Show HN: Netrinos – A keep it simple Mesh VPN for small teams (netrinos.com)
Netrinos creates a LAN-like overlay network across your devices. Connections are direct P2P via WireGuard, with no central server routing traffic. Each device gets a stable IP and DNS name (pc.you.netrinos.com). When direct connections fail, they fall back to a relay server that's still encrypted end-to-end. We can't see your traffic.
The most challenging problem to solve was NAT traversal. UDP hole punching works most of the time. The rest is a cocktail of symmetric NAT, CGNAT, and serial NATs. We use STUN-style discovery and relay fallback for the edge cases. I was surprised by how unreliable low-end ISP routers really are, and how much technical wizardry it takes to hide that behind a clean, simple UX.
Our stack is a Go backend for client and server, WireGuard kernel mode for Linux and Windows (macOS is userspace), Wails.io for cross-platform UI. WireGuard does all the heavy lifting. Go ties it all together.
Popular use cases include: RDP to home PCs, accessing NAS without exposing it, and SSH into headless Linux boxes. One customer manages hundreds of IoT devices in the field, eliminating the need to deal with customer routers.
We just released Pro with multi-user, access control, and remote gateway routing. Personal is free (up to 100 devices).
I'd love to hear what you expect from a simple mesh VPN, what's missing from current tools, and what's lacking from your remote access setup. Use code HNPRO26 for a 30-day trial of Pro.
23 comments
[ 3.5 ms ] story [ 48.4 ms ] threadEdit: Just found this post https://netrinos.com/blog/tailscale-alternatives-2025, so it looks like main differentiator is pricing right now.
Love to see the ecosystem of wireguard based services growing into different business segments, i.e. you targeting SMBs/small teams.
Not for me, but legitimate use case and product :)
Not really related to the product itself, but your landing page design looks close to the official Microsoft style which I dont have the best memories of..
It might be intentional to show the "seamless integration" to Windows users but my penguin loving soul got scared!
We all get that sometimes companies have IT policies which are outdated and get in the way, but that's a problem for someone up the chain to solve. A team or department deciding to just start doing their own thing with something like this which isn't managed by or even known about by the official company IT is at best a path to future problems if not an immediate compliance problem.
As I understand it, with traditional VPNs, you basically have to trust third-party audits to verify the VPN isn't logging all traffic and selling it. Does the WireGuard protocol address theses issues? Or is there still the same risk as a more traditional VPN provider?
How does your relay compare to Tailscale's (DERP)?
Netrinos uses a central rendezvous server that participates in WireGuard handshakes solely to collect your devices' public endpoints and share that information with your other devices. When a device roams to a new location, the server learns the new endpoint and updates the other devices in your account.
When direct P2P fails, Netrinos connections fall back to a relay server. The relay is a WireGuard peer, but it can only relay traffic between peers in your account. All customer accounts are strictly firewalled from each other.
If you want more control, you can enable a device in your account as a relay server with a checkbox in the app. This could be a home PC with a stable connection or a low-cost cloud server.
The obvious competitor here is Tailscale. But let's say, reasons, and Tailscale isn't an option. Then you go down the path... TwinGate, Teleport, Netbird, Pomerium, Netmaker, ZeroTier, etc...
Even the initial pricing and free tier are you're up against are going to mostly be a deal breaker compared to what's out there.
Trusting a VPN provider is a lot. If you're running the control plane - why should I trust Netrinos?
If you install the OpenSSH server on Windows, you can manage Netrinos in a terminal, just like on Linux or Mac. e.g.
https://netrinos.com/cdn/images/screens/windows-terminal.png
https://netrinos.com/cdn/images/screens/linux-terminal.png
On a trip to Europe last year, I tried it from the Air Canada in-flight WiFi somewhere over Iceland. I was able to RDP to my desktop at home, then RDP right back to my laptop on the plane. Performance wasn't great. And it's not a terribly useful use case. But it did work.
Wireguard deserves a lot of credit there. No ports were opened on my home end. And who knows what the plane has for NAT.