A secure network to remotely access any machine.

Highly secure VPN network, based on Wireguard. Clients auto-configure. Works across firewalls and NAT. Deployed in a few clicks. Single sign-on. Static IP addresses. Precise access controls.

How It Works.

XplicitTrust is a next-generation VPN network that automatically creates tunnels between devices, anywhere. Without the need to touch your firewall.

Unlike traditional VPNs, which usually terminate tunnels at the firewall / network perimeter, XplicitTrust tunnels span all the way to the desired target device(s).

You can precisely control who can see and connect to which machine, through single sign-on, multi-factor authentication, and access control policies.

No more need for VPN gateways, complex firewall rules, network segmentation via subnets / VLANs, VPN client configuration files, and unreliable VPN clients.

Powerful Features.

Ease-of-use, strong security, and mighty networking capabilities.

Simple Installation

Clients are lightweight, install in a heartbeat, and simply ask for the user's email address, nothing else.

Zero-Configuration Clients

No client configuration necessary. After single sign-on, clients automatically receive their configuration and keys.

Single-Sign On & MFA

Single sign-on and multi-factor authentication. User changes from your identity provider are reflected instantly.

Static IP Addresses

Each device gets a fixed IP address on the overlay network, to avoid collisions with your existing IP addresses.

No Need to Touch Firewalls

We operate independently of your firewalls. No need to make firewall or network configuration changes.

Connect from Anywhere

Works from anywhere. Inside your networks, on the road, from home, in cloud data centers, and more.

Seamless Roaming

No connection loss when you move between locations, WLAN access points, internet providers, and uplinks.

Firewall & NAT Traversal

We automatically traverse firewalls and complex NAT. All while keeping your traffic end-to-end encrypted.

Internal Domain Names

Reach any device using a friendly internal domain name of your choice. Or simply use its IP address.

Single Sign-On.

Authenticate with single-sign on and multi-factor authentication, using your identity provider.

Automatically add and remove employees as they join and leave the organization.

ID Manager Bare.ID
ID Manager AuthN von IDEE
ID Manager Google
ID Manager Mic


Clients available for the following platforms and operating systems:

Raspberry Pi

Highly Secure.

Our platform is built around state-of-the art encryption, access control, and security best practices.

Powerful Encryption

We use Wireguard’s™ powerful combination of modern, peer-reviewed cryptographic algorithms.

End-to-End Protection

End-to-end encryption. Private keys exist on your machines only. We cannot see what’s inside your packets.

Automatic Key Rotation

Keys are automatically rotated on all devices every few minutes, for perfect forward secrecy.

Single Packet Authorization

Devices will only respond to authenticated packets, anything else will simply be dropped.

Single Sign-On & MFA

Single sign-on and multi-factor authentication. User changes from your identity provider are reflected instantly.

Precise Access Controls

Precisely control what each user and machine can access, via our policy engine. Enforced at destination.