Product
Solutions
Enterprise
Customers
Docs
Blog
Pricing
Download
Contact sales
Get started - it's free!
Login
WireGuard is a registered trademark of Jason A. Donenfeld.
Terms of ServicePrivacy Policy
© 2025 Tailscale Inc. All rights reserved. Tailscale is a registered trademark of Tailscale Inc.
Go back

Five Leading Tunneling Solutions: Ngrok Alternatives

Ngrok alternatives are designed to make it easier for developers to share their local applications with others. Alternative VPN solutions like Tailscale simplify the setup process, enhance security, and support multiple protocols to provide flexibility and functionality.

As a developer, you might build and test a service locally before deploying it on a central server or in the cloud. Spinning up a new service is often too heavyweight for getting feedback on a new front-end UI or a blog post. Instead, you might want to share your local staged environment directly with others by exposing your local server to the internet securely.

ngrok is a developer-oriented tunneling product that generates public URLs for web servers running on a local machine. It allows others with access to the URL to connect to your machine, even through (Network Address Translators) NATs and firewalls.

ngrok can be accessed directly through the command line, simplifying the process of creating local tunnels. This makes it easy to create secure tunnels for exposing local servers to the public internet.

Both ngrok and Tailscale allow users to share what’s on their local network with other users. In this article, we’ll discuss five alternatives and closely compare Tailscale to ngrok so you can decide what’s best for your use case.

Introduction: Alternatives to ngrok

ngrok is a popular tool for exposing local web servers to the internet, but it has its limitations. Fortunately, there are many ngrok alternatives available that offer similar functionality with additional features and benefits. In this article, we will explore the top ngrok alternatives, their key features, and what to consider when choosing the best one for your needs.

What are ngrok Alternatives?

ngrok alternatives are software solutions that provide similar functionality to ngrok, a popular tunneling tool used to expose local web servers to the internet.

These alternatives offer a range of features, including:

  • Port forwarding
  • Custom domains
  • End-to-end encryption
  • Supports HTTP protocols
  • TCP tunnels for secure communication

This makes it easier for developers to share their local applications with others. Whether you’re looking to simplify your setup process, enhance security, or support multiple protocols, VPN alternatives to can provide the flexibility and functionality you need.

Why people choose ngrok

ngrok is a networking ingress platform aimed primarily at software developers. Its main purpose is to make it easier for development teams to share internal resources on an ad hoc basis.

One way to do this, of course, is by using a traditional VPN. With a VPN, you grant users access to all the resources on an internal corporate network via VPN client/server connectivity.

ngrok takes a different approach. It exposes specific internal endpoints that use HTTP, TLS, or TCP to the outside world. ngrok accomplishes this by running an agent inside your network that communicates with a public-facing layer called the ngrok edge. It gives your endpoint a corresponding public endpoint on the edge and forwards all traffic to that edge to your internal endpoint via the client.

This approach has several benefits compared to traditional VPNs. First, you can provide access to specific internal endpoints using ngrok instead of granting users access to your entire network.

Second, ngrok requires minimal network configuration. There’s no need to finagle with certificates or DNS settings to get it working.

Additionally, ngrok facilitates remote access by establishing secure connections to systems, enabling encrypted tunneling and secure direct connections.

ngrok’s approach makes it a viable choice for several networking use cases, including:

  • Sharing an in-development application with an external vendor or partner
  • Hosting blogs, social networking servers (Mastodon), etc. from your home network
  • Testing webhooks locally, eliminating the need to deploy to the cloud with every revision
  • Sharing entire remote networks (e.g., a cloud VPC)
  • Unifying ingress (reverse proxy, firewall, load balancing, etc.) for production applications

Benefits of Using an Alternative

Using ngrok alternatives can provide several benefits, including:

  • Improved performance and reliability
  • Enhanced security features
  • Better control over your data
  • Cost-effectiveness
  • Secure private networks: Simplifies the setup and management of encrypted connections, enhancing security and infrastructure through protocols like WireGuard for remote access and site-to-site connectivity

