The enterprise remote access market is a fortress of billion-dollar contracts and entrenched security policies. Pangolin is trying to tunnel in from the outside. The San Francisco-based startup, founded in 2025, is building an open-source platform for identity-aware VPN and proxy access, using WireGuard as its cryptographic core [Y Combinator, 2025]. Its wedge is self-hosting: the promise of a cloud-hybrid or fully on-premises deployment for teams that can't or won't route traffic through a third-party cloud [Fondo, 2025].
The Self-Hosting Wedge
Pangolin's pitch is built on a specific architectural choice. It offers secure tunnels, VPN, and clientless browser access to private infrastructure like internal dashboards or IoT devices [pangolin.net, 2025]. The key differentiator is control. While competitors like Cloudflare Tunnels and Zscaler ZPA are delivered as managed services, Pangolin's open-source code can be deployed in a company's own environment, with cloud coordination available only for high-availability failover [Fondo, 2025]. This targets a clear, if niche, customer: enterprises in regulated industries, or with sensitive operational technology (OT) and edge computing environments, where data sovereignty and network control are non-negotiable.
The platform's identity-aware access control layers user authentication and authorization directly onto the network tunnel, a zero-trust approach that moves beyond simple IP whitelisting [pangolin.net, 2025]. For a DevOps team needing to expose a Grafana dashboard securely, or an industrial firm managing remote factory equipment, the combination of self-hosting and baked-in identity could simplify a historically complex security stack.
A Market of Giants and Gateways
Pangolin enters a field defined by scale and specialization. Its documented competitors illustrate the challenge and the opportunity.
| Competitor | Primary Model | Key Differentiator |
|---|---|---|
| Cloudflare Tunnels | Managed Service | Massive global network, integrated with broader security suite |
| Zscaler ZPA | Managed Service | Full zero-trust network access (ZTNA) for large enterprises |
| Ngrok | Developer-First | Simplicity and speed for exposing local development servers |
Pangolin's open-source, self-hosted approach carves out a distinct lane. It is not trying to out-cloud Cloudflare. Instead, it is betting that a segment of the market values ownership over convenience, and that this segment is large enough to build a venture-scale business. Early adoption signals come from the homelab and tinkerer community, with users documenting setups for VPS-to-home tunnels and zero-trust homelabs [RamNode, 2026] [Reddit, 2026]. This bottom-up, developer-friendly adoption is a classic path for infrastructure software, though the leap to enterprise sales is a taller order.
The Road from YC to ACV
The company's early financial footing comes from Y Combinator, which lists Pangolin as an active participant [Y Combinator, 2025]. The size of its seed round, closed in 2025, remains undisclosed, with lead investors not named in the public record [Y Combinator Jobs, 2026]. The founding team of Owen Schwartz, Milo Schwartz, and Alexander Halpern is actively hiring for founding engineers, signaling a build-out phase [Y Combinator Jobs, 2026]. Traction in the form of named enterprise customers or disclosed revenue is not yet public, leaving the commercial motion unproven at the six-figure annual contract values required for venture scale.
The risks are straightforward. The open-source model aids adoption but can complicate monetization. The technical differentiator must be compelling enough to justify the operational overhead of self-management versus a click-to-deploy SaaS alternative. And the sales motion must evolve from individual contributors in homelabs to security committees in Fortune 500 boardrooms. The company's most plausible answer is already visible in its partnership with Elest.io, which offers managed Pangolin hosting starting at $14 per month, providing a bridge for teams that want the software but not the ops burden [Elest.io, 2025].
For now, Pangolin's bet is anchored in code and control. Its 2025 seed funding, backed by Y Combinator's network, gives it runway to prove that a self-hosted, identity-aware tunnel can become more than a niche tool. The question for the next 12 months is whether it can convert early technical admiration into the first seven-figure enterprise deal.
Sources
- [Y Combinator, 2025] Pangolin: Identity-aware VPN and proxy for remote access to anything, anywhere. | https://www.ycombinator.com/companies/pangolin
- [Fondo, 2025] Pangolin launches | https://fondo.com/blog/pangolin-launches
- [pangolin.net, 2025] Pangolin | https://pangolin.net
- [Y Combinator Jobs, 2026] Founding Engineer at Pangolin | https://www.ycombinator.com/companies/pangolin/jobs/7DeBchl-founding-engineer
- [Elest.io, 2025] Pangolin | https://elest.io/open-source/pangolin
- [RamNode, 2026] Part 1: Pangolin Setup, VPS-to-Home Tunnels | Zero-Trust Homelab | https://ramnode.com/guides/series/zero-trust-homelab/pangolin-setup
- [Reddit, 2026] r/PangolinReverseProxy on Reddit: I tried putting Pangolin's WireGuard site config on my home router | https://www.reddit.com/r/PangolinReverseProxy/comments/1nmvb3o/i_tried_putting_pangolins_wireguard_site_config/