Octelium
Table of Contents
What is Octelium?
Octelium is a free and open source, self-hosted, unified platform for zero trust resource access that is primarily meant to be a modern alternative to remote access VPNs and similar tools. It is built to be generic enough to not only operate as a zero-config remote access VPN (i.e. alternative to OpenVPN Access Server, Twingate, Tailscale, etc...), a ZTNA platform (i.e. alternative to Cloudflare Access, Teleport, Google BeyondCorp, etc...), a scalable infrastructure for secure tunnels (i.e. alternative to ngrok), but can also operate as an API gateway, an AI gateway, an infrastructure for MCP gateways and A2A architectures, a PaaS-like platform for secure as well as anonymous hosting and deployment for containerized applications, a Kubernetes gateway/ingress/load balancer and even as an infrastructure for your own homelab. Octelium provides a scalable zero trust architecture (ZTA) for identity-based, application-layer (L7) aware secret-less secure access, via both private client-based access over WireGuard/QUIC tunnels as well as public clientless access (i.e. BeyondCorp), for users, both humans and workloads, to any private/internal resource behind NAT in any environment as well as to publicly protected resources such as SaaS APIs and databases via context-aware access control on a per-request basis through policy-as-code.
Use Cases
Octelium is designed to be generic enough (check out the main features below for more details) to be completely or partially used as a solution for various use cases depending on your needs/requirements, notably:
Modern remote access VPN A modern zero trust L-7 aware alternative to commercial remote access/corporate VPNs to provide zero-config client-based over WireGuard/QUIC tunnels as well as client-less secret-less access via dynamic identity-based, L-7 aware, context-aware access control via policy-as-code (i.e. alternative to OpenVPN Access Server, Twingate, Tailscale, etc...).
A modern zero trust L-7 aware alternative to commercial remote access/corporate VPNs to provide zero-config client-based over WireGuard/QUIC tunnels as well as client-less secret-less access via dynamic identity-based, L-7 aware, context-aware access control via policy-as-code (i.e. alternative to OpenVPN Access Server, Twingate, Tailscale, etc...). Unified ZTNA/BeyondCorp architecture A Zero Trust Network Access (ZTNA) platform/ BeyondCorp architecture (i.e. alternative to Cloudflare Access, Google BeyondCorp, Zscaler Private Access, Teleport, Fortinet, etc...).
Self-hosted infrastructure for secure tunnels A self-hosted secure tunnels and reverse proxy programmable infrastructure (i.e. alternative to ngrok, Cloudflare Tunnel, etc...). You can see an example here.
... continue reading