Posted by pcarroll 12/19/2025
Netrinos creates a LAN-like overlay network across your devices. Connections are direct P2P via WireGuard, with no central server routing traffic. Each device gets a stable IP and DNS name (pc.you.netrinos.com). When direct connections fail, they fall back to a relay server that's still encrypted end-to-end. We can't see your traffic.
The most challenging problem to solve was NAT traversal. UDP hole punching works most of the time. The rest is a cocktail of symmetric NAT, CGNAT, and serial NATs. We use STUN-style discovery and relay fallback for the edge cases. I was surprised by how unreliable low-end ISP routers really are, and how much technical wizardry it takes to hide that behind a clean, simple UX.
Our stack is a Go backend for client and server, WireGuard kernel mode for Linux and Windows (macOS is userspace), Wails.io for cross-platform UI. WireGuard does all the heavy lifting. Go ties it all together.
Popular use cases include: RDP to home PCs, accessing NAS without exposing it, and SSH into headless Linux boxes. One customer manages hundreds of IoT devices in the field, eliminating the need to deal with customer routers.
We just released Pro with multi-user, access control, and remote gateway routing. Personal is free (up to 100 devices).
I'd love to hear what you expect from a simple mesh VPN, what's missing from current tools, and what's lacking from your remote access setup. Use code HNPRO26 for a 30-day trial of Pro.
Thanks
https://netrinos.com/help/gateways-routing
You can also have multiple gateways and send traffic through different locations. e.g. You can access a NAS on one site and a website through another.
How does your relay compare to Tailscale's (DERP)?
Netrinos uses a central rendezvous server that participates in WireGuard handshakes solely to collect your devices' public endpoints and share that information with your other devices. When a device roams to a new location, the server learns the new endpoint and updates the other devices in your account.
When direct P2P fails, Netrinos connections fall back to a relay server. The relay is a WireGuard peer, but it can only relay traffic between peers in your account. All customer accounts are strictly firewalled from each other.
If you want more control, you can enable a device in your account as a relay server with a checkbox in the app. This could be a home PC with a stable connection or a low-cost cloud server.
Not really related to the product itself, but your landing page design looks close to the official Microsoft style which I dont have the best memories of..
It might be intentional to show the "seamless integration" to Windows users but my penguin loving soul got scared!
If it makes you feel better, all core development for Netrinos is done on Linux. Then, the code is adapted to work on macOS and Windows. Almost all of the code is cross-platform, including the UI. Only the implementation details are platform specific.
e.g. Linux uses nftables. MacOS uses pfctl. Windows, we had to write our own packet filter to avoid touching the often misconfigured Windows Firewall.