Active development — launching late 2026

The firewall
your network
deserves.

A modern, Debian-native firewall and router platform for home and small-business networks. Multi-WAN, VPN, smart routing, and a clean web UI — without the complexity of legacy appliances.

Get in touch See capabilities
🔒 https://router.lan
Dashboard
Interfaces
Firewall
Services
VPN
Routing
Monitoring
System
Dashboard All healthy
WAN 1
478Mbps
WAN 2
48Mbps
Devices
31online
Traffic — last 60 min
nftables 47 rules
Unbound DNS DNSSEC active
WireGuard 3 peers
Capabilities
Everything a serious network needs.
Nothing it doesn't.
Multi-WAN routing
1 to N uplinks with gateway groups, health monitoring, failover, and policy-based routing per source, destination, or port.
nftables firewall
Per-interface rules, floating rules, aliases, outbound NAT, and port forwards. Default deny on WAN. Anti-lockout protection built in.
DHCP & DNS
dnsmasq for DHCP with static mappings. Unbound as the local resolver with DNSSEC, DHCP hostname registration, and optional AdGuard Home integration.
WireGuard & OpenVPN
Built-in VPN server management with peer controls. Tailscale integration for zero-config remote access and subnet routing.
Live monitoring
Interface traffic, gateway latency and loss, system resources, connected devices, and a Prometheus metrics endpoint.
Safe apply & rollback
Diff preview before every apply. Connectivity-affecting changes get a 60-second rollback window. Revision history with one-click restore.
Traffic shaping
Per-WAN bufferbloat mitigation with CAKE (default), fq_codel, or rate limiting. Simple rate inputs, sensible advanced defaults.
Config export & import
Versioned JSON exports with Argon2id-encrypted secrets. Import with full validation, diff preview, and timeout rollback. No partial applies.
DDNS & dynamic IP
inadyn-powered DDNS client supporting Cloudflare, No-IP, DynDNS, Namecheap, and 30+ other providers. Per-WAN configuration.
Technology
Built on proven,
Debian-native foundations.
OS
Debian 13
Trixie, minimal base
Backend
Go + SQLite
Single binary, no runtime deps
Frontend
React 19 + TS
Vite, progressive disclosure UI
Firewall
nftables
Kernel-native, rendered from DB
DNS
Unbound
DNSSEC, local resolution
DHCP
dnsmasq
DHCP-only mode
VPN
WireGuard
+ OpenVPN + Tailscale
Bootstrap
Ansible
Provisioning & hardening
Roadmap
Where we are
and where we're going.
Early 2025
Architecture & design
Product brief, architecture documents, ADRs, UX specification, and database schema defined.
2025 – 2026
Core platform development
Go backend, React frontend, Ansible bootstrap, firewall engine, routing, VPN, DHCP/DNS, and management UI being built now.
Mid 2026
Beta & hardware testing
End-to-end testing on target hardware, Playwright E2E suite, performance validation, and early adopter program.
Late 2026
v1 release
Public release of xpSense v1. Home and small-business deployments, full documentation, and ongoing maintenance.
Contact
Interested in
xpSense?

Whether you want to follow development, discuss your home lab setup, ask about hardware compatibility, or just say hello — drop a message. We read everything.

hello@xpsense.net
xpsense.net · xpsense.de · xpsense.org

No spam. We'll only reply to your message.