Now on iPhone and iPad · Desktop coming soon

Home. Office. Cloud.
All on one private network.

Reach your NAS at home, machines at the office, and services in the cloud — as if they were all on the same Wi-Fi as you.

Download on App Store Explore Features
Available now
iOS · iPadOS
Coming next
macOS · Windows · Linux · Android
100%
Local. Traffic stays on your devices.
0
Per-app setup — apps work as they always did.
3+
Sites reachable at once — home, office, cloud.
Any
Device on each site, just like Wi-Fi at home.
Your private network · Live HOME · OFFICE · CLOUD
YOUR DEVICE Phone · Laptop · Anywhere ORANGE ROUTES · ENCRYPTS HOME NAS · Router · Plex OFFICE Intranet · Dev · APIs CLOUD Self-hosted services END-TO-END ENCRYPTED · INTELLIGENT ROUTING
Core

One engine. Six capabilities.

Everything you need to run a fast, intelligent, and private network — built on a single Rust core that stays lightweight and predictable.

Smart Routing

Match traffic by domain, IP, subnet, source, or port — and decide in microseconds where it should go. No hand-ordered rules.

domain subnet port

Intelligent DNS

Full DNS stack with plain and encrypted modes. Per-domain rules, per-network routing, and rate limiting — handles millions of records.

encrypted filter fast

System Gateway

Captures system traffic for every app on the device. Works as-is — no per-app configuration, no special permissions for the things you're using.

system-wide transparent

Stable Domain Mapping

Keeps domain-based routing reliable even after DNS resolution. Your rules apply to hostnames the same way, every time.

persistent reliable

Native WireGuard

Modern, audited VPN tunneling — the industry standard for fast, private site-to-site links. Runs with or without root, depending on what your platform allows.

encrypted fast

Connection Pooling

Reuses long-lived connections instead of reopening them. Fewer handshakes, lower latency, smoother bursts — especially on mobile networks.

efficient low-latency
Protocols

Flexible in, flexible out.

Accept traffic through the entry point that fits your environment, deliver it to any destination in your private network.

Inbound 04
  • HTTP / HTTPS
  • SOCKS5
  • Mixed Mode
  • TUN Gateway
Egress 04
  • Direct
  • Reject
  • HTTPS Tunnel
  • WireGuard
  • More...
DNS 04
  • UDP / TCP
  • DoT — DNS over TLS
  • DoH — DNS over HTTPS
Operability

Production-ready from day one.

Orange treats your private network as infrastructure. Health checks, metrics, live tracing, and hot reload ship with the core — no extra daemons, no sidecars.

Health

Health & Metrics

JSON health endpoint reports per-upstream latency and availability. Prometheus endpoint covers DNS, routing, and connection pools.

GET /health · /metrics
Live

Realtime Tracing

Server-sent events push metrics at 1 Hz. A WebSocket stream carries the lifecycle of every proxied request for UI dashboards.

SSE · WebSocket
Reload

Hot Config Reload

Change routing, DNS, or upstreams and POST to /reload. Existing connections keep running, new decisions use fresh config.

POST /reload
Orange core · HTTP API 127.0.0.1:9898
GET /health JSON status + per-upstream latency · Kubernetes probe-ready
GET /metrics Prometheus scrape — DNS, routing, pools
GET /api/metrics/live Server-Sent Events at 1 Hz for live dashboards
WS /api/trace WebSocket request lifecycle stream
POST /reload Swap config without dropping existing connections
How it works

One device. Every private site.

Your laptop or phone reaches home, office, and cloud at the same time. Destinations take the right path automatically — and your apps never know the difference.

YOU ORANGE AGENT Coffee shop · Airport · Branch office HOME NAS · IoT · Lab via WireGuard OFFICE Intranet · Dev via HTTPS tunnel CLOUD Self-hosted PUBLIC Direct internet
Active private paths Available on demand
01

Reach every site at once

Home lab, office systems, and cloud stay available in one session — no profile switching.

02

Route by destination

Orange picks the right path per request: home services via home, office tools via office, public direct.

03

Apps stay unaware

System-level gateway means zero per-app setup. Private destinations just work, like they were local.

Use cases

Built for real private networks.

Most users start with one of these, then grow into multi-site private networking as their environment gets more complex.

Remote Home Access

Reach your NAS, router, lab, and IoT from anywhere through a private encrypted path.

Corporate Intranet

Connect to internal services, dashboards, and private APIs without an all-or-nothing corporate VPN.

Multi-Site Office

Keep several branches reachable at once. Route by destination instead of switching profiles.

DNS Filtering

Apply DNS-level controls for ads, trackers, and internal domains — resolution stays tied to the chosen path.

Dev Environment

Reach dev databases, SSH targets, staging APIs, and private registries — leave public traffic untouched.

Self-Hosted Services

Access your own Nextcloud, Gitea, and media stack without exposing them to the public internet.

Platforms

From phone to server.

One Rust core across every platform. Native performance, consistent behavior, no feature compromises.

Linux Available
macOS Available
iOS Available
Android Coming soon
Windows Coming soon
Pricing

Simple and transparent.

Desktop and mobile are separate products, each optimized for its platform. No hidden fees, no mandatory subscriptions.

Desktop

macOS · Windows · Linux
Personal
1 device
$ 49
One-time purchase
  • All features included
  • Free v1.x updates forever
  • macOS · Windows · Linux
Coming soon
Power User
3 devices · $33 each
$ 99
Best value · laptop + desktop + server
  • All features included
  • Free v1.x updates forever
  • macOS · Windows · Linux
Coming soon
Team / Family
5 devices · $29.8 each
$ 149
For small teams and households
  • All features included
  • Free v1.x updates forever
  • macOS · Windows · Linux
Coming soon

iOS / iPadOS

Available on App Store
Yearly
Unlimited devices on your Apple ID
$ 19.99 / year
3-day free trial via App Store
  • All features included
  • Family Sharing supported
  • Works on iPhone and iPad
  • Cancel anytime
Start free trial
Why separate?

Mobile and desktop solve different problems — mobile focuses on seamless always-on access, desktop unlocks the full engine with advanced routing, scripting, and server roles.

Buying one does not include the other, but your current version keeps working forever.

FAQ

Common questions.

Does the desktop license include iOS?

No. iOS is a separate app rebuilt for touch and mobile networks, distributed via App Store. Desktop licenses cover macOS, Windows, and Linux — but not iOS.

Why is desktop more expensive than iOS?

Desktop includes the full engine: advanced routing, scripting, server deployment, and observability endpoints. It is a productivity-grade private networking tool. iOS focuses on seamless mobile access.

How do updates work?

Minor versions (v1.x) are free forever — bug fixes, improvements, new protocols. Major versions (v2.0) are a paid upgrade at 50% off for existing users, typically every 1.5–2 years. Your current version keeps working even without upgrading.

Can I try Orange before buying?

Yes. iOS includes a 3-day free trial via App Store. Desktop will offer a full-featured 3-day trial when it launches.

Is my traffic private and secure?

Orange runs locally on your devices. Your traffic flows between your own home, office, and cloud endpoints — never through Orange servers. All tunnels use modern, audited encryption.

Start here

Your private network, one tap away.

Start free for 3 days. Cancel anytime in Settings — no questions, no lock-in.

Download on App Store See what's inside