCP and MAC address patterns. Its broader capabilities include real-time traffic an
ntopng is a network traffic monitoring and security analytics tool that can identify devices via MAC and DHCP fingerprints, but it does not enforce access control policies, RADIUS authentication, captive portal, or VLAN assignment — it is a monitoring companion, not a network access control system itself.
Calico is a cloud-native networking and security solution designed to connect containerized workloads across virtual machines, bare metal, and multi-cloud environments. It provides a routing solution based on the Border Gateway Protocol to manage cluster traffic and implement the Container Network Interface for pod connectivity and IP address management. The project distinguishes itself through a security layer that enforces network policies based on identities and labels rather than static addresses. It includes a policy engine for controlling traffic flow, a cluster network encryptor for se
Calico focuses on cloud-native container networking and policy enforcement for Kubernetes workloads, not on traditional network access control features like MAC address management, RADIUS, or captive portals that this search requires.
This project is a wireless hotspot management interface for Debian devices. It provides a web-based controller for managing wireless access points, wireless repeaters, VPN gateways, and DNS ad-blocking filters. The system includes a captive portal framework to intercept network traffic via customizable splash pages and a VPN controller that supports WireGuard and OpenVPN with kill-switch functionality. It further differentiates itself with a DNS ad-blocking filter using curated blacklists and the ability to operate in multiple network modes, including bridged access point and wireless repeate
RaspAP is a wireless hotspot management interface with a captive portal, but it focuses on configuring access points and VPNs rather than providing a full registry of authorized devices with RADIUS, LDAP, or policy-based access control that a network access control system requires.
Kanidm is a centralized identity management server designed to handle authentication, authorization, and directory services across distributed infrastructure. It provides a comprehensive framework for managing human and service accounts, utilizing a schema-driven database to store identity records, group memberships, and system attributes. The platform supports a wide range of authentication methods, including passkeys, passwords, and standard protocols like OAuth2, OIDC, LDAP, and RADIUS. The system distinguishes itself through a granular access control engine that enforces security policies
Kanidm is an identity and access management server with RADIUS and LDAP support, which can underpin network authentication, but it lacks the device-focused features like MAC address management, captive portal, and VLAN assignment that define a full network access control system.
This project is a public key infrastructure management system designed to automate the issuance, renewal, and revocation of X.509, TLS, and SSH certificates. It functions as a machine identity provider and certificate authority, enabling the establishment of private PKI to secure inter-service communication and remote access. The system distinguishes itself through hardware-bound identity attestation, which ties cryptographic keys to physical device silicon or TPMs to prevent credential exfiltration. It supports a wide array of identity verification mechanisms, including OIDC, cloud-provider
smallstep/certificates is a certificate authority and machine identity platform, not a network access control system that manages MAC addresses, RADIUS authentication, captive portals, or VLAN assignments.
3proxy is a multi-protocol proxy server and network access control gateway. It functions as a network traffic forwarder capable of routing TCP and UDP traffic across HTTP, SOCKS, and various email and file protocols. The project provides specialized capabilities for secure traffic inspection, including the decryption and analysis of HTTPS and TLS streams through certificate spoofing and mutual authentication. It further supports client identity anonymization by routing outbound traffic through recursive upstream proxy chains. The software covers a broad range of network management functions,
3proxy is a multi-protocol proxy server with RADIUS authentication support, but it lacks the device registration, MAC address management, captive portal, and network-level policy enforcement expected of a full network access control system—it is a building-block tool rather than a complete NAC solution.
Pangolin is a zero-trust remote access platform designed to provide secure, identity-aware connectivity to private network resources. It functions as a cloud-native network controller that orchestrates encrypted tunnels, traffic routing, and access policies across distributed environments. By leveraging WireGuard for secure data transport, the platform enables authenticated access to internal web applications, terminal sessions, and remote desktops without exposing services to the public internet. The platform distinguishes itself through a declarative infrastructure model that synchronizes n
Pangolin is a zero-trust remote access platform for securely exposing private services via WireGuard tunnels and identity-aware policies, but it does not manage MAC addresses, RADIUS authentication, captive portals, or VLAN assignment at the network layer, so it is a neighbouring category rather than a full network access control system.
Headscale is a self-hosted control plane for private mesh networking that enables the creation of secure, encrypted peer-to-peer networks. By acting as a centralized coordination server, it manages device authentication, cryptographic key exchange, and network topology, allowing distributed infrastructure to communicate without relying on third-party services. It implements a zero-trust security architecture, verifying device and user identity before granting access to internal resources. The project distinguishes itself by providing a fully independent, self-hosted alternative for managing n
Headscale is a self-hosted control plane for private mesh networking (a Tailscale-style VPN server) that authenticates devices and manages encrypted peer-to-peer connections, but it does not provide the MAC-address management, RADIUS authentication, captive portal, or VLAN assignment typical of a network access control system for wired or wireless infrastructure.
Foreman is a lifecycle infrastructure management platform used for automating the provisioning, configuration, and monitoring of physical, virtual, and cloud servers. It serves as a central hub for managing the entire lifespan of a server, from initial deployment and operating system upgrades to decommissioning and auditing. The platform functions as a hybrid cloud manager and bare-metal provisioning tool, providing a unified interface to control virtual machine lifecycles across diverse hypervisors and public cloud providers. It automates hardware discovery and operating system deployment us
Foreman is a server lifecycle management platform (provisioning, configuration, monitoring) rather than a network access control system; it does not handle RADIUS, captive portals, MAC address management, or policy-based network access, so it is a neighbouring infrastructure tool but not what this search asks for.
| Repositorio | Estrellas | Lenguaje | Licencia | Último push |
|---|---|---|---|---|
| lldap/lldap | 6.3K | Rust | GPL-3.0 | |
| tzapu/wifimanager | 7.2K | C++ | MIT | |
| nmap/nmap | 13.1K | C | NOASSERTION | |
| yunohost/yunohost | 2.8K | Python | agpl-3.0 | |
| casbin/casbin | 19.8K | Go | apache-2.0 | |
| pfsense/pfsense | 5.7K | PHP | Apache-2.0 | |
| ntop/ntopng | 7.9K | Lua | GPL-3.0 | |
| projectcalico/calico | 7.3K | Go | Apache-2.0 | |
| raspap/raspap-webgui | 5.2K | PHP | GPL-3.0 | |
| kanidm/kanidm | 4.6K | Rust | mpl-2.0 |