Pangolin is an identity-based remote access platform built around WireGuard that combines reverse proxy and VPN capabilities in one stack. It lets teams expose specific web applications through browser-based access and reach private resources such as SSH, databases, RDP, or network ranges through client-based access. The product is positioned as zero-trust remote access: users authenticate through identity-aware rules and receive access to defined resources rather than blanket network reachability.
Current public materials describe Pangolin version 1.19.2 with platform support across macOS, iOS, Windows, Linux, and Android, plus peer-to-peer tunnels and clientless browser access across on-prem, cloud, and edge environments. The docs describe cloud and self-host deployment paths, while the homepage and repository show roughly 21K+ GitHub stars. License handling should be described carefully: GitHub reports NOASSERTION and the raw license text includes commercial-license language, so it is safer not to frame Pangolin as simply AGPL-only.
Current pricing has moved to a clearer Cloud/Self-Hosted selector with Basic Free, Team at $4 per user per month, Business at $9 per user per month, and Enterprise custom pricing. Pangolin is best for teams that want a managed or self-hosted alternative to combining separate VPN, tunnel, and reverse-proxy systems, especially when browser access, private-resource access, SSO/OIDC, device approvals, audit logging, and enterprise support need to live under one administrative model.
