open source · flexaccessdev

Reach private networks without opening a single port.

Tunneling and VPN utilities where the client dials the server by a stable cryptographic identity — NAT traversal and relay fallback built in, everything end-to-end encrypted. The server needs no public IP, no inbound port, no port forwarding.

  • No inbound ports

    The server needs no public IP, no open port, and no port forwarding — clients dial a stable cryptographic identity instead of an address.

  • NAT traversal built in

    Direct paths are hole-punched through NAT and CGNAT; an encrypted relay carries traffic whenever a direct path isn't available.

  • End-to-end encrypted

    Traffic is encrypted from client to server. Relays that forward it can't read it.

  • Token-authenticated

    Every client presents its own auth token — whoever runs the server decides exactly who gets access.

The tools

flexaccess.dev/ezvpn

ezvpn

The easy-setup VPN for reaching private networks.

  • IP layer
  • root required
  • CLI · iOS · macOS · Windows

Full IP routing to a private network — whole subnets, any protocol — with dynamic client addressing and zero port forwarding.

flexaccess.dev/flextunnel

flextunnel

The rootless split tunnel for private TCP services.

  • proxy layer
  • no root
  • CLI · iOS

Proxy-level access to TCP services behind a server — server-side DNS, userspace sockets, and no admin rights needed on either end.

Which one do I want?

You needReal IP routing — whole subnets, any protocolTCP access to specific services — web UIs, SSH, databases
PrivilegesRoot / Administrator to create the network interfaceNone, on either end
How apps connectTransparently, through the system routing tableThrough a local SOCKS5 / HTTP proxy
Alongside another VPNiOS allows only one active VPN at a timeYes — it isn't a VPN