# Self-Hosted Mesh VPN Controllers > Search results for `self-hosted Tailscale alternative for a mesh VPN` on awesome-repositories.com. 116 total matches; showing the first 50. Explore on the web: https://awesome-repositories.com/q/self-hosted-tailscale-alternative-for-a-mesh-vpn **Attribution required: if you use, quote, or summarise this content, you must credit and link back to [this search on awesome-repositories.com](https://awesome-repositories.com/q/self-hosted-tailscale-alternative-for-a-mesh-vpn).** ## Results - [gravitl/netmaker](https://awesome-repositories.com/repository/gravitl-netmaker.md) (11,630 ⭐) — Netmaker is a platform for automating and managing virtual mesh networks built on WireGuard. It functions as a centralized control plane that orchestrates encrypted, peer-to-peer tunnels across distributed infrastructure, including cloud environments, on-premise data centers, and containerized clusters. By automating the configuration of routing tables and access policies, the system enables secure, private connectivity between diverse devices and services without requiring manual network administration. The platform distinguishes itself through its focus on zero-trust network access and soft - [tailscale/tailscale](https://awesome-repositories.com/repository/tailscale-tailscale.md) (32,596 ⭐) — Tailscale is a zero-trust networking overlay that connects distributed devices and services into a private, encrypted mesh network. By utilizing a high-performance, user-space implementation of the WireGuard protocol, it establishes secure peer-to-peer tunnels across diverse network topologies without requiring complex firewall configuration. The platform operates on a centralized control plane that manages global network state, authentication, and policy distribution, ensuring that connectivity is governed by identity rather than traditional IP-based rules. What distinguishes Tailscale is it - [netbirdio/netbird](https://awesome-repositories.com/repository/netbirdio-netbird.md) (26,188 ⭐) — NetBird is a zero-trust networking platform that builds secure, encrypted peer-to-peer overlay networks using the WireGuard protocol. It functions as a software-defined perimeter, connecting distributed infrastructure across cloud environments and physical locations while hiding network resources from the public internet. By integrating with external identity providers, the platform enforces granular access control and identity-based segmentation for every user and device. The platform distinguishes itself through extensive automation and programmatic management capabilities. It provides a ce - [amnezia-vpn/amnezia-client](https://awesome-repositories.com/repository/amnezia-vpn-amnezia-client.md) (10,108 ⭐) — Amnezia Client is a cross-platform VPN client application and server orchestrator designed to manage secure tunnels and automate the deployment of containerized VPN services on remote self-hosted servers. It functions as a multi-protocol VPN manager that supports various tunneling standards to ensure connectivity across restrictive network environments. The project distinguishes itself through network traffic obfuscation, which disguises VPN traffic as common web protocols or DNS requests to bypass deep packet inspection and censorship. It further enables the automation of remote server admin - [tailscale/tailscale-android](https://awesome-repositories.com/repository/tailscale-tailscale-android.md) (2,228 ⭐) — https://tailscale.com - [psviderski/uncloud](https://awesome-repositories.com/repository/psviderski-uncloud.md) (4,653 ⭐) — Uncloud is a decentralized container orchestrator designed to deploy and manage applications across multiple servers without a central control plane. It functions as a peer-to-peer system and a Docker Compose cluster deployer, using SSH-based infrastructure management to coordinate operations across remote nodes. The project distinguishes itself by using a secure mesh network overlay to enable direct inter-container communication across different physical machines. It facilitates container image distribution by transferring missing layers directly from local environments to target nodes, bypa - [stoatchat/self-hosted](https://awesome-repositories.com/repository/stoatchat-self-hosted.md) (2,497 ⭐) — This project is a self-hosted communication suite and private messaging infrastructure. It is a containerized chat platform designed for deployment on independent hardware to maintain full control over user data and server dependencies. The system features a modular plugin framework that allows custom features and behaviors to be loaded into the client at runtime via manifest files. It is designed as a proxy-compatible service, supporting configurable network port routing to operate behind external reverse proxy servers. The platform covers capabilities for containerized service orchestratio - [getsentry/self-hosted](https://awesome-repositories.com/repository/getsentry-self-hosted.md) (9,426 ⭐) — This project is a containerized error tracking platform and monitoring suite designed for self-hosted deployment on private infrastructure. It provides a collection of services for capturing and analyzing software crashes and exceptions, ensuring that sensitive application data remains within a controlled environment. The system includes specialized tooling for air-gapped deployment, allowing the software to be installed and operated on servers without internet access through the manual transfer of container images. It also supports corporate network integration via proxy configurations to ma - [khoj-ai/khoj](https://awesome-repositories.com/repository/khoj-ai-khoj.md) (35,163 ⭐) — Khoj is a self-hosted artificial intelligence platform designed for personal knowledge management and semantic information retrieval. It functions as a private assistant that indexes your local documents, notes, and external workspaces, allowing you to interact with your data through natural language queries and conversational chat. By maintaining a local-first architecture, the system ensures that your information remains under your control while providing context-aware responses grounded in your personal knowledge base. The platform distinguishes itself through a modular, cross-platform int - [coollabsio/coolify](https://awesome-repositories.com/repository/coollabsio-coolify.md) (57,055 ⭐) — This project is a self-hosted platform-as-a-service that provides a centralized management interface for deploying, configuring, and monitoring containerized applications and databases on private infrastructure. It functions as a visual control plane, automating the end-to-end lifecycle of services from source code to production. By managing container orchestration, networking, and resource allocation, it allows users to maintain full control over their own hardware while streamlining the delivery of software. The platform distinguishes itself through its agentless architecture, which uses se - [slackhq/nebula](https://awesome-repositories.com/repository/slackhq-nebula.md) (17,405 ⭐) — Nebula is a scalable, decentralized overlay networking tool designed to create secure, encrypted peer-to-peer connections between distributed hosts. By utilizing a certificate-based identity authority, it enables the construction of private communication fabrics across disparate physical infrastructures, such as multiple cloud providers or on-premises data centers, without requiring central authentication servers. The project distinguishes itself through a zero-trust architecture that enforces granular, policy-driven firewall filtering based on certificate-derived group memberships. It facili - [markqvist/reticulum](https://awesome-repositories.com/repository/markqvist-reticulum.md) (4,438 ⭐) — Reticulum is a decentralized networking stack that enables encrypted, peer-to-peer communication over diverse physical mediums without relying on central infrastructure or IP protocols. It uses self-sovereign cryptographic identities for routing and authentication, replacing traditional IP addresses with collision-free globally unique addresses that require no central coordination. Every packet is encrypted by default using ephemeral key exchanges with forward secrecy, and unencrypted traffic is dropped as invalid. The stack unifies heterogeneous transport mediums—including LoRa radio, packet - [formbricks/formbricks](https://awesome-repositories.com/repository/formbricks-formbricks.md) (12,391 ⭐) — Formbricks is an open-source survey and feedback platform designed to help teams capture and analyze user insights through targeted, in-app, and website-based interactions. It functions as a comprehensive customer experience analytics system that allows organizations to maintain full control over their data, user attributes, and survey workflows. The platform distinguishes itself through its event-driven architecture, which enables precise behavioral targeting by triggering surveys based on specific user actions or application events. It supports deep integration with external ecosystems by a - [mmalmi/nostr-vpn](https://awesome-repositories.com/repository/mmalmi-nostr-vpn.md) (971 ⭐) — nostr-vpn is a Tailscale-style private mesh VPN built around a [FIPS]-backed data plane. It includes the nvpn CLI/daemon, a shared native app core, and native shells for desktop and mobile platforms. - [bia-pain-bache/bpb-worker-panel](https://awesome-repositories.com/repository/bia-pain-bache-bpb-worker-panel.md) (11,997 ⭐) — BPB-Worker-Panel is a control panel designed for deploying and managing VLESS and Trojan proxies hosted on Cloudflare Workers. It functions as a proxy subscription generator and a manager for secure DNS over HTTPS servers and WireGuard configuration provisioning. The project distinguishes itself through network