frontpage.
newsnewestaskshowjobs

Made with ♥ by @iamnishanth

Open Source @Github

fp.

Open in hackernews

Show HN: Pangolin: Open-source identity-based VPN (Twingate/Zscaler alternative)

https://github.com/fosrl/pangolin
16•miloschwartz•12h ago
Pangolin (https://github.com/fosrl/pangolin) is an open-source tool for identity-based remote access to internal resources - an alternative to Cloudflare ZTNA, Zscaler, and Twingate.

It’s different than existing approaches: mesh VPNs (Tailscale, ZeroTier, etc.) create flat overlay networks where ACL and IP space management becomes complex at scale and every device can talk to every other device, while corporate ZTNA solutions (Zscaler, Cato, Netskope etc.) are closed-source and add latency by forcing traffic through a central server.

Pangolin takes a resource-centric approach. You deploy lightweight connectors that bridge to specific resources (private web apps, SSH, databases, CIDR ranges). Admins delegate resource-access to specific users and roles. It uses WireGuard with NAT hole-punching for peer-to-peer connections and traffic goes directly between the user and connector instead of through a central server. It supports native clients (Mac/Windows/Linux/iOS/Android) plus identity-aware, browser-based access when a client isn’t required.

Pangolin has a cloud and is optionally self-hosted. The Community Edition is AGPLv3. The Enterprise Edition is also open-source under the commercial license which enables free personal/small business use.

Everything, from the server to the clients, is fully open-source and you can even self-host the whole stack. We’d love to hear what you think and I'm happy to answer any questions!

Comments

oschwartz10612•5h ago
Co-maintainer here: we also did this cool thing where we reused the same go codebase across our clients. We have a go package called olm (on our Github and following our animal theme) that implements all of the VPN capabilities. It creates the tunnel, monitors the peers, syncs with the Pangolin server. This itself is a binary that can run on its own as like our own little VPN kernel module - then in the different applications we use olm to trigger the tunnel. This is easy on Windows as the whole app is go based, but on Android, Mac, and iOS we use C bindings to compile it as a shared library into the application. Then the native application imports parts of the module to initiate the tunnel and handle the tunneling. On iOS and Macos this is handled in a "Network Extension" which is a secure environment Apple runs tunneling applications in, so we use a unix socket to communicate with the olm tunneling kernel to show status to the user and handle commands.
maxibenner•54m ago
Thank you, great product, can only recommend it! I've been self-hosting it since last year to access my jellyfin home-server from the web. Set up was easy and I never had any issues.
jackhalford•49m ago
What are the advantages of this setup rather than reverse proxying right where your jellyfin is?
jackhalford•50m ago
I was thinking of using this to tunnel all of my public sites, do hide my home ip. But in the end whats the issue of showing my home ip? The attack surface stays the same. I just reverse proxy everything through Caddy.

Also weren’t some feature gated behind the cloud version? An appeal for this to replace cloudflare tunnels and tailscale funnel is the _fully_ opensource aspect

mrsssnake•49m ago
> The Enterprise Edition is also open-source under the commercial license which enables free personal/small business use.

Open Source can be pair or commercial. But the license of these software Enterprise Edition, called "Fossorial Commercial License", is not Open Source. You tell who and how can use the software after the share/sell and call it Open Source.

The main site also advertises "Self Host: Enterprise Edition" as being "100% Open Source" which is simply not true and false advertising.

LtdJorge•48m ago
I replaced CF tunnels, which kept disconnecting every few minutes with it, and happy.

Magnus Carlsen Wins the Freestyle (Chess960) World Championship

https://www.fide.com/magnus-carlsen-wins-2026-fide-freestyle-world-championship/
37•prophylaxis•1h ago•6 comments

LT6502: A 6502-based homebrew laptop

https://github.com/TechPaula/LT6502
274•classichasclass•6h ago•103 comments

I’m joining OpenAI

https://steipete.me/posts/2026/openclaw
280•mfiguiere•1h ago•196 comments

GNU Pies – Program Invocation and Execution Supervisor

https://www.gnu.org.ua/software/pies/
42•smartmic•2h ago•33 comments

Audio is the one area small labs are winning

https://www.amplifypartners.com/blog-posts/arming-the-rebels-with-gpus-gradium-kyutai-and-audio-ai
49•rocauc•2d ago•6 comments

