Selective Routing
Enable per-app routing modes, custom profiles, and URL-table based flows so only the traffic you choose goes through VPN.
Self-hosted OPNsense Control
Run OPNsense VPN routing, tunnels, and recovery workflows from one local console.
Gator gives homelab operators a calmer way to manage WireGuard VPNs, selective routing, Tailscale setup, backups, migration, and drift-aware tunnel operations without living in firewall menus all day.
GPLv3 License
Self-hosted Deployment
Go + SolidJS Built with
Live
Routing Policies
Discord voice traffic Bypass VPN
Streaming services Mullvad
Catch-all default Selective
Tailscale
Subnet ready
Migration
MVC rules synced
Tunnel
Site-to-site ready
Capabilities
Built for operators who know their network
Gator does not try to abstract away your firewall. It gives you faster, safer tools for the OPNsense workflows operators already run by hand.
WireGuard VPN Management
Create, import, deploy, activate, deactivate, and re-adopt OPNsense WireGuard profiles without hand-editing firewall objects.
Site-to-Site Tunnels
Build and operate WireGuard site-to-site tunnels with SSH-assisted deployment, health checks, restart, teardown, and lockdown flows.
Tailscale Setup
Install the OPNsense Tailscale plugin, configure authentication, inspect status, and manage advertised subnets from the same console.
Migration Assistant
Move legacy firewall rules into the MVC/API system with savepoint-based apply and confirm flows that are safer to operate.
Drift Detection
Gator keeps local ownership tied to live OPNsense state so drift is visible and managed resources can be reviewed or re-adopted cleanly.
Multi-Instance
Save multiple firewall instances and switch between production, lab, and recovery environments without rebuilding the app state.
Backup Management
Create, list, download, and delete local OPNsense configuration snapshots before risky changes or maintenance work.
Local-First
Runs on your network with local auth, local SQLite state, and no hosted control plane sitting between you and your firewall.
Workflow
Three steps from firewall sprawl to a controlled workflow
Stop managing firewall state through brittle manual edits. Gator gives you one local control plane that stays aligned with your OPNsense instances.
Connect OPNsense and bootstrap access
Save your instance, verify API credentials, bootstrap the local admin account, and discover what is already configured.
Model VPNs, routes, and tunnels
Create or import WireGuard profiles, define selective routing behavior, configure Tailscale, and prepare site-to-site tunnels.
Apply with safety rails
Push changes, create backups, use savepoint-based confirmation when needed, and let the reconciler surface drift before it surprises you.
What It Does Today
Full OPNsense management. pfSense is coming.
Gator manages WireGuard VPNs, selective routing, site-to-site tunnels, Tailscale, migration, and backups on OPNsense. pfSense support is limited to setup and connection testing for now.
Shipped Multi-instance management, WireGuard workflows, selective routing, site-to-site tunnels, Tailscale, migration, backups.
Local-first Runs on your network. Session auth, SQLite state, file-backed backups, reviewable savepoint operations.
Open Source
Your network, your control
Gator is GPLv3 licensed and runs entirely on your infrastructure. No cloud lock-in, no subscription fees, and no hosted control plane standing between you and your firewall.
GPLv3 licensed. Use it, modify it, share it
Self-hosted with local SQLite state and file-backed backups
Runs as one Go service with a SolidJS frontend
Deploy with Docker or a local binary on your own network
$ git clone https://github.com/anothaDev/gator.git
Cloning into 'gator'...
$ cd gator && docker compose up -d
[+] Running 1/1
✔ Container gator-app Started
$ curl http://localhost:8080/health
{"status":"ok"}
$ _