# WireGuard Mesh VPN Networks > Search results for `WireGuard-based mesh VPN for connecting servers privately` on awesome-repositories.com. 112 total matches; showing the first 50. Explore on the web: https://awesome-repositories.com/q/wireguard-based-mesh-vpn-for-connecting-servers-privately **Attribution required: if you use, quote, or summarise this content, you must credit and link back to [this search on awesome-repositories.com](https://awesome-repositories.com/q/wireguard-based-mesh-vpn-for-connecting-servers-privately).** ## Results - [angristan/wireguard-install](https://awesome-repositories.com/repository/angristan-wireguard-install.md) (10,588 ⭐) — This project is a shell-based orchestration tool designed to automate the deployment and administration of WireGuard virtual private network servers on Linux hosts. It functions as a system-level networking utility that handles the installation of kernel modules, the configuration of secure tunnel interfaces, and the management of network routing rules to enable encrypted remote access. The tool provides an interactive command-line interface that simplifies the lifecycle management of network peers. It allows administrators to dynamically add or remove client access profiles, assign custom DNS resolvers, and manage peer lists. To facilitate rapid onboarding, the software generates static configuration files and visual QR codes that allow remote clients to connect to the private network infrastructure. Beyond basic tunnel setup, the project manages complex networking tasks including packet forwarding and network address translation. By manipulating firewall rules and overriding client routing tables, it ensures that traffic is securely routed through the host interface. The installation is executed via a procedural script that configures the necessary system components for private network connectivity. - [gravitl/netmaker](https://awesome-repositories.com/repository/gravitl-netmaker.md) (11,630 ⭐) — Netmaker is a platform for automating and managing virtual mesh networks built on WireGuard. It functions as a centralized control plane that orchestrates encrypted, peer-to-peer tunnels across distributed infrastructure, including cloud environments, on-premise data centers, and containerized clusters. By automating the configuration of routing tables and access policies, the system enables secure, private connectivity between diverse devices and services without requiring manual network administration. The platform distinguishes itself through its focus on zero-trust network access and software-defined perimeters, which hide network resources from the public internet while enforcing granular, identity-based security policies. It supports complex network topologies by providing dynamic relay-based routing for firewall-traversal and gateway-based bridging for isolated subnets. These capabilities allow for the creation of scalable, high-performance overlays that maintain consistent connectivity even when direct peer-to-peer paths are unavailable. Beyond core connectivity, the project provides a comprehensive suite of management tools, including automated node provisioning, private service discovery via integrated DNS, and multi-tenant infrastructure support. It also offers robust observability features, such as administrative audit logging and network health monitoring, to ensure operational visibility. The entire networking stack can be self-hosted to maintain data sovereignty, and the platform integrates with external identity providers to streamline authentication and device onboarding. - [fosrl/pangolin](https://awesome-repositories.com/repository/fosrl-pangolin.md) (21,255 ⭐) — Pangolin is a zero-trust remote access platform designed to provide secure, identity-aware connectivity to private network resources. It functions as a cloud-native network controller that orchestrates encrypted tunnels, traffic routing, and access policies across distributed environments. By leveraging WireGuard for secure data transport, the platform enables authenticated access to internal web applications, terminal sessions, and remote desktops without exposing services to the public internet. The platform distinguishes itself through a declarative infrastructure model that synchronizes network state using version-controlled manifests. It supports complex connectivity requirements through peer-to-peer NAT traversal, which facilitates direct encrypted connections between nodes, with automatic fallback to server-based relaying when necessary. Additionally, it provides browser-based access to remote resources, eliminating the need for local client software for many common administrative and service-access tasks. Beyond its core tunneling capabilities, the platform includes a comprehensive suite of tools for traffic management, security, and observability. It features granular access control policies based on user identity, geolocation, and network attributes, alongside automated certificate management and multi-factor authentication. The system also provides extensive monitoring, audit logging, and alerting capabilities to track infrastructure health and security events across multi-site deployments. Pangolin is designed for containerized and multi-site environments, offering flexible deployment options through standard packaging and automated reconciliation workflows. - [dotheevo/selfhosted-apps-docker](https://awesome-repositories.com/repository/dotheevo-selfhosted-apps-docker.md) (2,833 ⭐) — This project is a curated collection of deployment files and configurations for hosting a wide variety of open-source services on a home server. It primarily utilizes Docker and Docker Compose to automate the orchestration, lifecycle management, and deployment of containerized applications. The repository provides a comprehensive suite for self-hosted infrastructure, covering network management tools, media streaming, and home automation. It includes specialized configurations for securing internal services via reverse proxies, WireGuard VPN tunnels, and automated SSL/TLS certificate management. The project covers a broad set of capability areas, including system monitoring and observability, deduplicated data backup and recovery, and network traffic management. It also provides deployment patterns for asset tracking, AI-powered video surveillance, and game server administration. The implementation is primarily based on Shell scripts and YAML configuration files. - [pirate/wireguard-docs](https://awesome-repositories.com/repository/pirate-wireguard-docs.md) (4,990 ⭐) — This project is a comprehensive technical documentation site and reference manual for configuring and deploying WireGuard VPN tunnels and interfaces. It serves as a guide for establishing encrypted network connections between peers using public key authentication to secure data traffic across untrusted networks. The documentation provides specific technical manuals for implementing NAT traversal solutions, including UDP hole punching and the use of bounce servers to connect peers behind restrictive firewalls. It also includes detailed guides on tunnel implementation and protocol references for cryptographic handshakes and peer-to-peer routing mechanisms. The material covers broad capability areas including network traffic routing by IP prefix, the automation of VPN lifecycles via shell hooks, and the integration of networking interfaces within containers. It further details the management of peer authentication, network interface configuration, and the redirection of all internet traffic through specific peers. - [amnezia-vpn/amnezia-client](https://awesome-repositories.com/repository/amnezia-vpn-amnezia-client.md) (10,108 ⭐) — Amnezia Client is a cross-platform VPN client application and server orchestrator designed to manage secure tunnels and automate the deployment of containerized VPN services on remote self-hosted servers. It functions as a multi-protocol VPN manager that supports various tunneling standards to ensure connectivity across restrictive network environments. The project distinguishes itself through network traffic obfuscation, which disguises VPN traffic as common web protocols or DNS requests to bypass deep packet inspection and censorship. It further enables the automation of remote server administration by installing isolated application environments via SSH and synchronizing server states to import existing configurations. The system includes capabilities for selective traffic routing and split tunneling, allowing specific applications or websites to be directed through the tunnel while other traffic remains on the local network. It also manages server-side utilities such as private DNS servers, secure file transfer storage, and security certificate provisioning for server authentication. - [hwdsl2/setup-ipsec-vpn](https://awesome-repositories.com/repository/hwdsl2-setup-ipsec-vpn.md) (27,378 ⭐) — This project is an automated command-line tool designed to install and configure a secure network gateway on a host machine. By utilizing established open-source security protocols, it establishes a private tunnel endpoint that encrypts internet traffic and facilitates remote access connectivity for authorized users. The tool functions as an infrastructure lifecycle manager, streamlining the deployment of private network services through shell-script-based orchestration. It distinguishes itself by integrating directly with the Linux kernel to manage packet filtering rules and providing credential-based access control, which generates and stores unique security keys locally for identity verification. Beyond the initial setup, the software includes administrative utilities for managing user accounts and configuring network parameters such as custom domain name servers via environment variables. It also supports the complete removal of the gateway and its associated configuration files to manage system resources. - [wireguard/wireguard](https://awesome-repositories.com/repository/wireguard-wireguard.md) (2,324 ⭐) — Historical monolithic WireGuard repository, split into wireguard-tools, wireguard-linux, and wireguard-linux-compat. - [arendst/tasmota](https://awesome-repositories.com/repository/arendst-tasmota.md) (24,502 ⭐) — Tasmota is a universal firmware platform for ESP8266 and ESP32 microcontrollers, designed to provide local control and management of smart home hardware. It functions as an event-driven automation controller that replaces proprietary factory firmware, allowing users to manage relays, sensors, and lighting systems without relying on external cloud services. The system is built on a modular driver architecture that enables dynamic hardware configuration and peripheral support through a web-based management interface. The platform distinguishes itself through a template-driven hardware mapping system, which uses JSON strings to assign physical pins and drivers to specific device functions without requiring firmware recompilation. It acts as a multi-protocol gateway, bridging disparate standards like Zigbee, Bluetooth, LoRaWan, and Modbus into a unified network. By utilizing a local message-broker-based control model, Tasmota synchronizes device states and executes custom automation logic directly on the hardware, ensuring consistent operation even when disconnected from external controllers. Beyond its core bridging and control capabilities, the firmware includes a comprehensive suite of tools for system observability, data logging, and media management. It supports complex automation through a built-in rule engine, persistent flash-based filesystem storage for scripts and assets, and extensive integration options for major smart home ecosystems. The project provides a web-based provisioning interface for initial setup and supports remote firmware management to simplify the maintenance of distributed hardware fleets. - [easytier/easytier](https://awesome-repositories.com/repository/easytier-easytier.md) (12,012 ⭐) — EasyTier is a decentralized peer-to-peer virtual private network and mesh networking tool. It functions as a layer 3 network overlay that establishes secure tunnels between devices without requiring a centralized server or coordinator. It also serves as a WireGuard-compatible VPN, capable of acting as a server for standard WireGuard clients. The project distinguishes itself through multipath latency-based routing and the use of KCP or QUIC proxies to mitigate packet loss and stabilize connections in high-loss environments. It provides a virtual networking manager featuring a web management console, a graphical user interface, and a remote procedure call API for administrative control. The system covers a broad range of connectivity and routing capabilities, including NAT traversal via hole punching and relay nodes, CIDR-based subnet mapping to resolve IP conflicts, and the ability to share local network segments with remote peers. It supports traffic encryption through algorithms such as AES-GCM and ChaCha20. The software can be deployed across various operating systems and architectures as a binary, container, or system service. - [wireguard/wireguard-go](https://awesome-repositories.com/repository/wireguard-wireguard-go.md) (4,058 ⭐) — wireguard-go is a Go implementation of the WireGuard