Radio host David Greene says Google's NotebookLM tool stole his voice

https://www.washingtonpost.com/technology/2026/02/15/david-greene-google-ai-podcast/
50•mikhael•5h ago•38 comments

Modern CSS Code Snippets: Stop writing CSS like it's 2015

https://modern-css.com
149•eustoria•5h ago•52 comments

I fixed Windows native development

https://marler8997.github.io/blog/fixed-windows/
624•deevus•12h ago•304 comments

EU bans the destruction of unsold apparel, clothing, accessories and footwear

https://environment.ec.europa.eu/news/new-eu-rules-stop-destruction-unsold-clothes-and-shoes-2026...
699•giuliomagnifico•6h ago•461 comments

Pocketblue – Fedora Atomic for mobile devices

https://github.com/pocketblue/pocketblue
32•nikodunk•6h ago•4 comments

I Gave Claude Access to My Pen Plotter

https://harmonique.one/posts/i-gave-claude-access-to-my-pen-plotter
36•futurecat•2d ago•13 comments

Show HN: VOOG – Moog-style polyphonic synthesizer in Python with tkinter GUI

https://github.com/gpasquero/voog
51•gpasquero•3h ago•4 comments

Show HN: Microgpt is a GPT you can visualize in the browser

https://microgpt.boratto.ca
70•b44•4h ago•5 comments

Towards Autonomous Mathematics Research

https://arxiv.org/abs/2602.10177
70•gmays•4h ago•32 comments

Error payloads in Zig

https://srcreigh.ca/posts/error-payloads-in-zig/
3•srcreigh•21m ago•0 comments

Real-time PathTracing with global illumination in WebGL

https://erichlof.github.io/THREE.js-PathTracing-Renderer/
107•tobr•3d ago•10 comments

Gwtar: A static efficient single-file HTML format

https://gwern.net/gwtar
157•theblazehen•7h ago•58 comments

Show HN: Klaw.sh – Kubernetes for AI agents

https://github.com/klawsh/klaw.sh
9•eftalyurtseven•6h ago•0 comments

Continuous batching from first principles (2025)

https://huggingface.co/blog/continuous_batching
7•jxmorris12•42m ago•1 comments

Show HN: Pangolin: Open-source identity-based VPN (Twingate/Zscaler alternative)

https://github.com/fosrl/pangolin
16•miloschwartz•12h ago•6 comments

Show HN: Knock-Knock.net – Visualizing the bots knocking on my server's door

https://knock-knock.net
76•djkurlander•6h ago•25 comments

Two different tricks for fast LLM inference

https://www.seangoedecke.com/fast-llm-inference/
154•swah•14h ago•63 comments

Show HN: Deadlog – almost drop-in mutex for debugging Go deadlocks

https://github.com/stevenctl/deadlog
22•dirteater_•5d ago•1 comments

Show HN: DSCI – Dead Simple CI

https://github.com/melezhik/DSCI
13•melezhik•6h ago•4 comments

Hideki Sato, designer of all Sega's consoles, has died

https://www.videogameschronicle.com/news/hideki-sato-designer-of-segas-consoles-dies-age-75/
298•magoghm•7h ago•30 comments

Oat – Ultra-lightweight, zero dependency, semantic HTML, CSS, JS UI library

https://oat.ink/
439•twapi•15h ago•118 comments

Editor's Note: Retraction of article containing fabricated quotations

https://arstechnica.com/staff/2026/02/editors-note-retraction-of-article-containing-fabricated-qu...
109•bikenaga•5h ago•90 comments

Amazon's Ring and Google's Nest reveal the severity of U.S. surveillance state

https://greenwald.substack.com/p/amazons-ring-and-googles-nest-unwittingly
639•mikece•10h ago•456 comments

Sony Jumbotron Image Control System (1998) [pdf]

https://pro.sony/s3/cms-static-content/operation-manual/3864848111.pdf
24•xattt•3d ago•11 comments

How Is Data Stored?

https://www.makingsoftware.com/chapters/how-is-data-stored
143•tzury•5d ago•14 comments