Best Open Source Secure Tunnels in 2026

Pangolin is an open-source, self-hosted identity-aware tunneled reverse proxy server featuring a sleek dashboard UI, designed to securely expose private resources across distributed networks without the need for opening inbound ports or dealing with complex firewall rules. It builds encrypted tunnels—often leveraging a user-space WireGuard client called Newt—to connect isolated services, supports HTTP/HTTPS as well as raw TCP/UDP traffic, automates SSL via Let’s Encrypt, enables load balancing, and integrates identity and access management with SSO, role-based access control, 2FA, temporary share links, OAuth2/OIDC integration, and more.

A self-hosted tunneling tool — like ngrok, but on your own domain. Expose local dev servers through subdomains on your VPS.