Skip to content

holesail/docs

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

6 Commits
.gitbook/assets
.gitbook/assets
 
 
installation-guide
installation-guide
 
 
terminology
terminology
 
 
usage-guide
usage-guide
 
 
README.md
README.md
 
 
SUMMARY.md
SUMMARY.md
 
 

Repository files navigation

Overview

{% hint style="info" %} Need help or have feedback? Reach us at hello@holesail.io. {% endhint %}

Holesail is a peer-to-peer networking and tunneling system that lets you securely access services running on private machines, anywhere on the internet—without port forwarding, static IP addresses, user accounts, or centralized infrastructure.

Holesail creates direct, encrypted connections between peers. There are no relay servers, no traffic brokers, and no control plane that can observe your network or your data.

This documentation introduces the Holesail model, its guarantees, and how it differs from traditional VPNs and hosted tunneling solutions.

How Holesail Works

Holesail connects two peers directly using a shared connection key (or QR code). That key enables:

  • Peer discovery — only peers with the key can find each other
  • Authentication — no usernames, passwords, or accounts
  • Encryption — all traffic is end-to-end encrypted by default

Once connected, Holesail tunnels TCP and UDP traffic as if both peers were on the same local network.

There is no central coordination server, no relay path, and no metadata collection. Traffic flows directly between peers.

Design Principles

Peer-to-Peer by Default

Holesail is built on a strictly peer-to-peer architecture. Connections are established directly between devices, without fallback relays or intermediaries.

Only the peer you explicitly share a connection key with can discover and connect to your service. Other peers on the network cannot see:

  • What services you are running
  • Whether those services are active
  • Whether you are using Holesail at all

Zero Configuration

Holesail requires no network setup:

  • No port forwarding
  • No static IP addresses
  • No firewall configuration
  • No NAT or router changes

Run a single command, scan a QR code, and connect.

End-to-End Security

All Holesail connections are encrypted end to end. Encryption is applied automatically and cannot be disabled.

Because there are no intermediary servers, traffic never passes through third-party infrastructure. Data is visible only to the peers involved in the connection.

This model significantly reduces the attack surface compared to publicly exposed services or hosted tunneling systems.

Zero-Knowledge Architecture

Holesail does not operate any control plane or metadata service:

  • No user accounts
  • No identity database
  • No connection logs
  • No usage tracking

Holesail cannot see who is using the network, what is being shared, or how it is used.

Open Source

Holesail and all of its core components are fully open source. The source code is available for inspection, modification, and integration.

This enables independent security review and allows third parties to embed Holesail into their own products and workflows.

Key Capabilities

  • Peer-to-peer tunnels
    Direct connections without intermediary servers.
  • Zero setup
    No configuration or networking expertise required.
  • TCP and UDP support
    Tunnel services that rely on either protocol.
  • Unlimited bandwidth
    No artificial limits or throttling.
  • End-to-end encryption
    Always on, with no trusted third parties.
  • Built-in file sharing
    Securely transfer files and folders between peers.
  • Cross-platform support
    Works on Linux, macOS, Windows, iOS, and Android using Bare modules and the Pear runtime.
  • Command-line interface
    Simple, scriptable CLI designed for automation and daily use.

Common Use Cases

  • Access private machines remotely without exposing ports
  • Share locally running web servers, APIs, and AI models
  • Secure SSH access without public IPs
  • Play LAN-based games like Minecraft over the internet
  • Transfer large files without size limits
  • Access self-hosted services such as:
    • Vaultwarden
    • Portainer
    • RustDesk
    • Ollama
    • Minecraft servers
    • BTCPay Server

If a service runs locally, Holesail can make it reachable—securely and directly.

Why Holesail

“It’s Tailscale but without servers, no accounts, and no complicated setup.”
— Guy Swann

It’s Tailscale but without servers, no accounts, and no complicated setup. Just scan the QR, and you’re connected, encrypted, fast, and easy.

— From Guy Swann

I’ve become a Holesail addict. If I can’t just generate a key and connect remotely to my service now, I’m now just looking for a replacement that does let me do this. I don’t even try anymore. It’s either as easy as Holesail, or I’ll find a replacement 🤣

— From Pear Report

Just used @holesail_io to connect to a service running on Linux localhost on my MacBook. I can use it easily and from anywhere.


Even via Terminal, this is the easiest and quickest way I've ever connected two computers and shared a service/app. Generate key, paste key, done.

Holesail allows us to provide a revolutionary Peer-to-Peer (P2P) tunnelling solution, giving users instant access to their local networks without the need for complex configurations. This innovative approach ensures seamless connectivity and robust security through end-to-end encryption.
— From Discord Linux

For teams and individuals who want private networking without infrastructure ownership or trust assumptions, Holesail offers a minimal, transparent alternative.

Get Started

Follow the quickstart guides to install Holesail, generate a connection key, and connect your first service in minutes.

About

No description, website, or topics provided.

Resources

Readme
Activity
Custom properties

Stars

1 star

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Contributors 3

  •  
  •  
  •