Nebula

Nebula creates an encrypted overlay mesh that connects machines across different networks into one private network. It's a VPN that doesn't need a central server to route all traffic. Every node connects directly to every other node, peer-to-peer. MIT license, Go. Built by Slack's infrastructure team for their own use, then open sourced. Uses a lighthouse node for discovery (helps nodes find each other) but actual traffic flows directly between peers. WireGuard-style encryption, runs on Linux, macOS, Windows, iOS, and Android.

Fully free. No paid tier, no managed service. Defined Networking (the company behind it) sells a managed control plane but Nebula itself is completely free to self-host.

Solo: overkill unless you're connecting personal machines across locations. Small teams (2-10): solid for connecting dev environments to cloud resources without exposing ports. Medium to large: this is where Nebula shines: hundreds of nodes across cloud providers and offices on one flat network.

The catch: you're building your own network infrastructure. Certificate management, firewall rules, lighthouse configuration, it's not hard but it's not "install and go" either. If you just need remote access to a few servers, Tailscale (which is built on WireGuard) is dramatically simpler. Nebula is for teams that want full control and are willing to manage it.