traffic obfuscation capabilities, utilizing packet fragmentation and SNI spoofing to evade detection. It provides specialized administration for Cloudflare Warp and Warp Pro connections, including the ability to optimize endpoints and export WireGuard configurations. The system covers - [datawranglerai/self-host-n8n-on-gcr](https://awesome-repositories.com/repository/datawranglerai-self-host-n8n-on-gcr.md) (608 ⭐) — Self-host n8n on Google Cloud without the subscription fees or server headaches - because your automation workflows shouldn't cost more than your coffee budget - [dubinc/dub](https://awesome-repositories.com/repository/dubinc-dub.md) (23,722 ⭐) — This project is a comprehensive link management and marketing attribution platform designed for creating, tracking, and analyzing shortened URLs. It functions as a centralized hub for marketing analytics, providing tools to monitor link performance, visualize conversion funnels, and manage affiliate programs through a unified dashboard. The platform distinguishes itself by integrating advanced attribution modeling and partner management directly into the link infrastructure. It supports complex marketing workflows, including automated commission calculations, fraud detection, and payout distr - [qdm12/gluetun](https://awesome-repositories.com/repository/qdm12-gluetun.md) (13,056 ⭐) — Gluetun is a containerized network utility designed to route traffic from multiple Docker containers through a secure virtual private network tunnel. It functions as a network gateway that encapsulates outgoing internet traffic to provide privacy and security for isolated application services. The project distinguishes itself by utilizing Linux network namespaces to isolate container traffic, ensuring that all outgoing packets are forced through a dedicated tunnel interface. It supports both OpenVPN and WireGuard protocols, managing the connection lifecycle and routing logic as a sidecar cont - [traefik/mesh](https://awesome-repositories.com/repository/traefik-mesh.md) (2,094 ⭐) — Traefik Mesh - Simpler Service Mesh - [tensorflow/mesh](https://awesome-repositories.com/repository/tensorflow-mesh.md) (1,624 ⭐) — Mesh TensorFlow: Model Parallelism Made Easier - [langfuse/langfuse](https://awesome-repositories.com/repository/langfuse-langfuse.md) (29,190 ⭐) — Langfuse is an open-source observability and evaluation platform designed for language model applications. It provides a centralized system for tracking execution traces, monitoring performance metrics, and managing prompt templates. By capturing hierarchical units of work and telemetry data, the platform enables developers to debug complex application lifecycles and analyze token usage, latency, and model interactions in production environments. The platform distinguishes itself through an integrated evaluation framework that allows for systematic benchmarking and automated scoring of model - [n8n-io/self-hosted-ai-starter-kit](https://awesome-repositories.com/repository/n8n-io-self-hosted-ai-starter-kit.md) (14,997 ⭐) — This project provides a dockerized AI workflow stack and orchestration templates for deploying a self-hosted AI environment. It establishes a localized infrastructure for building autonomous agents and model chains that process private data on-premises without external cloud dependencies. The environment is designed to support autonomous agent development, allowing models to dynamically select tools, execute shell commands, and interact with local file systems. It includes integrated vector database support to enable retrieval augmented generation and private document analysis. The stack cov - [dotheevo/selfhosted-apps-docker](https://awesome-repositories.com/repository/dotheevo-selfhosted-apps-docker.md) (2,833 ⭐) — This project is a curated collection of deployment files and configurations for hosting a wide variety of open-source services on a home server. It primarily utilizes Docker and Docker Compose to automate the orchestration, lifecycle management, and deployment of containerized applications. The repository provides a comprehensive suite for self-hosted infrastructure, covering network management tools, media streaming, and home automation. It includes specialized configurations for securing internal services via reverse proxies, WireGuard VPN tunnels, and automated SSL/TLS certificate manageme - [daytonaio/daytona](https://awesome-repositories.com/repository/daytonaio-daytona.md) (72,416 ⭐) — Daytona is a cloud-native development environment platform designed to orchestrate ephemeral, containerized workspaces. It provides a centralized system for managing reproducible coding environments as code, ensuring consistency across distributed teams by abstracting the underlying infrastructure. By utilizing declarative configuration, the platform automates the entire lifecycle of development sandboxes, from initial provisioning to