Netrinos creates a LAN-like overlay network across your devices. Connections are direct P2P via WireGuard, with no central server routing traffic. Each device gets a stable IP and DNS name (pc.you.netrinos.com). When direct connections fail, they fall back to a relay server that's still encrypted end-to-end. We can't see your traffic.
The most challenging problem to solve was NAT traversal. UDP hole punching works most of the time. The rest is a cocktail of symmetric NAT, CGNAT, and serial NATs. We use STUN-style discovery and relay fallback for the edge cases. I was surprised by how unreliable low-end ISP routers really are, and how much technical wizardry it takes to hide that behind a clean, simple UX.
Our stack is a Go backend for client and server, WireGuard kernel mode for Linux and Windows (macOS is userspace), Wails.io for cross-platform UI. WireGuard does all the heavy lifting. Go ties it all together.
Popular use cases include: RDP to home PCs, accessing NAS without exposing it, and SSH into headless Linux boxes. One customer manages hundreds of IoT devices in the field, eliminating the need to deal with customer routers.
We just released Pro with multi-user, access control, and remote gateway routing. Personal is free (up to 100 devices).
I'd love to hear what you expect from a simple mesh VPN, what's missing from current tools, and what's lacking from your remote access setup. Use code HNPRO26 for a 30-day trial of Pro.
dewey•2h ago
Edit: Just found this post https://netrinos.com/blog/tailscale-alternatives-2025, so it looks like main differentiator is pricing right now.
felixg3•2h ago
sh3rl0ck•1h ago
One isn't.
bongodongobob•1h ago
antonvs•20m ago
That relaxation tends to have ripple effects - once you allow tunneling tools in for one purpose - like SaaS integration - then it becomes more normalized and people start using it for other purposes.
observationist•18m ago
Your network should be zero trust. That means you want to treat every host that connects as if it's on the public internet; the corollary to that is you should give your hosts access to the public internet, unrestricted, and treat your users like adults who don't need micromanaging or constant surveillance (do sane logging, ofc.)
If you need a host that's subject to continuous surveillance, design it as such and require remote access with MFA, and so on.
Give your end users as much freedom as possible, and only constrict it where necessary, or you're going to incentivize shadow IT, unintended consequences, and a whole lot of unnecessary make-work that doesn't contribute to security.
Unrestricted access forces change management, design choices, and policy to confront each user and device for the attack vector they are, and to behave accordingly.
pcarroll•1h ago