←back to thread

Show HN: Octelium – FOSS Alternative to Teleport, Cloudflare, Tailscale, Ngrok

(github.com)
354 points geoctl | 1 comments | 29 Jun 25 11:24 UTC | HN request time: 0.205s | source

I have been working on Octelium for quite a few years now but it was open sourced only by late May 2025. Octelium, as described more in detail in the repo's README, is simply an open source, self-hosted, unified platform for zero trust resource access that is primarily meant to be a modern alternative to corporate VPNs and remote access tools. It can operate as a remote access/corporate VPN (i.e. alternative to Twingate, Tailscale, OpenVPN Access Server, etc...), a ZTNA/BeyondCorp platform (i.e. alterntive to Cloudflare Access, Teleport, Google BeyondCorp, etc...), and it can also operate as an API/AI gateway, an infrastructure for MCP and A2A architectures and meshes, an ngrok alternative, a homelab infrastructure or even as a more advanced Kubernetes ingress. It's basically designed to operate like a unified Kubernetes-like scalable architecture for zero trust secure/remote access that's suitable for different human-to-workload and workload-to-workload environments. You can read more in detail the full set of main features and links about how it works in the repo's README or directly in the docs https://octelium.com/docs
Show context
therealpygon ◴[29 Jun 25 13:58 UTC] No.44413216[source]
Just some feedback to share some problems I personally think you’re going to have and why I suspect you’ll face a healthy amount of skepticism. There is a lack of history of development that ends with a major initial commit of unknown origin, a lack of any public information, a company that does not appear (publicly) to exist, and a product that is going to solve every need that can be imagined by packing it with buzzwords and little to no evidence of security. When faced with those things, my next step would be to consider how much is original versus built on underlying technologies I know and trust; information that is lacking.

If you’re launching a business, I would suggest making sure the business looks legitimate; if it’s a pet project, trying to make yourself sound like a big business and then not having the footprint gives off “fake”/scam/caution vibes. If you’re a solo dev, drop all the fake business stuff and get rid of the buzz words and “it can do everything” marketing and focus on what it excels at as an open source project.

People are going to be skeptical (rightfully) that a solo dev/no name company is going to suddenly drop a product that rivals those of massive companies. Either massive shortcuts were taken, or there is a high chance that it will be insecure, which is not something you want from a VPN or any of the other things it claims to do. If you’ve built on existing secure technologies, you should emphasizing them because known names that have a security history are going to build a lot more trust than a no-name product.

If a software is hard to explain the purpose of to an average person in a single sentence, you have an uphill battle. Listing more features isn’t usually going to be the answer, regardless of how accurate you’re attempting to be. “It’s a VPN! and a PaaS! and a ZTNA! And an API Gateway! and AI!” It screams “please download me” rather than “I’m here to solve a problem“, which is why I wouldn’t even bother to try it; the opposite of what any project is going for.

My intention isn’t to just be critical, but rather to point out things that are likely harming your efforts.

replies(3): >>44413295 #>>44414268 #>>44418633 #
geoctl ◴[29 Jun 25 14:08 UTC] No.44413295[source]
Thank you for your insightful feedback. I completely understand the criticism because Octelium is conciously designed to be many things at the same time. As mentioned in the other replies, Octelium is a unified/generic zero trust access platform that can fit in many human-to-workload and workload-to-workload use cases (the docs contain various examples in detail) that's why it might be confusing for newcomers. The initial commit came out of nowhere because I've been working on this project since early 2020 actually and decided to start with a clean public repo when I publicly released the code a month ago, after nearly 9000 manual commits over the past 5 years. I simply could not verify that I could have potentially leaked private info esepcially in early commits and the project itself almost entirely changed over the past 5 years from a simple remote access WireGuard VPN to what it is today in terms of architecture, features and complexity.
replies(1): >>44413813 #
cyanydeez ◴[29 Jun 25 15:19 UTC] No.44413813[source]
I think the primary concern was you look like a State actor using a AI to generate a project you hope private companies will use and your intentions don't appear clear, and the verbose replies & github suggest a lot of effort into a facade without anything else.

One might posit that you're repackaging a fOSS project from somewhere with no clear ethos.

replies(1): >>44413900 #
geoctl ◴[29 Jun 25 15:30 UTC] No.44413900[source]
I have been developing the project solo on a private GitHub repo since 2020. I am not VC-backed or whatever else, Octelium has been a solo effort so far basically. The project itself is now 100% open source as you can see. However, even if I open sourced the initial private repo, what would make you believe that I am who I really am? maybe even all those git commits from 2020 weren't really from 2020 and their timestamps have been spoofed to make you believe so. If 100% of the codebase of the project being open source is still not enough, I guess nothing can be enough.
replies(2): >>44415141 #>>44419298 #
illiac786 ◴[30 Jun 25 04:14 UTC] No.44419298[source]
Don’t let these comments get to you.

If they don’t trust you, it’s their right, but then they should just not use the software, instead of writing this type of caustic comments. Poor form in my view.

Keep up, it looks amazing!!

replies(2): >>44419442 #>>44422695 #
geoctl ◴[30 Jun 25 04:38 UTC] No.44419442[source]
If anything I am actually thankful to HN for the opportunity letting me show my work here. Negative comments are not really that big of an issue for me. I just wish they were generally clearer and more specific so that I can easily fix whatever needs to be fixed. Most of the complaints were simply related to the README while I was expecting and honestly hoping for critique for the architecture and internals of Octelium itself.
replies(1): >>44443195 #
therealpygon ◴[02 Jul 25 12:58 UTC] No.44443195[source]
That is sort of the point of what you are considering “negative” comments. For clarity, my comment was advice on how you can improve the public persona of your project.

You seem to have pointed out but equally not registered that you identified exactly the issue: if your readme is filled with red flags, no one is going to invest their time (which is what you are asking for) looking at your code or trying it.

I completely understand as a developer how the “marketing” (readme) of a project may not seem that important or that it should be super accurate, and that it can be easy to fall into the pattern (as can be seen) of looking at every comment that brings voice to criticisms as being “negative”. You’re simply too close to the problem and are therefore only seeing the trees for the forest, while everyone is trying to tell you that you should probably remove the giant fence in front of the trees.

replies(1): >>44446584 #
1. geoctl ◴[02 Jul 25 17:38 UTC] No.44446584[source]
Thank you again. I meant by "negative" that they are critical as opposed to insulting. As I mentioned before in this thread, I usually don't find negative/critical comments offensive at all. Believe me, the last thing that I would want for an open source project that I have been working on for years now is to show it to people, especially technical people, with poor wording or hard-to-understand terms. That was never intentional by me. In fact, the reason that README is too long is that I wanted to explain all the features and use cases in detail while add additional links to the docs for those who want to understand more which probably made it even more overwhelming for those unfamiliar with zero trust architectures. I will definitely do my best to improve the README and docs with time as I get more honest feedback like in this thread. Thank you.