PharosVPN
§05 · for enterprises

many users · many regions · same binaries

Run it like a fleet.

The --enterprise preset gives you multi-region pre-positioned nodes, multiple admins, MDM-managed clients, and audit retention sized for compliance — out of the same binaries an individual operator runs. There is no edition.

no edition, no paywall

Same engine. Different defaults.

Nothing on this page is locked behind a tier. We don't sell PharosVPN; we build it as an AGPL-3.0 platform that anyone can run, audit, modify, and contribute back to. If you'd like to commercialise it, the licence's network copyleft asks for contributions, not money.

how the licence works →

posture · what --enterprise sets

Defaults sized for a fleet.

Regionsoperator picks
Idle nodesencouraged — pre-positioned, stopped, brought up as load shifts
ProtocolsAmneziaWG + XRay both, per region
Relayembedded + as many remote beacon relays as you need
Account syncoptional — MDM-only deployments run none
Adminsa core admin plus others added through the UI, each with their own device cert
Audit retention1 year
Metrics retention90 days
REALITY decoy siteconfigurable, rotated

operations

Multi-admin, multi-region, live.

  • Live admin UI. Every open admin page holds a WebSocket. helm pushes state changes to all of them — open the dashboard on three machines, all three update together. A client connecting to a node appears immediately, not on a thirty-second poll.
  • Optimistic concurrency. Every mutable record carries a version integer. If two admins edit the same user, the second writer is rejected with HTTP 409 and asked to reload. Live replication usually means they see the change first.
  • Pre-positioned idle nodes. Bring up regions ahead of demand, leave them stopped. When you need capacity in a region, helm starts the corresponding node; existing tunnels in other regions are unaffected.
  • Per-region beacon relays. Reduce client latency to the relay by deploying remote beacons in regions where your users live. The controller stays behind NAT regardless.

managed clients

MDM as a first-class profile source.

caravel reads profiles from a local store; profiles enter that store from interchangeable sources. MDM managed config is one of those sources. When an MDM config is present, the app hides account login and the admin section, and profiles are locked. One app, one store listing — no separate "enterprise build."

Pair that with iOS / Android per-app VPN configuration and you get a tunnel that only carries the traffic of the apps you designate, all driven from your existing MDM.

audit & compliance

An audit log that survives a controller compromise.

  • Every admin action and every issued or revoked credential lands in audit_log, kept for a year by default.
  • Metrics samples for a 90-day window; integrate with your dashboard of choice.
  • The user profiles themselves are end-to-end encrypted — the controller never holds usable user secrets. A controller compromise yields ciphertext, not profiles.
  • The CA stays inside helm's SQLite. It is never copied off the controller and never exposed to the public internet.
← for individuals side-by-side → install →