protocol that operates as a userspace tunneling engine. It functions as a cross-platform network interface designed to establish encrypted tunnels between peers without requiring modifications to the system kernel. By implementing the protocol in userspace, this project provides a consistent network stack that enables secure peer-to-peer communication across different operating systems. It allows for the creation and management of encrypted network interfaces and tunnels to route private traffic over public networks. - [angristan/openvpn-install](https://awesome-repositories.com/repository/angristan-openvpn-install.md) (15,609 ⭐) — This project provides a shell-based automation utility for deploying and managing OpenVPN servers on Linux hosts. It functions as an orchestration tool that handles the installation of networking software, the configuration of system-level routing rules, and the generation of cryptographic credentials required to establish secure, encrypted tunnels for remote network access. The tool distinguishes itself by automating the entire lifecycle of a private network gateway, including the management of peer identities and the distribution of standardized configuration profiles. It simplifies the setup of complex network components such as kernel-level packet forwarding and network address translation, allowing administrators to route client traffic through a private host gateway without manual intervention. Beyond initial deployment, the utility facilitates ongoing administration by providing routines for adding or removing client devices and managing peer access. It enforces secure traffic flow by overriding local client gateway settings and configuring custom DNS resolution, ensuring that all connected device traffic is routed through the encrypted tunnel. The project is distributed as a set of command-line scripts designed for direct execution on Linux server environments. - [hwdsl2/docker-ipsec-vpn-server](https://awesome-repositories.com/repository/hwdsl2-docker-ipsec-vpn-server.md) (7,025 ⭐) — This project is a containerized IPsec VPN server designed to provide secure remote network access. It functions as an IKEv2 VPN gateway, utilizing the StrongSwan daemon to manage security associations and establish encrypted tunnels between remote clients and a private network. The server acts as a certificate-based VPN manager, handling the generation and distribution of digital certificates and pre-shared keys to authenticate remote users. It includes tools for IKEv2 client management to automate the creation of configuration profiles and security keys for connecting devices. The system covers broad administrative capabilities including VPN user administration, credential management, and network DNS configuration. It uses environment variables to customize server parameters and maps host network interfaces to route encrypted traffic. - [sharmajv/vpn](https://awesome-repositories.com/repository/sharmajv-vpn.md) (4,922 ⭐) — This project provides an open-source VPN client that creates an unrestricted tunnel to bypass internet censorship without fees, registration, speed caps, or data limits. It offers free, unlimited VPN tunneling with no sign‑up required, enabling access to blocked websites and unrestricted browsing. The application uses the WireGuard protocol for encrypted traffic routing, backed by kernel‑level packet forwarding to minimize overhead. It includes automatic server discovery that selects the most responsive server based on real‑time latency, a connection keepalive mechanism to detect and restore dropped connections, and encrypted DNS over the tunnel to prevent leaks. Per‑session keys are exchanged using the Noise protocol framework with Curve25519, ensuring unique encryption for each connection. - [firezone/firezone](https://awesome-repositories.com/repository/firezone-firezone.md) (8,701 ⭐) — Firezone is a zero trust network access platform that uses WireGuard to provide identity-based connectivity to internal network resources. It functions as a virtual private network that synchronizes authentication and user groups via OpenID Connect providers. The system implements a group-based access control engine to enforce least privilege by restricting network resources to specific user groups. It utilizes holepunching and relay protocols for NAT traversal to establish encrypted tunnels through firewalls without requiring inbound ports. The platform includes a control plane for managing network gateways and access policies, with support for multi-gateway load balancing and containerized deployment. It provides capabilities for network access auditing, user activity tracking, and the management of secure remote infrastructure. - [netbirdio/netbird](https://awesome-repositories.com/repository/netbirdio-netbird.md) (26,188 ⭐) — NetBird is a zero-trust networking platform that builds secure, encrypted peer-to-peer overlay networks using the WireGuard protocol. It functions as a software-defined perimeter, connecting distributed infrastructure across cloud environments and physical locations while hiding network resources from the public internet. By integrating with external identity providers, the platform enforces granular access control and identity-based segmentation for every user and device. The platform distinguishes itself through extensive automation and programmatic management capabilities. It provides a centralized control plane for orchestrating network resources, automating device enrollment, and managing peer lifecycles at scale. Administrators can define complex routing policies, manage internal DNS resolution, and expose services securely without manual firewall modifications. The system also supports advanced security postures, including post-quantum cryptography, compliance-based access enforcement, and integration with endpoint security platforms to isolate non-compliant devices. Beyond core connectivity, the project offers a comprehensive suite of tools for infrastructure management, including support for hybrid cloud bridging, Kubernetes cluster integration, and multi-tenant administrative scoping. It provides deep observability through traffic event streaming, network topology visualization, and diagnostic utilities. The software is designed for flexible deployment, offering headless agents for servers, containerized sidecars for orchestration environments, and support for mobile and desktop operating systems. - [heurist-network/heurist-mesh-mcp-server](https://awesome-repositories.com/repository/heurist-network-heurist-mesh-mcp-server.md) (64 ⭐) — A Model Context Protocol (MCP) server that connects to Heurist Mesh