A next-generation, self-hosted alternative to corporate VPNs, ZTNA, secure tunnels, API gateways, and AI infrastructure—all in one unified platform
Octelium is a newly open-sourced project that delivers a modern, unified, and self-hosted platform for secure resource access. Built as a free and open-source (FOSS) alternative to traditional VPNs and commercial Zero Trust Network Access (ZTNA) platforms, Octelium brings a fresh architecture grounded in identity-aware proxies, application-layer (L7) context, and secret-less authentication.
Designed and developed since 2020 by George Badawi, Octelium is now available to the public in beta, but already offers a production-ready foundation for secure access, deployment, and connectivity—from homelabs to large-scale infrastructure.
🔐 What is Octelium?
Octelium is an identity-first, policy-driven, and fully self-hosted platform for secure access to internal and external resources. It replaces a wide range of tools and services, including:
- Commercial VPNs (e.g., OpenVPN, Tailscale)
- ZTNA solutions (e.g., Cloudflare Zero Trust, Google BeyondCorp, Zscaler)
- Remote access tools for developers, workloads, and DevOps pipelines
- Secure tunneling platforms (e.g., ngrok, Cloudflare Tunnel)
- Self-hosted API and AI gateways with L7-aware access control
- PaaS-like environments for container hosting
- Advanced alternative to Kubernetes Ingress
- Homelab and IoT secure access across NATs
With Octelium, you can connect users and workloads to any resource—behind NAT or publicly exposed—without changing infrastructure or opening ports.
🧰 Use Cases
- Zero Trust remote access via WireGuard or QUIC tunnels (no client config)
- Browser-based clientless BeyondCorp-style access with OAuth2/SAML
- Secure tunnels for APIs and web apps, replacing tools like ngrok
- Private and anonymous container deployment over Kubernetes
- Self-hosted API gateway with L7 access control and policy-as-code
- AI gateway for securely routing to LLM providers with identity enforcement
- MCP/A2A gateway infrastructure for agents and tools needing secure transport
- Personal cloud and homelab management with unified access control
🚀 Core Features
- Zero Trust by design: L7-aware, identity-based access to any resource
- Secret-less authentication: No passwords, no API keys, no Kubeconfigs
- Context-aware access control: ABAC + CEL/OPA policies per request
- Continuous authentication: OIDC, SAML, MFA with WebAuthn/FIDO2
- Policy-as-code engine: Define access and routing logic via CEL or Rego
- Programmable & declarative: Full CLI and gRPC-based API
- OpenTelemetry integration: Realtime L7 audit logs and SIEM exports
- No admin users by default: Zero standing privileges (ZSP) architecture
- Universal dual-stack DNS: Internal resources get stable IPv4/IPv6 addresses
- Self-hostable on any Kubernetes: From a single-node VPS to HA clusters
⚙️ How to Get Started
Install the CLI
Linux/macOS:
curl -fsSL https://octelium.com/install.sh | sh
Code language: JavaScript (javascript)Windows (PowerShell):
iwr https://octelium.com/install.ps1 -useb | iex
Code language: JavaScript (javascript)Deploy Your First Cluster
On a VPS (Ubuntu/Debian-based):
curl -o install-demo-cluster.sh https://octelium.com/install-demo-cluster.sh
chmod +x install-demo-cluster.sh
./install-demo-cluster.sh --domain yourdomain.com
Code language: JavaScript (javascript)📝 Project Status and Philosophy
- Now in public beta, stable core features
- Over 9,000 commits since 2020, open-sourced in May 2025
- Fully functional self-hosted FOSS—no SaaS traps, no SSO paywalls
- No server-side “black box” logic—you control everything
- Commercial support available via alternative licensing to AGPLv3
- PRs not yet accepted, but community feedback and bug reports are welcome
📎 Key Links
- GitHub: https://github.com/octelium/octelium
- Docs: https://docs.octelium.com
- Community: Discord • Slack
- Contact: [email protected]
💬 Final Thoughts
Octelium isn’t just an open-source VPN—it’s a comprehensive, modern Zero Trust infrastructure layer for securing workloads, APIs, and users across any environment. Whether you’re managing a corporate network, deploying AI services, or just running a secure homelab, Octelium gives you full control and visibility with a cloud-native, developer-friendly approach.
Self-hosted. Auditable. Flexible. Ready for the future of secure access.
