Private mesh infrastructure without control-plane chaos.
Nanami gives teams a clear model for tenants, groups, networks, gateways, and policy. The result is less VPN drift and faster day-two operations.
Network control graph
Control intent, regional gateways, and enrolled nodes in one mesh.
Clear layers instead of hidden networking magic
Operations stay understandable as topology and ownership scale.
- Model tenants, groups, networks, and routing in one control plane.
- See gateway and node runtime state without SSH-first troubleshooting.
- Roll out access and routing changes with clear operational boundaries.
- Keep transport encrypted while policy remains easy to reason about.
Control plane
Desired state and access intent
- Tenants and groups
- Policies and join keys
- Identity and sessions
Gateway fabric
Regional orchestration and path stability
- Gateway manager
- Health reporting
- Runtime metadata
WireGuard data plane
Encrypted packet transport
- Peer config distribution
- Gateway selection
- Node-to-node traffic
Visual-first feature breakdown
Each area below pairs operational context with a schematic diagram.
Policy-first connectivity
Nanami translates tenant and network policy into concrete gateway behavior, so operators can scale access without tunnel sprawl.
- Express routing intent with ingress and egress controls
- Keep environments isolated through group ownership
- Ship policy updates without hand-editing peer files
Policy application path
Intent rolls from tenant policy to concrete gateway behavior.
Gateway topology that stays understandable
Regional gateways are visible first-class components, not hidden fallback paths, so distributed teams can reason about connectivity quickly.
- Observe gateway health and path stability by region
- Support direct and gateway-assisted tunnel behavior
- Keep NAT traversal behavior explicit in operations
Gateway path stability
Regional gateways preserve connectivity when peer-to-peer links fail.
Identity and security controls
Access decisions stay tied to tenant context, roles, and session state. Security remains part of daily operations, not a separate project.
- Scoped enrollment for nodes and gateways
- Role boundaries that reflect real team ownership
- Session and MFA controls for operator workflows
Identity and access chain
Role scope and session state gate every network action.
Dashboard visuals
Operational views for inventory, policy, and live session behavior.
Community, Basic, Pro, and Enterprise
Pick a plan by operating model today, then scale without changing the core product mental model.
Community
Self-hosted
Free control plane stack for labs, internal services, and homelabs.
- Self-hosted control plane and WebUI
- Tenant, group, network, and node model
- Gateway manager and gateway daemon support
- Community support channels
You run operations, upgrades, and runtime infrastructure.
Read self-hosting guideBasic
Hosted
Managed Nanami for small teams shipping their first production networks.
- Hosted control plane and WebUI
- Up to 25 active nodes
- Email support
- Core routing and gateway visibility
Best for internal tools and early production rollout.
Start BasicPro
Production
Operational workflows, richer controls, and scale-ready network operations.
- Unlimited nodes and environments
- Advanced policy and role workflows
- Priority support queue
- Extended operational telemetry
Designed for multi-team production environments.
Start ProEnterprise
Custom
Custom SLA, compliance workflows, and rollout support for regulated teams.
- SLA-backed support and onboarding
- Compliance and security collaboration
- Architecture reviews and migration planning
- Dedicated account partnership
Built for large deployments with strict reliability requirements.
Talk to sales| Feature | CommunitySelf-hosted | BasicHosted small teams | ProProduction teams | EnterpriseCustom SLA |
|---|---|---|---|---|
| Control plane hosting | Self-hosted | Managed by Nanami | Managed by Nanami | Managed + dedicated support |
| WebUI and operator workflows | Included | Included | Included | Included |
| Node scale | Infrastructure-limited | Up to 25 nodes | Unlimited | Unlimited |
| Gateway operations visibility | Included | Included | Included | Included |
| Advanced role and policy workflows | Not included | Not included | Included | Included |
| Support tier | Community | Priority | Dedicated + SLA |
What teams ask before rollout
Answers focused on migration path, operations, and plan selection.
Does Nanami replace WireGuard?
No. WireGuard remains the encrypted data plane. Nanami adds control-plane workflows for identity, policy, and operations.
Can we self-host from day one?
Yes. Community gives you a self-hosted path with the same tenant/group/network model used in hosted plans.
Who is this built for?
Nanami fits infrastructure teams that run private connectivity across multiple environments, regions, and ownership boundaries.
How does pricing scale as we grow?
You can start with Community or Basic, then move to Pro or Enterprise as production requirements and compliance needs increase.
Start with Basic for managed onboarding or Community for self-hosting. Both paths keep the same topology model, so expansion is straightforward.