APIs - your gateway to Web3 intelligence. - [daytonaio/daytona](https://awesome-repositories.com/repository/daytonaio-daytona.md) (72,416 ⭐) — Daytona is a cloud-native development environment platform designed to orchestrate ephemeral, containerized workspaces. It provides a centralized system for managing reproducible coding environments as code, ensuring consistency across distributed teams by abstracting the underlying infrastructure. By utilizing declarative configuration, the platform automates the entire lifecycle of development sandboxes, from initial provisioning to resource governance. The platform distinguishes itself through its infrastructure-agnostic runner layer, which allows development environments to be deployed across local machines, cloud services, or self-managed clusters. It incorporates multi-tenant resource governance to enforce organizational security policies and access controls, alongside event-driven automation that triggers workflows based on infrastructure changes. Furthermore, it enables secure remote connectivity, allowing developers to interact with isolated sandboxes through authenticated tunnels and remote IDE integration. Beyond core orchestration, the platform supports a wide range of development tasks, including integrated terminal access, file system management, and persistent storage mounting. It provides comprehensive observability tools for auditing system activity, monitoring resource consumption, and capturing visual session data. The platform also facilitates advanced automation through programmatic API access, enabling the integration of AI agents and custom workflows directly within the isolated execution environments. The project is implemented in TypeScript and provides a command-line interface and RESTful API for programmatic control over environment lifecycles and infrastructure settings. - [mmalmi/nostr-vpn](https://awesome-repositories.com/repository/mmalmi-nostr-vpn.md) (971 ⭐) — nostr-vpn is a Tailscale-style private mesh VPN built around a [FIPS]-backed data plane. It includes the nvpn CLI/daemon, a shared native app core, and native shells for desktop and mobile platforms. - [bia-pain-bache/bpb-worker-panel](https://awesome-repositories.com/repository/bia-pain-bache-bpb-worker-panel.md) (11,997 ⭐) — BPB-Worker-Panel is a control panel designed for deploying and managing VLESS and Trojan proxies hosted on Cloudflare Workers. It functions as a proxy subscription generator and a manager for secure DNS over HTTPS servers and WireGuard configuration provisioning. The project distinguishes itself through network traffic obfuscation capabilities, utilizing packet fragmentation and SNI spoofing to evade detection. It provides specialized administration for Cloudflare Warp and Warp Pro connections, including the ability to optimize endpoints and export WireGuard configurations. The system covers a broad range of network configuration and traffic management capabilities. This includes DNS resolution management, the generation of compatible subscription links for Xray, Sing-box, and Clash-Mihomo clients, and the implementation of custom routing rules to filter advertisements or bypass regional sanctions. The application supports custom domain mapping and utilizes password authentication for administrative and user panel security. - [cube-js/cube](https://awesome-repositories.com/repository/cube-js-cube.md) (20,251 ⭐) — Cube is a semantic data layer that provides a unified framework for defining business metrics, dimensions, and relationships across diverse data sources. By acting as a headless business intelligence engine, it transforms raw data into a governed model that can be queried via SQL, REST, and GraphQL interfaces. This architecture ensures consistent data definitions and logic across all downstream analytical applications and reporting tools. The platform distinguishes itself through its integrated conversational AI capabilities, which allow users to explore data using natural language. It orchestrates these interactions by mapping questions to the underlying semantic model, ensuring that AI-generated insights remain accurate and context-aware. Furthermore, Cube is designed for multi-tenant environments, offering robust infrastructure isolation, row-level security, and dynamic context injection to ensure that data access is strictly governed and personalized for every user or tenant. Beyond its core modeling and AI features, the platform includes a comprehensive suite of tools for performance optimization, including automated pre-aggregation caching and asynchronous query queuing. It supports a wide range of data sources and deployment models, from self-hosted containers to managed cloud environments. The system also provides extensive programmatic control over report management, dashboard publishing, and user identity synchronization, making it suitable for embedding interactive analytics directly into custom software applications. - [qdm12/gluetun](https://awesome-repositories.com/repository/qdm12-gluetun.md) (13,056 ⭐) — Gluetun is a containerized network utility designed to route traffic from multiple Docker containers through a secure virtual private network tunnel. It functions as a network gateway that encapsulates outgoing internet traffic to provide privacy and security for isolated application services. The project distinguishes itself by utilizing Linux network namespaces to isolate container traffic, ensuring that all outgoing packets are forced through a dedicated tunnel interface. It supports both OpenVPN and WireGuard protocols, managing the connection lifecycle and routing logic as a sidecar container. The software includes a health-check-based kill switch that continuously monitors tunnel connectivity and automatically disables network access for dependent containers if the secure connection drops. It also handles the configuration of firewall rules and routing tables through declarative inputs, allowing for the management of network identity and access across private infrastructure. - [digitallyrefined/docker-wireguard-tunnel](https://awesome-repositories.com/repository/digitallyrefined-docker-wireguard-tunnel.md) (110 ⭐) — Connect two or more Docker servers together sharing container ports between them via a WireGuard tunnel - [pia-foss/vpn-ios](https://awesome-repositories.com/repository/pia-foss-vpn-ios.md) (346 ⭐) — Private Internet Access - PIA VPN for iOS - [jaykali/maskphish](https://awesome-repositories.com/repository/jaykali-maskphish.md) (3,020 ⭐) — Maskphish is a comprehensive security toolkit that integrates capabilities for digital forensics, network vulnerability scanning, open-source