back to home

fosrl / pangolin

Identity-aware VPN and proxy for remote access to anything, anywhere.

19,144 stars
576 forks
101 issues
TypeScriptGoJavaScript
Chat with CodebaseArchitecture ScanSecurity AuditExplain Codebase

AI Architecture Analysis

This repository is indexed by RepoMind. By analyzing fosrl/pangolin in our AI interface, you can instantly generate complete architecture diagrams, visualize control flows, and perform automated security audits across the entire codebase.

Our Agentic Context Augmented Generation (Agentic CAG) engine loads full source files into context, avoiding the fragmentation of traditional RAG systems. Ask questions about the architecture, dependencies, or specific features to see it in action.

Click here to launch the interactive analysis workspace

Embed this Badge

Showcase RepoMind's analysis directly in your repository's README.

[![Analyzed by RepoMind](https://img.shields.io/badge/Analyzed%20by-RepoMind-4F46E5?style=for-the-badge)](https://repomind-ai.vercel.app/repo/fosrl/pangolin)
Preview:Analyzed by RepoMind

Repository Summary (README)

Preview
<div align="center"> <h2> <a href="https://pangolin.net/"> <picture> <source media="(prefers-color-scheme: dark)" srcset="public/logo/word_mark_white.png"> <img alt="Pangolin Logo" src="public/logo/word_mark_black.png" width="350"> </picture> </a> </h2> </div> <div align="center"> <h5> <a href="https://pangolin.net/"> Website </a> <span> | </span> <a href="https://docs.pangolin.net/"> Documentation </a> <span> | </span> <a href="mailto:contact@pangolin.net"> Contact Us </a> </h5> </div> <div align="center">

Discord Slack Docker Stars YouTube

</div> <p align="center"> <a href="https://docs.pangolin.net/careers/join-us"> <img src="https://img.shields.io/badge/🚀_We're_Hiring!-Join_Our_Team-brightgreen?style=for-the-badge" alt="We're Hiring!" /> </a> </p> <p align="center"> <strong> Start testing Pangolin at <a href="https://app.pangolin.net/auth/signup">app.pangolin.net</a> </strong> </p>

Pangolin is an open-source, identity-based remote access platform built on WireGuard that enables secure, seamless connectivity to private and public resources. Pangolin combines reverse proxy and VPN capabilities into one platform, providing browser-based access to web applications and client-based access to any private resources, all with zero-trust security and granular access control.

Installation

<img src="public/screenshots/hero.png" />

Deployment Options

<img width=500 />Description
Self-Host: Community EditionFree, open source, and licensed under AGPL-3.
Self-Host: Enterprise EditionLicensed under Fossorial Commercial License. Free for personal and hobbyist use, and for businesses earning under $100K USD annually.
Pangolin CloudFully managed service with instant setup and pay-as-you-go pricing — no infrastructure required. Or, self-host your own remote node and connect to our control plane.

Key Features

<img width=500 /><img width=500 />
Connect remote networks with sites<br /><br />Pangolin's lightweight site connectors create secure tunnels from remote networks without requiring public IP addresses or open ports. Sites make any network anywhere available for authorized access.<img src="public/screenshots/sites.png" width=500 /><tr></tr>
Browser-based reverse proxy access<br /><br />Expose web applications through identity and context-aware tunneled reverse proxies. Pangolin handles routing, load balancing, health checking, and automatic SSL certificates without exposing your network directly to the internet. Users access applications through any web browser with authentication and granular access control.<img src="public/clip.gif" width=500 /><tr></tr>
Client-based private resource access<br /><br />Access private resources like SSH servers, databases, RDP, and entire network ranges through Pangolin clients. Intelligent NAT traversal enables connections even through restrictive firewalls, while DNS aliases provide friendly names and fast connections to resources across all your sites.<img src="public/screenshots/private-resources.png" width=500 /><tr></tr>
Zero-trust granular access<br /><br />Grant users access to specific resources, not entire networks. Unlike traditional VPNs that expose full network access, Pangolin's zero-trust model ensures users can only reach the applications and services you explicitly define, reducing security risk and attack surface.<img src="public/screenshots/user-devices.png" width=500 /><tr></tr>

Download Clients

Download the Pangolin client for your platform:

Get Started

Check out the docs

We encourage everyone to read the full documentation first, which is available at docs.pangolin.net. This README provides only a very brief subset of the docs to illustrate some basic ideas.

Sign up and try now

For Pangolin's managed service, you will first need to create an account at app.pangolin.net. We have a generous free tier to get started.

Licensing

Pangolin is dual licensed under the AGPL-3 and the Fossorial Commercial License. For inquiries about commercial licensing, please contact us at contact@pangolin.net.

Contributions

Please see CONTRIBUTING in the repository for guidelines and best practices.

WireGuard® is a registered trademark of Jason A. Donenfeld.