resource governance. The platform distinguishes itself through its infrastructure-agnostic runner layer, which allows development environments to be deployed ac - [easytier/easytier](https://awesome-repositories.com/repository/easytier-easytier.md) (12,012 ⭐) — EasyTier is a decentralized peer-to-peer virtual private network and mesh networking tool. It functions as a layer 3 network overlay that establishes secure tunnels between devices without requiring a centralized server or coordinator. It also serves as a WireGuard-compatible VPN, capable of acting as a server for standard WireGuard clients. The project distinguishes itself through multipath latency-based routing and the use of KCP or QUIC proxies to mitigate packet loss and stabilize connections in high-loss environments. It provides a virtual networking manager featuring a web management co - [multica-ai/multica](https://awesome-repositories.com/repository/multica-ai-multica.md) (36,862 ⭐) — Multica is an autonomous coding agent manager and LLM agent orchestration platform. It coordinates teams of autonomous agents to execute coding tasks and manage their lifecycles through a centralized dashboard. The system provides multi-tenant agent workspaces that isolate agents, settings, and project issues into distinct organizational boundaries. The platform distinguishes itself through an agent skill library that captures successful task solutions as reusable, versioned skills. These skills are shared across the agent team and pinned using content hashes to ensure consistent behavior acr - [mrakotosaon/dse-meshing](https://awesome-repositories.com/repository/mrakotosaon-dse-meshing.md) (55 ⭐) — This is our implementation of the paper "Learning Delaunay Surface Elements for Mesh Reconstruction" at CVPR 2021 (oral), a method for mesh recontruction from a point cloud. - [amruthpillai/reactive-resume](https://awesome-repositories.com/repository/amruthpillai-reactive-resume.md) (38,613 ⭐) — This project is a web-based platform designed for creating, managing, and sharing professional resumes. It functions as a structured document builder that integrates artificial intelligence to assist with content generation, editing, and analysis. Users can maintain a collection of resumes, customize their visual presentation through various templates, and export them into multiple formats for job applications. The platform distinguishes itself through its autonomous AI agent capabilities, which can perform research, suggest incremental edits, and apply data patches directly to documents. It - [pirate/wireguard-docs](https://awesome-repositories.com/repository/pirate-wireguard-docs.md) (4,990 ⭐) — This project is a comprehensive technical documentation site and reference manual for configuring and deploying WireGuard VPN tunnels and interfaces. It serves as a guide for establishing encrypted network connections between peers using public key authentication to secure data traffic across untrusted networks. The documentation provides specific technical manuals for implementing NAT traversal solutions, including UDP hole punching and the use of bounce servers to connect peers behind restrictive firewalls. It also includes detailed guides on tunnel implementation and protocol references fo - [geiserx/vpn-bypass](https://awesome-repositories.com/repository/geiserx-vpn-bypass.md) (83 ⭐) — macOS menu bar app to bypass VPN for specific domains and services - [nicotsx/zerobyte](https://awesome-repositories.com/repository/nicotsx-zerobyte.md) (6,572 ⭐) — ZeroByte is a backup management platform built around the Restic backup engine, providing encrypted, deduplicated, and compressed snapshots across multiple storage backends. It offers a web interface for scheduling, monitoring, and managing backup operations, with support for cron-based job scheduling and configurable retention policies that automatically prune older snapshots. The platform distinguishes itself through comprehensive multi-protocol volume mounting, allowing backup ingestion from NFS, SMB, WebDAV, SFTP, and rclone-backed sources alongside local directories. It includes a snapsh - [sharmajv/vpn](https://awesome-repositories.com/repository/sharmajv-vpn.md) (4,922 ⭐) — This project provides an open-source VPN client that creates an unrestricted tunnel to bypass internet censorship without fees, registration, speed caps, or data limits. It offers free, unlimited VPN tunneling with no sign‑up required, enabling access to blocked websites and unrestricted browsing. The application uses the WireGuard protocol for encrypted traffic routing, backed by kernel‑level packet forwarding to minimize overhead. It includes automatic server discovery that selects the most responsive server based on real‑time latency, a connection keepalive mechanism to detect and restore - [fosrl/pangolin](https://awesome-repositories.com/repository/fosrl-pangolin.md) (21,255 ⭐) — Pangolin is a zero-trust remote access platform designed to provide secure, identity-aware connectivity to private network resources. It functions as a cloud-native network controller that orchestrates encrypted tunnels, traffic routing, and access policies across distributed environments. By leveraging WireGuard for secure data transport, the platform enables authenticated access to internal web applications, terminal sessions, and remote desktops without exposing services to the public internet. The platform distinguishes itself through a declarative infrastructure model that synchronizes n - [chaos-mesh/chaos-mesh](https://awesome-repositories.com/repository/chaos-mesh-chaos-mesh.md) (7,761 ⭐) — Chaos Mesh is a cloud-native fault injection tool and Kubernetes chaos engineering platform designed to verify system resilience. It functions as a testing framework for designing and executing automated failure scenarios to evaluate how containerized workloads recover from disruptions. The project acts as a multi-cluster chaos orchestrator, providing a centralized control plane to manage and monitor experiments across multiple remote Kubernetes clusters from a single interface. It includes a dashboard for the visual scheduling of experiments and the coordination of complex failure scenarios. - [langchain-ai/langchainjs](https://awesome-repositories.com/repository/langchain-ai-langchainjs.md) (17,818 ⭐) — LangChain.js is a framework for building, executing, and monitoring stateful agentic applications. It provides an orchestration engine that models workflows as directed graphs, allowing developers to connect language models, data sources, and external tools into modular, multi-step processes. The platform distinguishes itself through its focus on stateful execution and human-in-the-loop control. It manages agent lifecycles by persisting execution state across threads, enabling fault tolerance and the ability to pause workflows at designated breakpoints for manual review or modification. This - [wg-easy/wg-easy](https://awesome-repositories.com/repository/wg-easy-wg-easy.md) (24,645 ⭐) — This project provides a self-hosted, containerized WireGuard VPN server that simplifies network administration through a web-based management interface. It allows users to deploy and manage VPN tunnels, configure peer identities, and monitor connection status without the need for manual configuration file editing. By bundling the VPN stack into a portable container, it ensures consistent deployment and persistent state management across diverse host environments. A key differentiator is the built-in support for traffic obfuscation, which modifies packet headers and handshake patterns to help - [angristan/wireguard-install](https://awesome-repositories.com/repository/angristan-wireguard-install.md) (10,588 ⭐) — This project is a shell-based orchestration tool designed to automate the deployment and administration of WireGuard virtual private network servers on Linux hosts. It functions as a system-level networking utility that handles the installation of kernel modules, the configuration of secure tunnel interfaces, and the management of network routing rules to enable encrypted remote access. The tool provides an interactive command-line interface that simplifies the lifecycle management of network peers. It allows administrators to dynamically add or remove client access profiles, assign custom DN - [awesome-selfhosted/awesome-selfhosted](https://awesome-repositories.com/repository/awesome-selfhosted-awesome-selfhosted.md) (299,516 ⭐) — This project is a community-curated directory of open-source software designed for deployment in private server environments and home labs. It serves as a comprehensive resource for discovering independent, self-hosted alternatives to mainstream cloud services, enabling users to maintain full data ownership and control over their digital infrastructure. The directory is structured through a hierarchical taxonomy that organizes a vast collection of applications into logical categories, ranging from media management and data analytics to private communication and team productivity tools. It dis - [tailscale/hujson](https://awesome-repositories.com/repository/tailscale-hujson.md) (0 ⭐) - [appwrite/appwrite](https://awesome-repositories.com/repository/appwrite-appwrite.md) (56,318 ⭐) — Appwrite is a backend-as-a-service platform that provides a unified development environment for building full-stack applications. It integrates essential infrastructure components—including authentication, databases, storage, and serverless functions—into a single, centralized interface to simplify application development and resource management. The platform distinguishes itself through a container-based microservices architecture that ensures consistent execution across diverse infrastructure. It features a versatile connectivity layer that