intelligence, penetration testing, and social engineering. It functions as a multi-purpose framework for automating reconnaissance and executing security audits across diverse network environments. The project features a specialized phishing and social engineering toolkit used for cloning websites, masking URLs, and deploying deceptive pages to capture user credentials. It also includes a remote access Trojan builder for generating platform-specific executables and mobile application packages to establish remote command sessions. The framework covers a broad surface of capabilities, including web application penetration testing, OSINT reconnaissance, memory and disk forensics, and wireless network auditing. It provides tools for payload generation, credential theft, and the automation of information gathering from public data sources. This project is implemented primarily as a shell-based application. - [yundera/mesh-router](https://awesome-repositories.com/repository/yundera-mesh-router.md) (11 ⭐) — MeshRouter: Seamlessly route domain requests to containers across networks using ENS, or custom names, secured by Wireguard VPN. - [wg-easy/wg-easy](https://awesome-repositories.com/repository/wg-easy-wg-easy.md) (24,645 ⭐) — This project provides a self-hosted, containerized WireGuard VPN server that simplifies network administration through a web-based management interface. It allows users to deploy and manage VPN tunnels, configure peer identities, and monitor connection status without the need for manual configuration file editing. By bundling the VPN stack into a portable container, it ensures consistent deployment and persistent state management across diverse host environments. A key differentiator is the built-in support for traffic obfuscation, which modifies packet headers and handshake patterns to help bypass restrictive network filtering and deep packet inspection. The platform also enhances security by offering two-factor authentication for the management interface and granular firewall orchestration, enabling administrators to define specific access policies and routing rules for individual clients. The system includes comprehensive tools for infrastructure observability, such as exporting performance metrics for integration with external monitoring platforms like Prometheus and Grafana. It supports advanced networking requirements, including custom DNS configuration, client address assignment, and service exposure via reverse proxies. The entire lifecycle of the service is managed through environment-variable-driven configuration, facilitating automated deployment and seamless updates. - [hiddify/hiddify-app](https://awesome-repositories.com/repository/hiddify-hiddify-app.md) (30,948 ⭐) — Hiddify is a cross-platform proxy client designed to manage secure network connections and traffic routing across desktop and mobile operating systems. It functions as a unified proxy manager, providing a centralized interface to configure and control various network proxy protocols for encrypted and private internet access. The application distinguishes itself by integrating local loopback interception, which configures the operating system network stack to route traffic through a local port for granular filtering. It also serves as a self-hosted infrastructure tool, enabling users to automate the deployment of private proxy servers on remote infrastructure through simplified command-line initialization. The system maintains consistency across environments by synchronizing remote server states through declarative configuration files and utilizing an event-driven daemon to monitor proxy health and network state changes. It employs a shared bridge layer to interact with native system APIs and firewall rules, while bundling all necessary dependencies into a singular, self-contained executable package. - [traefik/mesh](https://awesome-repositories.com/repository/traefik-mesh.md) (2,094 ⭐) — Traefik Mesh - Simpler Service Mesh - [brave/browser-laptop](https://awesome-repositories.com/repository/brave-browser-laptop.md) (7,909 ⭐) — Brave is a privacy-focused desktop browser built on Chromium that blocks ads and trackers by default, and includes an integrated AI assistant and a built-in VPN client. It is available for Windows, macOS, and Linux, and can be deployed across organizations using enterprise group policies for managed configuration. The browser distinguishes itself by combining default ad and tracker blocking with a system-level VPN that encrypts all device traffic, and an AI assistant that answers questions and generates text content directly within the browsing interface. It also supports private browsing and private search that do not track user queries or build personal profiles. Beyond its core privacy features, Brave offers cross-platform data migration for importing bookmarks, passwords, and settings from other browsers, and provides mobile data and battery saving optimizations. The project includes a full build system for compiling across platforms, an extension-based feature system, and multi-process architecture for stability and security. - [nostr-connect/connect](https://awesome-repositories.com/repository/nostr-connect-connect.md) (57 ⭐) — Nostr Connect SDK for TypeScript is a library that allows you to easily integrate Nostr Connect into your web application - [markqvist/reticulum](https://awesome-repositories.com/repository/markqvist-reticulum.md) (4,438 ⭐) — Reticulum is a decentralized networking stack that enables encrypted, peer-to-peer communication over diverse physical mediums without relying on central infrastructure or IP protocols. It uses self-sovereign cryptographic identities for routing and authentication, replacing traditional IP addresses with collision-free globally unique addresses that require no central coordination. Every packet is encrypted by default using ephemeral key exchanges with forward secrecy, and unencrypted traffic is dropped as invalid. The stack unifies heterogeneous transport mediums—including LoRa radio, packet radio, serial links, WiFi, Ethernet, and TCP/IP—into a single self-configuring mesh through a plugin-based interface system. It provides autonomous path discovery and maintenance that adapts to topology changes without central servers, along with a resource transfer protocol for reliable data delivery from bytes to gigabytes. Built-in tools support encrypted messaging with offline delivery, real-time group chat, bulletin boards, voice calls, file synchronization, Git repository hosting, distributed web content browsing and hosting, and remote shell access over low-bandwidth links. Reticulum