Securely connect VMs from different cloud providers

I have to admit I’ve struggled to get a title for this article. I know this is going to be useful to many people, but the more useful it is to you, the less chances I’ll get your attention with a technical description on the title.

This is mainly aimed at developers who have VMs or VPS on different providers. Some of you had to fight with complex VPN devices and solutions to connect one site to another, but the majority of you probably didn’t think about having your VM in DigitalOcean in the same network as another VM in Azure or AWS.

Why didn’t you think about it? Because it’s been fucking complex in the past. IPSec mostly sucks and very few people really fully understand the protocol (hint: I don’t); and I better not start talking about different vendor implementations.

Anyway, I’ve been working on a side project recently, specially after discovering a great open source software called SoftEther. SoftEther is at first sight a VPN software made of different components (client, server, bridge). At second sight, it’s a whole lot of complexity put together and you run away from it, unless networking is your area of interest.

My project has been to simplify this all, so it can be used by the people that don’t bother with this things but can really take advantage of it.

I’m thinking about developers that need a service to make their work easier, but don’t want to spend days on setting up and maintaining complex VPN solutions or spend heaps of cash on expensive VPN hardware, maintenance contracts and networking contractors.

This is not a VPN from the service point of view. Technically it is — as I’m offering you a Virtual Private Network, but this goes a bit further than the typical VPN. It definitely falls into the SDN realm as it’s nothing more than software, running on multiple servers; some people would even call it SDN-WAN. All that is fine and dandy, but it doesn’t explain why you need itand how can it help you.

Frontend in AWS and Backend in Azure? Why not?

Maybe AWS gives you a better deal on egress traffic, or maybe you just like it more than any other, but Azure might have much better options for running DB servers. Careful, you probably don’t want to expose your DB servers to the world for your AWS servers to be able to reach them, or send those SQL queries over the Internet. You need encrypted communications and you need to reduce the attack surface by not exposing services.

In the past you would have to go through the trauma of setting up a site to site VPN. That would take a few days (even when hiring external consultants) and then you could forget about it… Until it stopped working and you had no idea where to start looking because no one knows how this stuff really works.

Calm. Take a deep breath. That can’t happen again, you’re safe now. I’m here to help.

Just like in SciFi culture, two technically isolated spaces are connected through a wormhole.

Come my side project, Wormhole Network. Now you just need to create what we call a hub, which is how we refer to our virtual networks, and create one user in our system per each machine you’d like to connect to the hub. That can be done in about 30 seconds from our web interface.

Then you will download our setup script from our public repo and run it on every machine you wanted to be part of this network.

That’s it.

No configuration on any of the platforms, no troubleshooting, no cryptic firewall configurations. No complexity.

Do you like how it sounds? Come over, I’ve just opened doors.

I would say Wormhole Network is on a beta phase at the moment. It has its core features and some thorough testing behind, but now I’m just letting it go in the wild.

If you have any troubles, feel free to email me on pedro at or open a case in our zendesk if you need technical, architectural or any other kind of in-depth help.