Overview

Holesail is a peer-to-peer networking and tunneling system that lets you securely access services running on private machines, anywhere on the internet—without port forwarding, static IP addresses, user accounts, or centralized infrastructure.

Holesail creates direct, encrypted connections between peers. There are no relay servers, no traffic brokers, and no control plane that can observe your network or your data.

This documentation introduces the Holesail model, its guarantees, and how it differs from traditional VPNs and hosted tunneling solutions.

How Holesail Works

Holesail connects two peers directly using a shared connection key (or QR code). That key enables:

• Peer discovery — only peers with the key can find each other

• Authentication — no usernames, passwords, or accounts

• Encryption — all traffic is end-to-end encrypted by default

Once connected, Holesail tunnels TCP and UDP traffic as if both peers were on the same local network.

There is no central coordination server, no relay path, and no metadata collection. Traffic flows directly between peers.

Design Principles

Peer-to-Peer by Default

Holesail is built on a strictly peer-to-peer architecture. Connections are established directly between devices, without fallback relays or intermediaries.

Only the peer you explicitly share a connection key with can discover and connect to your service. Other peers on the network cannot see:

• What services you are running

• Whether those services are active

• Whether you are using Holesail at all

Zero Configuration

Holesail requires no network setup:

• No port forwarding

• No static IP addresses

• No firewall configuration

• No NAT or router changes

Run a single command, scan a QR code, and connect.

End-to-End Security

All Holesail connections are encrypted end to end. Encryption is applied automatically and cannot be disabled.

Because there are no intermediary servers, traffic never passes through third-party infrastructure. Data is visible only to the peers involved in the connection.

This model significantly reduces the attack surface compared to publicly exposed services or hosted tunneling systems.

Zero-Knowledge Architecture

Holesail does not operate any control plane or metadata service:

• No user accounts

• No identity database

• No connection logs

• No usage tracking

Holesail cannot see who is using the network, what is being shared, or how it is used.

Open Source

Holesail and all of its core components are fully open source. The source code is available for inspection, modification, and integration.

This enables independent security review and allows third parties to embed Holesail into their own products and workflows.

Key Capabilities

• Peer-to-peer tunnels Direct connections without intermediary servers.

• Zero setup No configuration or networking expertise required.

• TCP and UDP support Tunnel services that rely on either protocol.

• Unlimited bandwidth No artificial limits or throttling.

• End-to-end encryption Always on, with no trusted third parties.

• Built-in file sharing Securely transfer files and folders between peers.

• Cross-platform support Works on Linux, macOS, Windows, iOS, and Android using Bare modules and the Pear runtime.

• Command-line interface Simple, scriptable CLI designed for automation and daily use.

Common Use Cases

• Access private machines remotely without exposing ports

• Share locally running web servers, APIs, and AI models

• Secure SSH access without public IPs

• Play LAN-based games like Minecraft over the internet

• Transfer large files without size limits

• Access self-hosted services such as:

  • Vaultwarden

  • Portainer

  • RustDesk

  • Ollama

  • Minecraft servers

  • BTCPay Server

If a service runs locally, Holesail can make it reachable—securely and directly.

Why Holesail

“It’s Tailscale but without servers, no accounts, and no complicated setup.” — Guy Swann

It’s Tailscale but without servers, no accounts, and no complicated setup. Just scan the QR, and you’re connected, encrypted, fast, and easy.

— From Guy Swann

I’ve become a Holesail addict. If I can’t just generate a key and connect remotely to my service now, I’m now just looking for a replacement that does let me do this. I don’t even try anymore. It’s either as easy as Holesail, or I’ll find a replacement 🤣

— From Pear Report

Just used @holesail_io to connect to a service running on Linux localhost on my MacBook. I can use it easily and from anywhere.

Even via Terminal, this is the easiest and quickest way I've ever connected two computers and shared a service/app. Generate key, paste key, done.

Holesail allows us to provide a revolutionary Peer-to-Peer (P2P) tunnelling solution, giving users instant access to their local networks without the need for complex configurations. This innovative approach ensures seamless connectivity and robust security through end-to-end encryption. — From Discord Linux

For teams and individuals who want private networking without infrastructure ownership or trust assumptions, Holesail offers a minimal, transparent alternative.

Get Started

Follow the quickstart guides to install Holesail, generate a connection key, and connect your first service in minutes.