includes utilities for monitoring network health, probing paths, managing cryptographic identities, controlling interface behavior, and sharing blocklists for community-wide spam filtering. It supports anonymous communication by omitting source addresses from packets, and offers fallback to pure-Python cryptography when native libraries are unavailable. The stack can run as a background daemon on multiple platforms, including Android via Termux, and allows hosting public entrypoints for remote peers to join the mesh over the Internet. - [tensorflow/mesh](https://awesome-repositories.com/repository/tensorflow-mesh.md) (1,624 ⭐) — Mesh TensorFlow: Model Parallelism Made Easier - [blender/blender](https://awesome-repositories.com/repository/blender-blender.md) (18,787 ⭐) — Blender is a professional 3D creation suite designed for modeling, animation, rendering, and video editing. It functions as an open-source 3D engine that provides a comprehensive framework for procedural geometry, physics simulation, and high-quality visual output. The platform is built upon a foundational architecture that utilizes data-block-based memory management and a dependency-graph-based evaluation system to handle complex scene transformations and geometry updates. The software distinguishes itself through a highly modular, node-based procedural architecture that allows users to construct geometry, materials, and logic through a shared, graph-oriented system. It features a sophisticated asset management system that supports linked data modification and override-based asset linking, enabling users to maintain connections to external source files while applying local modifications. This system is further extended by a Python scripting API, which allows for programmatic access to core data structures and the integration of custom tools. Beyond its core creative capabilities, the project includes extensive tooling for cross-platform software development and automated quality assurance. It provides a unified interface for managing 3D production assets, including metadata indexing, catalog organization, and external library mounting. The environment is designed for extensibility, featuring dynamic type registration and a modular user interface that supports custom layouts and interactive workflows. The repository provides a complete development environment, including automated build tasks, unit test execution, and performance benchmarking tools to maintain codebase stability. - [slackhq/nebula](https://awesome-repositories.com/repository/slackhq-nebula.md) (17,405 ⭐) — Nebula is a scalable, decentralized overlay networking tool designed to create secure, encrypted peer-to-peer connections between distributed hosts. By utilizing a certificate-based identity authority, it enables the construction of private communication fabrics across disparate physical infrastructures, such as multiple cloud providers or on-premises data centers, without requiring central authentication servers. The project distinguishes itself through a zero-trust architecture that enforces granular, policy-driven firewall filtering based on certificate-derived group memberships. It facilitates direct connectivity between nodes located behind restrictive firewalls and network boundaries by employing a sophisticated discovery protocol, relay nodes, and persistent keep-alive signaling to maintain stable tunnels. Beyond its core connectivity features, the software provides a comprehensive suite of operational tools for network management and observability. This includes built-in diagnostic utilities for troubleshooting, support for exporting performance metrics to external monitoring systems, and integrated hostname resolution. The system also manages the full lifecycle of cryptographic identities, allowing for secure credential issuance and rotation to maintain network trust. - [clown-coding/vpn](https://awesome-repositories.com/repository/clown-coding-vpn.md) (4,424 ⭐) — This project is a toolset for automated VPN installation, proxy server management, and server-side network throughput optimization. It provides a Shadowsocks proxy server manager used to deploy and configure proxy servers on virtual private servers. The system utilizes automated deployment scripts to handle the installation of encryption methods, ports, and passwords on remote servers. It includes a VPS network optimizer that activates BBR congestion control to reduce latency and increase throughput for high-bandwidth streaming. The software covers remote proxy configuration and client configuration, enabling local devices to connect to remote servers using specific addresses and authentication credentials. It also includes capabilities for encryption-based tunneling and TCP-based proxy routing. - [awesome-selfhosted/awesome-selfhosted](https://awesome-repositories.com/repository/awesome-selfhosted-awesome-selfhosted.md) (299,516 ⭐) — This project is a community-curated directory of open-source software designed for deployment in private server environments and home labs. It serves as a comprehensive resource for discovering independent, self-hosted alternatives to mainstream cloud services, enabling users to maintain full data ownership and control over their digital infrastructure. The directory is structured through a hierarchical taxonomy that organizes a vast collection of applications into logical categories, ranging from media management and data analytics to private communication and team productivity tools. It distinguishes itself through a collaborative peer-review process, where community members validate the quality and relevance of each submission to ensure the directory remains accurate and reliable. The project covers a broad capability surface, including infrastructure automation, container-based service deployment, and declarative configuration management. These tools assist users in maintaining reproducible server environments and managing complex service dependencies across private hardware. The directory is maintained as a version-controlled repository, ensuring that all updates and community-driven changes are tracked and transparent. - [tailscale/tailscale](https://awesome-repositories.com/repository/tailscale-tailscale.md) (32,596 ⭐) — Tailscale is a zero-trust networking overlay that connects distributed devices and services into a private, encrypted mesh network. By utilizing a high-performance, user-space implementation of the WireGuard protocol, it establishes secure peer-to-peer tunnels across diverse network topologies without requiring complex firewall configuration. The platform operates on a centralized control plane that manages