Advantages and Use Cases

  • Simplified setup process: Many ngrok alternatives offer a simpler setup process, making it easier for developers to get started without extensive configuration.
  • Customization options: ngrok alternatives often provide more customization options, allowing developers to tailor the tunneling software experience to their specific needs, such as configuring custom domains or specific port forwarding rules.
  • Support for multiple protocols: Some ngrok alternatives support multiple protocols, including HTTP, TCP, and UDP, making it easier to expose a wide range of applications beyond just web servers.
  • End-to-end encryption: Many ngrok alternatives offer end-to-end encryption, providing an additional layer of security for sensitive data and ensuring that your connections remain private.
  • Custom domains: ngrok alternatives often support custom domains, making it easier to share applications with others using memorable and professional-looking URLs.

Types of alternatives

Before we get into the ngrok alternatives, keep in mind that there are a few different types of alternatives. Some of the significant differences between products include:

  • Self-hosted vs. managed. Self-hosted versions require you to stand up and manage the software yourself. Managed options are Software as a Service (SaaS) apps where hosting is managed for you. Self-hosted options are generally cheaper but take more time and personnel to support.
  • Free vs. paid. A few products are also “freemium” offerings that provide basic functionality for free but charge for support, better scalability, etc.
  • Open-source vs. closed-source. Open-source solutions provide more confidence in the product as the code is available for public inspection. Some of the offerings below are a mixture of the two.

5 ngrok Alternatives: Market Overview and Options

If you're developing a service locally, and are trying to share it over HTTP/S and TCP only, ngrok generates a very simple URL for sharing, so that anyone can access your service from a browser. ngrok is also a good choice when the user you're sharing with is unable to install a client.

If that doesn't describe the problem you need to solve, here are 5 alternatives worth researching:

  • Localtunnel: A popular alternative that offers a simple setup process and support for custom domains, making it easy to share your local web servers.
  • Serveo: A free and open-source alternative that offers a range of features, including port forwarding and end-to-end encryption, providing a secure and flexible tunneling solution.
  • Pagekite: A managed tunneling solution that offers a range of features, including custom domains and automatic HTTPS, ensuring your connections are both secure and easy to share.
  • Tailscale: A full-featured mesh network solution that offers tunneling capabilities, including support for multiple protocols and end-to-end encryption, making it a versatile choice for developers.
  • Cloudflare Tunnel: A managed tunneling solution that offers a range of features, including custom domains and automatic HTTPS, providing a robust and secure way to expose your local applications to the internet.

Factors to consider include ease of use, customization options, and security features to ensure you find the best solution for your needs.

Localtunnel

Localtunnel is an open-source, self-hosted solution that aims to simplify hosting a local resource externally. It's installable via npm and can run on any system that supports Node.js.

To use Localtunnel, you install it globally using the npm command npm install -g localtunnel and then use the lt command to open access to a port on your machine. Localtunnel will connect to its server hosted at Localtunnel.me, create a tunnel, and return the public URL.

One downside of Localtunnel is that the project doesn't appear to be under active maintenance; the last change was checked in around 2022. Additionally, there's no way to tell how long the default server will remain operational or what its capacity constraints are. (The server is also open-source, so you can host and scale your own Localtunnel server if you so choose.)

boringproxy

boringproxy is another open-source project made freely available under an MIT license. It ships with options for running both a client and a server.

boringproxy has cross-platform support and works on Linux, Windows, MacOS, and ARM. It supports a number of features, including end-to-end encryption using Let's Encrypt certificates, configuration-less operation, and a local Web UI for tunnel management.

boringproxy ships as a single executable containing everything you need to create tunnels. After instantiating the server, you can connect to its Web interface to create tunnel users and access tokens. You then run the client, supplying it with the user, access token, and client name, to open your tunnel.

boringproxy requires you to run your own server, which might be a showstopper for many teams. Also, it only provides basic authentication password support. Finally, while it does claim to support MacOS, the developer admits that MacOS support is “untested”.

