open source · flexaccessdev

Reach private networks without opening a single port.

Tunneling and VPN utilities where the client dials the server by a stable cryptographic identity — NAT traversal and relay fallback built in, everything end-to-end encrypted. The server needs no public IP, no inbound port, no port forwarding.

Both tools available on
  • CLI
  • Linux
  • macOS
  • Windows
  • iOS
  • No inbound ports

    The server needs no public IP, no open port, and no port forwarding — clients dial a stable cryptographic identity instead of an address.

  • NAT traversal built in

    Direct paths are hole-punched through NAT and CGNAT; an encrypted relay carries traffic whenever a direct path isn't available.

  • End-to-end encrypted

    Traffic is encrypted from client to server. Relays that forward it can't read it.

  • Token-authenticated

    Every client presents its own auth token — whoever runs the server decides exactly who gets access.

The tools

flexaccess.dev/ezvpn

ezvpn

The easy-setup VPN for reaching private networks.

  • IP layer
  • root required

Full IP routing to a private network — whole subnets, any protocol — set up with just a server key and a shared auth token, dynamic client addressing, and no inbound port to open or forward.

Available on
  • CLI
  • Linux
  • macOS
  • Windows
  • iOS

flexaccess.dev/flextunnel

flextunnel

The rootless split tunnel for private TCP services.

  • proxy layer
  • no root

Reach TCP services behind a server over a local SOCKS5 / HTTP proxy or forwarded ports — with server-side DNS, reverse-routing agents and server-to-server bridges for networks the server can't reach directly, and no admin rights on either end.

Available on
  • CLI
  • Linux
  • macOS
  • Windows
  • iOS

Which one do I want?

You needReal IP routing — whole subnets, any protocolTCP access to specific services — web UIs, SSH, databases
PrivilegesRoot / Administrator to create the network interfaceNone, on either end
How apps connectTransparently, through the system routing tableThrough a local SOCKS5 / HTTP proxy
Alongside another VPNiOS allows only one active VPN at a timeYes — it isn't a VPN