global network state, authentication, and policy distribution, ensuring that connectivity is governed by identity rather than traditional IP-based rules. What distinguishes Tailscale is its deep integration with existing identity providers, which allows organizations to bind network access to verified user accounts and device posture. It enforces granular security through declarative access control lists and microsegmentation, enabling administrators to define precise permissions for users and services. Beyond standard connectivity, the platform includes a secure AI gateway that proxies and audits language model requests, providing centralized control over API usage, spending limits, and security guardrails. The project offers a comprehensive suite of administrative and developer tools, including infrastructure-as-code support, automated node registration, and identity-based SSH access that eliminates the need for manual key management. It also provides flexible traffic management capabilities, such as exit nodes for egress control, subnet routers for bridging isolated network segments, and public-facing service exposure through encrypted tunnels. The software is distributed as an open-source command-line daemon, supporting a wide range of operating systems and containerized environments to facilitate automated infrastructure deployment. - [psviderski/uncloud](https://awesome-repositories.com/repository/psviderski-uncloud.md) (4,653 ⭐) — Uncloud is a decentralized container orchestrator designed to deploy and manage applications across multiple servers without a central control plane. It functions as a peer-to-peer system and a Docker Compose cluster deployer, using SSH-based infrastructure management to coordinate operations across remote nodes. The project distinguishes itself by using a secure mesh network overlay to enable direct inter-container communication across different physical machines. It facilitates container image distribution by transferring missing layers directly from local environments to target nodes, bypassing the need for an external registry. Additionally, it provides an automated reverse proxy manager that handles external traffic routing and automatic TLS certificate provisioning for public HTTPS access. The platform covers a broad range of orchestration capabilities, including zero-downtime rolling updates, application replica scaling, and persistent storage orchestration. It also includes tools for cluster machine provisioning, service health monitoring, and internal DNS service resolution. Cluster management and deployments are performed through a command-line interface that supports operational context switching and deployment change planning. - [deanishe/alfred-vpn-manager](https://awesome-repositories.com/repository/deanishe-alfred-vpn-manager.md) (158 ⭐) — Manage Tunnelblick & Viscosity VPN connections from Alfred - [dbt-labs/dbt-core](https://awesome-repositories.com/repository/dbt-labs-dbt-core.md) (13,051 ⭐) — dbt-core is a command-line framework for transforming data within a warehouse using modular SQL and version control. It functions as a data transformation engine that enables users to define data structures and business logic through declarative configuration files, which the system then compiles into executable code. By managing complex data dependencies through a directed acyclic graph, it ensures that transformation tasks execute in the correct order while maintaining a manifest-driven state to track lineage and execution history. The project distinguishes itself through an adapter-based database abstraction that translates generic transformation commands into dialect-specific SQL for various data warehouses. It utilizes a template engine to dynamically generate and inject SQL logic at runtime, allowing for highly flexible and reusable transformation scripts. Furthermore, it supports an incremental materialization strategy that optimizes performance by processing only new or changed records, merging them into existing tables using unique keys to reduce compute costs. The framework covers the entire lifecycle of data transformation, including development, testing, deployment, and monitoring. It provides comprehensive capabilities for managing data lineage, enforcing code quality through automated linting and testing, and orchestrating complex pipelines across distributed environments. Users can also leverage a centralized semantic layer to define and govern business metrics, ensuring consistent data reporting across diverse analytical tools. The project is distributed as a Python-based tool, providing a unified interface for local development that integrates with version control systems and cloud-based configuration management. - [openziti/ziti](https://awesome-repositories.com/repository/openziti-ziti.md) (3,883 ⭐) — Ziti is a zero-trust network overlay and identity-based mesh network. It provides a software-defined perimeter that replaces traditional IP-based routing and VPNs by mapping network services to cryptographically verified identities, effectively cloaking applications from the public internet. The project distinguishes itself through an outbound-only connection model that eliminates open listening ports and a Zero Trust SDK that allows developers to embed encryption and identity-based access control directly into application source code. It also provides transparent tunneling proxies to extend these security principles to legacy applications without requiring code changes. The platform covers a broad range of networking and security capabilities, including multi-cloud workload connectivity, network microsegmentation, and private service discovery. It manages traffic through a distributed fabric of routers using dynamic routing based on real-time latency and throughput, all governed by centralized policy orchestration and mutual TLS authentication. The system supports deployment across various operating systems and cloud providers to establish its distributed architecture. - [nymtech/nym-vpn-client](https://awesome-repositories.com/repository/nymtech-nym-vpn-client.md) (0 ⭐) — NymVPN is the most private way to be online. Open-source, cross-platform VPN client written in Rust. NymVPN routes traffic through Nym's decentralized mixnet for metadata-level anonymity, or over multi-hop AmneziaWG (WireGuard) for low-latency, censorship-resistant tunneling. Unlike conventional… - [ublue-os/bazzite](https://awesome-repositories.com/repository/ublue-os-bazzite.md) (7,876 ⭐) — Bazzite is an immutable, atomic-image-based operating system designed for gaming performance and handheld hardware. It utilizes a read-only root