Early-stage software. Shurli is experimental and built with AI assistance. It will have bugs. Not recommended for production or safety-critical use. Read the disclaimer.
Open source · Self-sovereign
Can't reach your home server from outside? Neither could we.

Shurli just 
connects.

Connect your devices and agents directly - no accounts, no cloud, no subscriptions. 
Works even when your network blocks everything.

curl -sSL get.shurli.io | sh

or

curl -sSL https://raw.githubusercontent.com/shurlinet/shurli/dev/tools/install.sh | sh

No accounts. No cloud. Interactive setup walks you through everything.

Quick Start Guide View on GitHub

How it works

The install script handles setup. Here's what happens next.

1
Step 1: Install and choose your role

Install

Run the install script. Choose relay server (VPS) or peer node (your device). Identity, config, and service setup handled automatically.

2
Step 2: Create and share invite code

Invite

Run shurli invite to get a one-time code. Send it however you like - text, email, Signal, carrier pigeon.

3
Step 3: Join and start proxying services

Connect

Run shurli join on your laptop. Both devices trust each other automatically. Access any service through the encrypted tunnel.

From zero to connected in 60 seconds

Deploy a relay, then two commands on each device. No keys to exchange manually, no ports to forward.

Shurli terminal demo showing init, invite, join, and proxy commands

Works Through Anything

5G, hotel WiFi, corporate networks, double NAT - if your device has internet, Shurli finds a way through. Tested on the networks that block everything.

One Command, Done

Single binary, no containers, no runtimes, no databases. The install script detects your platform and handles everything. Works offline after pairing.

You Control Who Connects

A simple file on your device decides who gets in. No accounts to manage, no tokens to rotate, no company in the middle. Your network, your rules.

Two Commands to Connect

One command on your server, one on your laptop. Share a code, done. From zero to connected in about 60 seconds.

Access Any Service

Remote desktop, file servers, databases, web apps - anything running on your home network, accessible from anywhere as if you were on the same WiFi.

Stays Connected

Network drops? It reconnects automatically. Bad config? It rolls back. Shurli monitors itself and recovers without you lifting a finger.

The Zero-Human Network

Zero-human companies are coming. They need a network that operates itself - where agents connect, negotiate, and transact directly. No cloud middleman. No central authority. Intelligence at every node.

Shurli is that network.

What connects your devices today is the foundation for what agents will run on tomorrow.

Direct when possible, relayed when necessary

Shurli tries to connect your devices directly. When the network won't allow it, traffic flows through an encrypted relay, which never sees your data.

Network diagram showing peer-to-peer connections through NAT with relay fallback

How Shurli compares

Different architectures make different trade-offs. Here's where Shurli sits.

ShurliCentralized VPN ServicesTunnel / Proxy Services
Account requiredNoneYes (vendor)Yes (vendor)
Control planeNone (DHT)Vendor serverVendor server
IdentityYour Ed25519 keysVendor-managedVendor-managed
NAT traversalRelay + hole-punchingVendor relays + STUNVendor tunnels
Source codeFully openClient open, server proprietaryVaries
Self-hostableEverythingPartialNo
Data visibilityZero (relay sees nothing)Coordination server sees device graphTunnel endpoint sees traffic
Detailed comparisons →

Who is Shurli for?

Shurli is opinionated. It's built for a specific kind of user.

Built for
  • Self-hosters who can't reach their servers from outside
  • Privacy-conscious users who refuse vendor accounts
  • Home lab operators behind CGNAT or double NAT
  • Developers exposing local services (Ollama, databases, web apps)
  • AI agents that need direct peer-to-peer connectivity
  • Anyone who wants their network under their own control
Not designed for
  • Teams needing a web dashboard and SSO
  • Users who want mobile apps (not yet available)
  • Organizations requiring full IP-layer VPN
  • People looking for zero-config "install and forget"

What's working today

Shurli is experimental, but the core is solid and tested on real networks.

Shipped
  • Encrypted peer-to-peer connections
  • NAT / CGNAT traversal via relay
  • PAKE encrypted invites
  • Daemon mode with auto-reconnect
  • SSH, RDP, TCP service proxying
  • Zero-knowledge membership proofs
  • Self-hosted relay server
  • macOS + Linux
Planned
  • iOS / Android apps
  • Windows support
  • Plugin SDK
  • Subnet routing

Frequently asked questions

How is this different from a VPN?
Shurli is not a VPN. It does not create a virtual network interface or route all your traffic. Instead, it tunnels specific services (SSH, RDP, databases, web apps) directly between your devices over encrypted P2P connections. There is no vendor account, no coordination server, and no third party in the path. See detailed comparisons.
Do I need to open any ports?
No. Shurli connects through relay servers that handle NAT traversal automatically. When possible, it upgrades to a direct connection via hole-punching. You never need to touch your router or configure port forwarding.
Is my data safe?
Relay servers never see your data. All traffic is end-to-end encrypted using libp2p's Noise protocol with Ed25519 keys. The relay only forwards opaque bytes between peers. Invite codes use PAKE-encrypted handshakes, so even the pairing process leaks nothing.
What services can I access?
Anything that runs over TCP: SSH, remote desktop (RDP/VNC), databases, web applications, AI inference servers (Ollama, vLLM), file servers, and more. If it listens on a port, Shurli can tunnel it.
Is it production-ready?
Shurli is experimental software. The core networking layer is tested across 5+ physical network types (CGNAT, double NAT, cellular, satellite, direct IPv6), but expect rough edges. It is not recommended for safety-critical or production workloads yet.

Ready to try it?

curl -sSL get.shurli.io | sh

or

curl -sSL https://raw.githubusercontent.com/shurlinet/shurli/dev/tools/install.sh | sh

For pre-release builds: curl -sSL <URL> | SHURLI_DEV=1 sh

Star on GitHub

Browse the source, open issues, contribute

Documentation

Quick start, architecture, daemon API

Blog

Engineering updates and release notes