Skip to content

HarvsG/WireGuardMeshes

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

82 Commits
 
 
 
 

Repository files navigation

Compare WireGuard Mesh Tools

WireGuard is an extremely simple yet fast and modern VPN that utilizes state-of-the-art cryptography and supports mesh networking. However, by default it requires manual configuration. Adding a new client to the network would require the admin to update O(n2) client configurations each time. wg-dynamic was a proposed native WireGuard tool that would help with autoconfiguration, unfortunately development of this has gone stale. So here are a list of alternatives.

Table

Feature\Software Open source Free Full Mesh Auto conf Devices Supports Users Allows full tunnel Subnet Access NAT traversal Linux Windows MacOS Android iOS OpenWRT Custom DNS
Vanilla WireGuard Unlimited ✴️ ✴️ ✴️ ✴️ ✴️ ✴️
Tailscale 0 ❌🆓 Unlimited 1️⃣0️⃣0️⃣ ✅ 3️⃣ 🌐 🌐🔏 🌐🔏 🌐 🌐🔏 3
Headscale Unlimited 🌐 🌐 🌐 🌐2 🌐🔏2
Netmaker 1 Unlimited 🌐 🌐 🌐 ✴️❄️ ✴️❄️
WGSD Unlimited
Innernet Unlimited
Wesher Unlimited
NetBird Unlimited 1️⃣0️⃣0️⃣ 🌐 🌐
wgmesh Unlimited 🌐
wiresmith Unlimited 🌐
webmesh Unlimited 🌐 🌐 🌐 🔜 🔜 🔜
NordVPN Meshnet 4 1️⃣0️⃣ 🌐 🌐 🔏 🌐 🔏 🌐 🔏 🌐 🔏 🔜

0Tailscale's client code is open source. Tailscale's control server code is entirely closed source (It's a SaaS product).

1Netmaker uses the SSPL license, which is not an "official" open source license occording to the OSI.

2Headscale uses the tailscale mobile clients. Andriod instructions. iOS

3When routing all traffic through an exit node tailscale ignores custom DNS. Issue

4Open source parts: libtelio - multiplatform meshnet library, nordvpn-linux - vpn client app for linux with integrated meshnet feature, libdrop - multiplatform file-sharing-over-meshnet library.

510 peers per account. Can connect to up to 50 devices from other accounts.

Legend

  • 🆓 Has free tier
  • 3️⃣ Limited amount on free tier (e.g 3)
  • 🔏 This software version is closed source
  • 💳 Paid version only
  • 🌐 Client can join as member of the full mesh
  • ✴️ Client can join as a 'spoke' off a node/gateway on the mesh
  • ❄️ Client can join the network but updates to the network are not automatically propgated to the client
  • 🔜 Developer claims the feature is coming soon
  • 0 Significant exception to the feature (should link to explanation)

Disclaimers

  • WireGuard is a registered trademark of Jason A. Donenfeld.
  • I do not independently verify each of the features and generally rely on the honesty of contributors please open an issue if you find any mistakes.

Changes

Please help update this table by using issues or pull requests. You may find https://www.tablesgenerator.com/markdown_tables helpful (File -> paste table data)

Columns

Column Description
Feature\Software The name and hyperlink to the project's main repository or website.
Open source Is the project open source.
Free Is the project entirely free to download, install and use.
Full Mesh Does the project allow every peer to communicate with every other peer directly. Relying on AllowedIPs to route traffic via a central peer in a hub and spoke model does not count.
Auto conf When a new peer is added to the mesh, are all other peers update automatically. Usually a requirement to be featured in this repo
Devices How many devices can the mesh support.
Supports Users Does the project allow users to be configured, usually for user access control.
Allows full tunnel Is the project capable of tunnelling all external traffic over at least one of the peers.
Subnet Access Can a device 'expose' the devices on its subnet to peers, usually using wiregaurd's AllowedIPs. This could allow you to access resources on your home network if your router was connected to the mesh, for example.
NAT traversal Can two peers that are each behind a separate NAT communicate with one another. This usually requires some other non-NATed central peer to update each NATed peer with the other's IP and port. Sometimes called NAT hole-punching
Linux Can the project be set up on a Linux machine e.g Ubuntu
Windows Can the project be installed on a Windows machine.
MacOS Can the project be installed on a MacOS machine.
Android Is there an Android App and can it connect to every other peer.
iOS Is there an iOS App and can it connect to every other peer.
OpenWRT Can the project be installed on an OpenWRT router. Useful if you want everything on your network to be able to access the devices on the mesh
Custom DNS Can the DNS provider used by all peers be configured centrally.

About

A text repo to feature-track WireGuard mesh software

Resources

Stars

Watchers

Forks