filesystem and versioned images to provide atomic updates and instant system rollbacks, ensuring a stable core environment. The system is distinguished by its deep optimization for portable gaming devices, featuring dedicated handheld hardware management for CPU undervolting, fan control, and display refresh rate overclocking. It includes a specialized gaming mode that boots directly into a console-like interface with integrated input mapping and a tuned compositor for visual stability. Bazzite covers a broad range of capabilities, including Windows game compatibility through translation layers, containerized application workflows for isolated software execution, and comprehensive hardware driver configuration for GPUs and peripherals. It also incorporates advanced storage management via BTRFS for filesystem compression and automated secondary drive mounting. Security and system integrity are maintained through cryptographically signed image validation, TPM-backed storage security, and Secure Boot public key enrollment. - [makieorg/makie.jl](https://awesome-repositories.com/repository/makieorg-makie-jl.md) (2,778 ⭐) — Makie.jl is a high-performance Julia data visualization library and hardware-accelerated plotting engine used to create interactive 2D and 3D visualizations. It functions as a reactive visualization framework where plots update automatically via observables and compute graphs, and as a vector graphics generator for high-resolution academic output. The system is distinguished by its backend-agnostic rendering pipeline, which supports OpenGL, WebGL, and ray-traced scenes. It employs a grammar-of-graphics approach to map variables to aesthetic attributes and utilizes a hierarchical scene graph to manage complex spatial transformations and nested viewports. The library provides comprehensive capabilities for multi-dimensional data plotting, geospatial mapping, and network graph visualization. It includes a grid-based layout engine for constructing structured dashboards, integrated UI components like sliders and tooltips for data exploration, and support for LaTeX typography. Visualizations can be rendered in desktop windows, web browsers, or exported to publication-quality SVG and PDF formats. - [mattermost/mattermost-mobile](https://awesome-repositories.com/repository/mattermost-mattermost-mobile.md) (2,593 ⭐) — This project is an enterprise messaging mobile application and cross-platform team chat client. It serves as a self-hosted messaging interface for team communication, direct messaging, and voice calls within corporate environments. The application integrates artificial intelligence agents to automate repetitive tasks and retrieve information. It also functions as a Kanban task management tool, providing project and task coordination through planning boards to track operational work. The platform covers secure mobile messaging with local data sanitization and mobile workflow automation. It includes user preference management for adjusting notification settings, visual themes, and profile details. - [bigbodycobain/shadowbroker](https://awesome-repositories.com/repository/bigbodycobain-shadowbroker.md) (9,367 ⭐) — Shadowbroker is an open-source intelligence geospatial platform designed for global telemetry aggregation and real-time asset tracking. It integrates aircraft, maritime vessel, and orbital satellite data into a unified map interface to monitor geopolitical events and critical infrastructure. The system utilizes automated analysis agents to perform data correlation and identify hidden patterns within intelligence datasets. It features a synthetic aperture radar analyzer for detecting ground deformations and a node-link relationship mapping system that resolves entities into structured graphs using sanctions lists and telemetry. Additional capabilities include the reconstruction of historical behavioral patterns through interpolated telemetry replay and the monitoring of environmental hazards, radio signal interceptions, and live surveillance feeds. Secure reconnaissance is supported via server-side request guarding and a decentralized peer-to-peer mesh network for transmitting obfuscated messages. Network parameters and protocol upgrades are managed through an on-chain governance system using signed petitions and voting. - [base/base-mcp](https://awesome-repositories.com/repository/base-base-mcp.md) (348 ⭐) — A Model Context Protocol (MCP) server that provides onchain tools for LLMs, allowing them to interact with the Base network and Coinbase API. - [libgdx/libgdx](https://awesome-repositories.com/repository/libgdx-libgdx.md) (24,816 ⭐) — LibGDX is a Java-based framework designed for cross-platform game development, enabling the creation and deployment of 2D and 3D games across desktop, mobile, and web environments from a single codebase. It functions as a comprehensive library that abstracts hardware-accelerated graphics, audio, input, and file system access, providing a unified interface for developers to manage game logic and application lifecycles. The framework distinguishes itself through a high-performance architecture that prioritizes efficiency and native interoperability. It utilizes a batch-oriented graphics pipeline to minimize GPU state changes and employs direct-buffer native marshalling to exchange large data arrays between managed and native memory without expensive copying. Developers can leverage a JNI-based native bridge to embed C and C++ code directly within Java source files, while an object-pooling memory management system helps maintain consistent frame rates by recycling frequently instantiated objects. Beyond its core rendering and performance capabilities, the project includes a suite of modular tools for physics simulation, asset management, and third-party service integration. It supports complex game mechanics through entity management, collision detection, and artificial intelligence frameworks, alongside tools for UI construction, audio processing, and network communication. The platform-abstraction-based backend ensures that these features remain consistent across different operating systems and hardware targets. The project provides extensive build-time utilities for automating asset processing, native library compilation, and project scaffolding. It is designed to be integrated into standard Java development workflows, with documentation and reference implementations available to assist in managing application lifecycles and cross-platform deployment. - [fishcakez/connection](https://awesome-repositories.com/repository/fishcakez-connection.md) (266 ⭐) — Connection behaviour for connection processes