Cloudflare Tunnel

For those who use Cloudflare as a Content Delivery Network (CDN), the company’s managed Tunnel feature may be a good choice as an ngrok alternative.

Cloudflare Tunnel works in conjunction with cloudflared, a server daemon that runs inside your network. You can run cloudflared on Linux, macOS, Windows, and ARM devices. It supports HTTP protocols among others, allowing you to expose local services to the internet with ease.

Using the Cloudflare UI, you configure a tunnel to a service you’re running locally. Tunnel will then send requests to the public endpoint to cloudflared, which will route them to your locally hosted service.

Cloudflare Tunnel will appeal to Cloudflare customers who want a solution with better support that they don’t have to host themselves. However, while some customers give Cloudflare Tunnel high marks, there are also reports of connection reliability issues. Multiple users also say the administrative UI is clunky and hard to use.

Pagekite

Pagekite is a managed tunneling offering that touts itself as “the fast, reliable localhost tunneling solution.” Available on any system that supports Python, Pagekite comes in a free version that supports 2GB of transfer data. The expanded paid version provides support, the ability to use your own CNAME, and an increased data transfer quota.

Pagekite runs as a single Python file, pagekite.py. You run the pagekite.py --signup command to initialize it, and then create a tunnel by running:

pagekite.py 80 yourname.pagekite.me

This command creates a kite, or publicly exposed service, that will be available on the Internet using the provided DNS name. You can also use this command to expose a local folder to external users.

Pagekite provides limited support for security (basic username/password authentication only). Like the other options listed here, it's limited to providing tunneling capabilities and little else.

Tailscale

Tailscale supports tunneling via its Funnel feature. To use it, you install and configure the Tailscale client and then activate funneling with the tailscale funnel command. After opting into Funnel, Tailscale will create a public DNS endpoint for your locally hosted service.

But unlike many of the other options discussed here, Tailscale is more than about tunneling, it's a full-featured mesh network solution that supports multiple remote connectivity scenarios.

Initial setup

With ngrok, once you've built your web service locally, you can use the ngrok CLI to generate a URL. All you need to do is pass it the type of tunnel and port. Some alternatives, like Serveo, act as an SSH server to facilitate port forwarding without requiring additional software installation.

As an alternative to ngrok, Tailscale lets you generate a publicly accessible URL and proxy HTTP traffic directly to a node in your Tailnet using Tailscale Funnel (beta). Tailscale needs to be configured at both ends of your connection. You simply install and log into Tailscale on each device using your organization's SSO identity provider, and (create an ACL) that allows the two machines to communicate. If you're on different networks, you can use (node sharing) to share one host with another.

Connectivity

Both ngrok and Tailscale allow you to connect directly to your local machine hosting a web server from other machines.

ngrok tunnels a connection from your machine to the machine hosting the web server through ngrok.com. A user connects to the url through their browser, which terminates at ngrok.com before forwarding the request to a specific local port on your local machine.

Tailscale allows you to connect directly from your machine to the machine hosting the web server with a peer to peer connection.

Security

By default, ngrok uses a URL address that is public and visible to anyone on the internet. Anyone who has the URL can access your service. For additional security, paid plans include the ability to use IP allowlisting. This allows you to specify exactly which IPs should be able to see the service, but requires manual configuration steps for each new IP. You can also protect URLs using HTTP basic authentication, so that a user needs a password to access your URL. Additionally, using a reverse proxy in front of tunneling solutions like FRP can enhance security and manage traffic.

With Tailscale, everything is private. There are no public addresses ever exposed. The only people who can access your local service over Tailscale are people in your Tailscale network or people you've explicitly shared your device with.

Performance

Both ngrok and Tailscale allow you to connect directly from your machine to the machine hosting the web server.

ngrok tunnels a connection from your machine to the machine hosting the web server through ngrok.com. A user connects to the url through their browser, which terminates at ngrok.com before forwarding the request to your local machine. Some ngrok alternatives support UDP tunnels, which are beneficial for applications requiring low-latency connections, such as online gaming.

