←back to thread

Show HN: Octelium – FOSS Alternative to Teleport, Cloudflare, Tailscale, Ngrok

(github.com)

354 points geoctl | 3 comments | 29 Jun 25 11:24 UTC | HN request time: 0.633s | source

I have been working on Octelium for quite a few years now but it was open sourced only by late May 2025. Octelium, as described more in detail in the repo's README, is simply an open source, self-hosted, unified platform for zero trust resource access that is primarily meant to be a modern alternative to corporate VPNs and remote access tools. It can operate as a remote access/corporate VPN (i.e. alternative to Twingate, Tailscale, OpenVPN Access Server, etc...), a ZTNA/BeyondCorp platform (i.e. alterntive to Cloudflare Access, Teleport, Google BeyondCorp, etc...), and it can also operate as an API/AI gateway, an infrastructure for MCP and A2A architectures and meshes, an ngrok alternative, a homelab infrastructure or even as a more advanced Kubernetes ingress. It's basically designed to operate like a unified Kubernetes-like scalable architecture for zero trust secure/remote access that's suitable for different human-to-workload and workload-to-workload environments. You can read more in detail the full set of main features and links about how it works in the repo's README or directly in the docs https://octelium.com/docs

1. Onavo ◴[29 Jun 25 14:53 UTC] No.44413644[source]▶

>>44412207 (OP) #

How does it compare to Pangolin?

replies(2): >>44413679 #>>44414400 #

2. homarp ◴[29 Jun 25 14:59 UTC] No.44413679[source]▶

>>44413644 (TP) #

since I had to ggole it https://github.com/fosrl/pangolin

Tunneled Reverse Proxy Server with Access Control - your own self-hosted zero trust tunnel. AGPL3

3. geoctl ◴[29 Jun 25 16:40 UTC] No.44414400[source]▶

>>44413644 (TP) #

Well I haven't used Pangolin myself, but Octelium can basically operate as a similar self-hosted remote access tool. It is designed however, to provide much more than just remote access. It provides L7-aware, context-aware ABAC-based access control, it provides L7-aware secretless access without distributing L7 credentials to users, it provides dynamic routing/configuration to upstreams and upstreams credentials based on identity/context, it provides OpenTemeltry-read L7 aware visibility and auditing. Therefore, it's more closer to Cloudflare Access, Teleport Enterprise, StrongDM, etc... than to Pangolin. However, it's also not just a ZTNA in the rigid sense, for example, your applications written in any programming language can just generate fine-grained bearer authentication access tokens via OAuth2 client credentials flow to access protect Services without having to use clients or special SDKs or being aware of Octelium at all. Octelium also operate on top of Kubernetes which makes it seamless for you to provide horizontal scalability and availability as your Cluster's Services, Users, Sessions and simply traffic grow.