Why iroh
| iroh | Tailscale / WireGuard | |
|---|---|---|
| Embeds directly in your app | ||
| No separate client to install | ||
| NAT & firewall traversal | ||
| End-to-end encrypted by default | ||
| Whole-device network overlay |
Iroh connects your app's own devices directly—it's not a general-purpose replacement for joining a whole network of unrelated machines.
Reaching a device that isn't sitting on the public internet usually means standing up a VPN: a coordination server to run and secure, client software to distribute, and firewall rules to get right. Or it means reverse SSH tunnels and all the operational shenanigans that come with them.
“It's Tailscale, but as a library. Instead of standing up VPN infrastructure—coordination servers, client software, all the network shenanigans—we dial a device's public key directly from inside our own app and get a direct, encrypted connection.”
But what if your app could just dial the other device directly—no separate network to join, no client to install, no infrastructure to babysit?
Every iroh node has a public key as its address. To reach a device, you dial that key directly from inside your own application—there's no separate VPN client for your users to install, and no central network your traffic has to join.
Every node has a cryptographic identity. Connect to a device by its public key, wherever it is.
Iroh punches through NATs and firewalls automatically to connect devices directly.
Every connection is end-to-end encrypted, so your platform can't see or modify traffic between devices.
Iroh ships inside your app, so the connection is just part of your product—not a separate piece of software your users manage.
Built With Iroh