Tailscale allows you to connect directly from your machine to the machine hosting the web server, with a low latency peer to peer connection.

Custom domains

Remembering IP addresses is hard. It can often be easier to type or remember human-readable domain names.

With ngrok, by default the URL address they give you is randomly generated each time you want to expose a service. Their paid plans support custom domain creation which is easier to remember when sharing out your local web servers, such as https://myapp.ngrok.io.

With Tailscale, MagicDNS automatically registers human-readable names to your Tailscale devices. If you enable MagicDNS, you can use your device's DNS name to access your services from other machines.

Suppose your device's name is “happy-mac.” With MagicDNS enabled, your colleague can just visit happy-mac:3000 in their browser to view your website. No need to type out the Tailscale IP. Your DNS name doesn't change, so you don't have to share new URLs each time you restart your server.

Support for other types of services

ngrok allows you to configure both web services over HTTP and HTTPS, as well as other TCP service types over TLS tunnels.

Tailscale doesn't limit you to TCP. Tailscale supports any IP protocol (TCP, UDP, etc), whereas ngrok only supports TCP. Users often use Tailscale to share other services between their different devices. One example would be sharing an IP camera over Tailscale, or streaming RTSP video over UDP.

Key Features to Consider

When evaluating tunneling software and open source alternatives, there are several key features to consider. These include:

Security and Performance

When it comes to exposing local services, security and performance are paramount. Look for alternatives that offer end-to-end encryption, such as TLS or SSL, to ensure secure connections. Authentication mechanisms, such as username/password or OAuth, are also crucial for controlling access to your local services. Additionally, evaluate the performance of the alternative, including latency, throughput, and reliability, to ensure a smooth and efficient experience.

Customization and Control

Customization and control are essential for tailoring the tunneling solution to your specific needs. Consider alternatives that allow you to use custom domains, such as your own domain name, to expose your local services. Port forwarding is another critical feature, enabling you to forward traffic from a specific port on your local machine to a public IP address. Evaluate the web interface of the alternative, including its ease of use, customization options, and features, to ensure it meets your requirements.

Ease of Use and Setup

The ease of use and setup process can significantly impact your experience with a tunneling solution. Consider the ease of setup, including the installation process, configuration options, and documentation. Evaluate the command-line interface of the alternative, including its ease of use, customization options, and features. Additionally, look for alternatives that offer good support, including documentation, community forums, and customer support, to ensure you have the resources you need.

By considering these key features, you can choose the best alternative for your needs and ensure a secure, performant, and customizable solution for exposing your local web servers to the internet.

Comparison Matrix

Zscaler competitor matrix: Tailscale vs. ngrok

Unlike a traditional VPN, Tailscale uses an encryption key coordination service to provide secure access between all supported nodes in a network. This enables two endpoints to exchange traffic securely using end-to-end encryption. It's built on the secure, open-source WireGuard protocol, which means it's subject to independent verification and testing.

You can use Funnel for those use cases where you need to share a resource widely or quickly. But if you're sharing with a specific group (e.g., a partner), you can invite them to your Tailscale network (tailnet) and share that resource only with that specific group. And unlike traditional VPNs, you can easily lock down their access to the resources within your tailnet.

Besides tunneling, Tailscale supports other related features that are useful for development teams and other users:

  • Always-on remote connectivity
  • MagicDNS for assigning DNS names to local resources that any user in your mesh network can resolve
  • Subnet routers to provide access to remote networks (like cloud VPNs) where you can't install the Tailscale client

If you're trying to share a service without it being publicly accessible and with end-to-end encryption, try Tailscale. Tailscale also lets you share more than just TCP based services. Tailscale lets you restrict sharing to a particular set of people, such as those in your organization; security features like SSO are available even on the free tier.

Try Tailscale for free

Get started
Schedule a demo
Contact sales
cta phone
mercury
instacrt
Retool
duolingo
Hugging Face