Hacker Newsnew | past | comments | ask | show | jobs | submit | miloschwartz's commentslogin

Pangolin is also a good choice. Can be fully self-hosted. Also based on WireGuard.

Handles both browser-based reverse proxy access and client-based P2P connections like a VPN.


Pangolin is a good solution to this because you can optionally self-host it which means you aren't limited by Cloudflare's TOS / limits.


Also achievable with Tailscale. All my internal services are on machines with Tailscale. I have an external VPS with Tailscale & Caddy. Caddy is functioning as a reverse proxy to the Tailscale hosts.

No open ports on my internal network, Tailscale handles routing the traffic as needed. Confirmed that traffic is going direct between hosts, no middleman needed.


Another vote for Pangolin! Been using it for a month or so to replace my Cloudflare tunnels and it's been perfect.


Pangolin handles this nicely. You can define alias addresses for internal resources and keep the fully private and off the public internet. Also based on WireGuard like Tailscale.


That's awesome! Pangolin is a great alternative to Cloudflare tunnels. It can also replace Warp for direct, private connections via the VPN clients.


Hey, great to see you here! Thanks for maintaining this great list of tools. :)


Traditional reverse proxies require a public IP and open firewall ports. Pangolin uses a tunneled reverse proxy to expose resources behind restrictive firewalls without those requirements.

A single Pangolin server can tunnel to multiple remote networks, centralizing apps from different locations into one place. It also includes VPN clients and handles NAT traversal as an alternative to traditional VPNs for direct connections.


Hiding an IP and security are not necessarily the main use cases.

The tunneled reverse proxy aspect comes in handy when trying to expose internal apps on a network behind a hard NAT where ports can't be opened and a public IP address isn't available (like CGNAT).

Pangolin is also a VPN like Tailscale/Twingate/etc, so you can access non http resources via a direct connection via WireGuard and NAT traversal.


Thanks! :)


Pangolin is dual licensed under the AGPLv3 and the Fossorial Commercial License. The community edition includes no commercial license code and is fully AGPL compliant. The enterprise edition is also free to use for personal use.


Yes but enterprise edition seems to be falsly advertised on the main site as open source. And the community and enterprise editions are mixed in the source code making compilations of community edition complicated.


Pangolin could be a great open source alternative if you prefer to self host the server component. You could even set up WAF with CrowdSec which is awesome


Consider applying for YC's Fall 2026 batch! Applications are open till July 27.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: