←back to thread

Show HN: Octelium – FOSS Alternative to Teleport, Cloudflare, Tailscale, Ngrok

(github.com)
354 points geoctl | 8 comments | 29 Jun 25 11:24 UTC | HN request time: 1.233s | source | bottom

I have been working on Octelium for quite a few years now but it was open sourced only by late May 2025. Octelium, as described more in detail in the repo's README, is simply an open source, self-hosted, unified platform for zero trust resource access that is primarily meant to be a modern alternative to corporate VPNs and remote access tools. It can operate as a remote access/corporate VPN (i.e. alternative to Twingate, Tailscale, OpenVPN Access Server, etc...), a ZTNA/BeyondCorp platform (i.e. alterntive to Cloudflare Access, Teleport, Google BeyondCorp, etc...), and it can also operate as an API/AI gateway, an infrastructure for MCP and A2A architectures and meshes, an ngrok alternative, a homelab infrastructure or even as a more advanced Kubernetes ingress. It's basically designed to operate like a unified Kubernetes-like scalable architecture for zero trust secure/remote access that's suitable for different human-to-workload and workload-to-workload environments. You can read more in detail the full set of main features and links about how it works in the repo's README or directly in the docs https://octelium.com/docs
Show context
ar-nelson ◴[29 Jun 25 13:51 UTC] No.44413163[source]
For everyone who's having a hard time parsing what Octelium does, I found this page to be the clearest explanation: https://octelium.com/docs/octelium/latest/overview/how-octel...

It's clearer because, instead of starting with a massive list of everything you could do with Octelium (which is indeed confusing), it starts by explaining the core primitives Octelium is built on, and builds up from there.

And it actually looks pretty cool and useful! From what I can tell, the core funtionality is:

- A VPN-like gateway that understands higher-level protocols, like HTTP or PostgreSQL, and can make fine-grained security decisions using the content of those protocols

- A cluster configuration layer on top of Kubernetes

And these two things combine to make, basically, a personal cloud. So, like any of the big cloud platforms, it does a million things and it's hard to figure out which ones you need at first. But it seems like the kind of system that could be used for a homelab, a small company that wants to keep cloud costs down, or a custom PaaS selling cloud functionality. Neat!

replies(2): >>44413988 #>>44416515 #
ttul ◴[29 Jun 25 15:43 UTC] No.44413988[source]
TailScale is wonderful but they do need competition. I imagine an IPO is on the horizon, and as soon as they enter that phase, nasty price increases are sure to follow unless someone else is nipping hard at their heels.
replies(7): >>44414194 #>>44414961 #>>44415160 #>>44416361 #>>44416969 #>>44419231 #>>44425703 #
seabrookmx ◴[29 Jun 25 16:11 UTC] No.44414194[source]
Hopefully their tolerance to self-hosters (Headscale) doesn't change.
replies(3): >>44415172 #>>44416682 #>>44419634 #
1. wkat4242 ◴[29 Jun 25 18:22 UTC] No.44415172[source]
The problem is, commercial services will always enshittify. It's inevitable. Even when they conquer the whole market (see Netflix) they will want to see a rising line in profits so then they will turn the thumbscrews on the customers.
replies(2): >>44416176 #>>44417673 #
2. candrewlee ◴[29 Jun 25 20:30 UTC] No.44416176[source]
It’s especially when they conquer the whole market. It’s why investors favor growth and adoption, even at a loss, until it’s won the market and can turn up the monetization dial.
replies(1): >>44416302 #
3. wkat4242 ◴[29 Jun 25 20:47 UTC] No.44416302[source]
Well, they do it anyway.

All the streaming services are enshittifying, even the smaller ones. And other smaller webshops are enshittifying the same way that Amazon does. Like Cory Doctorow described, there's a few big webshops in the Netherlands like bol.com and coolblue.com and they are now also allowing third party sellers, often even from China. The webshops are absolved of all responsibility but they do cash out on every transaction.

4. sakesun ◴[29 Jun 25 23:43 UTC] No.44417673[source]
The term 'enshittification' sounds negative for what an organization needs to do to take care of employees.
replies(1): >>44418104 #
5. loloquwowndueo ◴[30 Jun 25 00:58 UTC] No.44418104[source]
Sorry no. A stable organization with a good profit margin is enough to take care of employees and pay their salaries. Boundless growth which is what enshittification is associated with, is driven by money-hungry stakeholders and “investors” that demand an ever growing return on investment - they don’t settle for speed, they need constant acceleration.
replies(1): >>44418519 #
6. jacobn ◴[30 Jun 25 02:08 UTC] No.44418519{3}[source]
Isn’t it more of an “all of the above”?

A lot of employees at successful startups & FAANG make most of their money from the stock, no? And they need to buy houses and send their kids to fancy schools too, no? So sure, we can reduce it to stock holders, but I’d bet dollars to donuts the 90% of employees who aren’t posting on hn are at least passively ok with “improving metrics”, and some ambitious ones are driving the enshittification initiatives hard.

replies(2): >>44420566 #>>44420958 #
7. wkat4242 ◴[30 Jun 25 07:47 UTC] No.44420566{4}[source]
It's the American mentality. More, more, more.

Personally I'd be much happier with a stable income with not much upward mobility but also not much risk of falling downwards. Which is what Europe is geared more towards. I don't constantly want to be in a race. Just to live my life.

If they employees want it, fine but don't be surprised if we customers start finding alternatives. And/or pirating their content (e.g. when it comes to streaming services).

But yeah American companies aren't there to support the employees. The only one they answer to are the owners or large shareholders (whichevery applies), and their only goal is to make those richer. Customers and employees alike are nothing but consumables, a raw resource you only treat right if you can't avoid it.

8. jamwil ◴[30 Jun 25 08:51 UTC] No.44420958{4}[source]
IMO the reason devs started being paid in stock in the first place is VC-style grow at all costs mentality. The fundraising economy didn’t work without fabricating compensation and only paying out on hits.

No other industry operates with such a blurred distinction between employees and owners. Well, save for the gig economy, itself a tumor on American-style big tech.