Frequently asked questions

Does Nanami replace WireGuard?

No. Nanami uses WireGuard as encrypted transport and adds a control plane for identity, policy, and operational workflows.

Is Nanami only for SaaS?

No. Nanami supports both managed SaaS mode and self-hosted community mode.

What is the main operational unit in Nanami?

Networks are the core technical boundary; tenants and groups provide ownership and access boundaries around them.

How are gateways used?

Gateways are regional anchors for connectivity when direct peer paths are unavailable or unstable.

Can I control ingress and egress behavior?

Yes. Routing policy objects support ingress/egress selection with auto/manual modes. Some advanced policy UX is still evolving.

Is multi-tenant isolation supported?

Yes. Tenants are first-class boundaries in the data model and API.

Can I run Nanami with only one small environment?

You can, but Nanami is most valuable when you have multi-team or multi-environment operations where ownership and policy clarity matter.

Does Nanami inspect packet payload?

No. Encrypted WireGuard payload remains between peers; Nanami focuses on control and orchestration state.

How should I roll out to production?

Start with one pilot network and gateway path, validate routing and ownership, then expand gradually.

What is currently coming soon?

Roadmap focus includes richer policy UX, audit-friendly history, broader managed client support, and deeper analytics.

Where do I track status honestly?

Use the Roadmap page, which separates available, in-progress, and planned work.