links frontend applications with third-party servi - [wjakob/instant-meshes](https://awesome-repositories.com/repository/wjakob-instant-meshes.md) (6,104 ⭐) — Interactive field-aligned mesh generator - [firezone/firezone](https://awesome-repositories.com/repository/firezone-firezone.md) (8,701 ⭐) — Firezone is a zero trust network access platform that uses WireGuard to provide identity-based connectivity to internal network resources. It functions as a virtual private network that synchronizes authentication and user groups via OpenID Connect providers. The system implements a group-based access control engine to enforce least privilege by restricting network resources to specific user groups. It utilizes holepunching and relay protocols for NAT traversal to establish encrypted tunnels through firewalls without requiring inbound ports. The platform includes a control plane for managing - [juanfont/headscale](https://awesome-repositories.com/repository/juanfont-headscale.md) (40,074 ⭐) — Headscale is a self-hosted control plane for private mesh networking that enables the creation of secure, encrypted peer-to-peer networks. By acting as a centralized coordination server, it manages device authentication, cryptographic key exchange, and network topology, allowing distributed infrastructure to communicate without relying on third-party services. It implements a zero-trust security architecture, verifying device and user identity before granting access to internal resources. The project distinguishes itself by providing a fully independent, self-hosted alternative for managing n - [anderspitman/awesome-tunneling](https://awesome-repositories.com/repository/anderspitman-awesome-tunneling.md) (21,279 ⭐) — Awesome Tunneling is a curated directory of technologies designed to facilitate secure connectivity between distributed devices and local services. It serves as a comprehensive resource for identifying tools that enable remote access, private network creation, and the exposure of local environments to the public internet. The collection focuses on solutions that bypass network address translation and firewall restrictions through techniques such as reverse proxy tunneling, overlay network infrastructure, and peer-to-peer connectivity. It categorizes resources based on their ability to establi - [mysteriumnetwork/mysterium-vpn-mobile](https://awesome-repositories.com/repository/mysteriumnetwork-mysterium-vpn-mobile.md) (236 ⭐) — Mobile VPN app for Mysterium Network. - [permissionlesstech/bitchat-android](https://awesome-repositories.com/repository/permissionlesstech-bitchat-android.md) (4,760 ⭐) — BitChat Android is a decentralized peer-to-peer messenger that enables communication over Bluetooth mesh networks without requiring any internet connection or central servers. It functions as a full mesh network chat app and a privacy-focused communication tool, with every message encrypted end-to-end using per-session cryptographic keys that ensure forward secrecy. The app operates without accounts or persistent identifiers, resisting user tracking at the protocol level. To strengthen privacy and efficiency, BitChat injects cover traffic to obscure real communication patterns and includes an - [getumbrel/llama-gpt](https://awesome-repositories.com/repository/getumbrel-llama-gpt.md) (10,991 ⭐) — Llama-GPT is a self-hosted generative AI model runner that provides a private web interface for interacting with large language models. By executing these models directly on local hardware, it ensures that all intelligent assistance remains offline and independent of external cloud service providers. The project functions as a private assistant that maintains complete data ownership by storing all application state and model interactions on local storage volumes. It is designed to operate within a broader self-hosted computing environment, allowing users to maintain control over their persona - [pia-foss/vpn-ios](https://awesome-repositories.com/repository/pia-foss-vpn-ios.md) (346 ⭐) — Private Internet Access - PIA VPN for iOS - [specialunderwear/hosts.prefpane](https://awesome-repositories.com/repository/specialunderwear-hosts-prefpane.md) (1,632 ⭐) — a Cocoa GUI for /etc/hosts - [openziti/ziti](https://awesome-repositories.com/repository/openziti-ziti.md) (3,883 ⭐) — Ziti is a zero-trust network overlay and identity-based mesh network. It provides a software-defined perimeter that replaces traditional IP-based routing and VPNs by mapping network services to cryptographically verified identities, effectively cloaking applications from the public internet. The project distinguishes itself through an outbound-only connection model that eliminates open listening ports and a Zero Trust SDK that allows developers to embed encryption and identity-based access control directly into application source code. It also provides transparent tunneling proxies to extend