Features & Capabilities

Modern Point of Presence management platform for global amateur radio networking

What You Can Do

Connect Globally

Multiple Points of Presence worldwide:

  • Choose your preferred region
  • Distributed edge locations
  • North America, Europe, and beyond
  • Low-latency connections
  • Geographic redundancy
Create Network Tunnels

Set up WireGuard tunnels in minutes:

  • Point-and-click tunnel creation
  • Automatic key generation
  • QR codes for mobile devices
  • Ready-to-use configuration files
  • Connect from anywhere globally
Get Public IP Addresses

Request and manage IP allocations:

  • IPv4 address blocks
  • Subnet allocation (/29 to /25)
  • Instant approval for small allocations
  • Public, routable IP addresses
  • Bring Your Own IP (BYOIP) support
Easy Configuration Export

Download configs for your platform:

  • One-click config generation
  • Many platform formats supported
  • Copy-paste ready configurations
  • DHCP server configs included for additionally Routed IP's
  • BGP routing configurations

Technical Features

Multi-Platform WireGuard Support

Generate configurations for 9+ platforms:

  • EdgeRouter (Ubiquiti)
  • MikroTik RouterOS
  • OpenWrt
  • pfSense/OPNsense
  • Linux (systemd-networkd)
  • Linux Network Namespaces
  • macOS
  • Docker containers
  • Mobile (QR codes for iOS/Android)
Advanced Routing

Sophisticated routing capabilities:

  • BGP dynamic routing with ASN management
  • Static route configuration
  • Subnet allocation management
  • IPv4 and IPv6 dual-stack support
Security & Access Control

Enterprise-grade security features:

  • Role-based access control (Admin, Operator, User)
  • WireGuard key regeneration
  • Email verification and password resets
  • OIDC/OAuth integration support
  • CSRF protection
  • Audit event logging
User Management

Comprehensive user administration:

  • User quotas and resource limits
  • Self-service network requests
  • Request approval workflows
  • Auto-approval for qualifying requests
  • API key management for automation
  • Timezone-aware displays
Infrastructure Organization

Hierarchical resource management:

  • Node groups for logical organization
  • Nodes (physical/virtual servers)
  • Interfaces (WireGuard, Loopback, Interconnect)
  • Network allocation and subnetting
  • ASN assignment and tracking
Automation & Integration

Built for automation:

  • RESTful API (v1 and legacy)
  • Email notifications with templates
  • Automated configuration generation
  • DHCP server configurations for Additionally routed prefixes
  • Self-installing setup scripts

Changelog

  • CI/CD Add GitLab deploy pipeline (auto dev, manual prod gate) - 2026-05-28
  • Fix Correct sort order of requests and audit events - 2026-05-28
  • Fix Use forward references for self-referential Network annotations - 2026-05-28
    list[Network] in effective_depth() and owned_subnetworks evaluated the bare Network name at class-definition time, raising NameError on import under Python 3.11 and breaking the test-during-build (pybuild --test). Quote them as string forward references so they resolve lazily.
  • Fix Send config email when notify checkbox is ticked on tunnel edit - 2026-05-25
    update_client() never read the notify form field, so editing a tunnel and ticking "send config email" silently did nothing. Mirror the existing block from create_client() so the same notify_new_client() call runs on edit.
  • Fix Request URL is incorrect on admin notices about comments - 2026-05-17
    This modifies the new comment email notices:
  • New Sortable Transfer (rx/tx), Allocations/Routed, and other list columns - 2026-05-06
    Adds hybrid_property sort columns on Client and enables new sortable columns on Client / Asn / Tunnel / Interface lists.
  • Fix Match list-view sortable column names to actual DB columns - 2026-05-06
    The data-column attributes on sortable headers were originally chosen for client-side sort matching against row data-* attrs. With the new server-side sort flow they need to map to real DB column names so the framework can resolve them.
  • New Server-side search and sort framework for paginated list views - 2026-05-06
    Adds polymorphic-aware server-side search and sort to the generic admin list view, with PG16-compatible nocase handling via COLLATE("C") override. Models opt in via SEARCHABLE_COLUMNS class attribute.
  • Fix Fix authentication by API key - 2026-05-04
    Prevents the error about session being unavailable on request.
  • Fix Fix network display - 2026-05-03
    - Correctly indent networks based on the visual hierarchy - Remove disabling of parent networks on routed subnet selection screen
  • Fix Resolve issues with pagination (Resolves #55) - 2026-05-03
    - Adds a flag on the model to indicate the list view uses pagination, enabling first-load pagination support - Performs pagination at the database level, removing the need to load all resources in memory before pagination - Adds pagination to the Requests list view
  • Fix Resolve hangs when IPv6 addresses are in use - 2026-05-03

  • New Add ASN verification card to admin request view - 2026-04-28
    Pull authoritative ASN registration from RDAP and surface match indicators (email match, callsign match) against the requesting user so ticket handlers have decision-support when reviewing ASN requests.
  • Fix Order request comments chronologically - 2026-04-22
    The comments relationship had no order_by clause so SQLAlchemy returned comments in UUID primary-key order, which is effectively random. Sort by created_at so the conversation reads oldest-first (newest comment closest to the Add Comment box).
  • Fix Show request owner's username as plain text for ticket handlers - 2026-04-22
    The request header linked the username to the admin user view, which ticket handlers can't access. Wrap the link in a role check so only administrators and superadmins see the clickable link; ticket handlers see plain text instead of a link that 404s.
  • New Add tunnels section to user resources card and turn summary badges into collapse toggles - 2026-04-22
    Tunnels show each tunnel's status and attached networks (direct addresses vs. subnets routed via static or BGP, with the ASN highlighted). Summary badges are now the collapse toggles for the detail tables, with a rotating chevron to signal state.
  • Fix Surface timezone notifications where the dropdown can't cover them - 2026-04-20
    Swap the top-right toast for the top-center Bootstrap alert pattern already used elsewhere in the app so the success/error notification is not hidden behind the timezone select's own dropdown.
  • Fix Save profile timezone immediately when the select changes - 2026-04-20
    The profile form's timezone select had no change handler, so picking a different timezone did nothing until the form was submitted (and there is no dedicated save button for it). Wire the existing TimezoneManager.changeTimezone() into a change listener on #timezone so the new value is POSTed to /account/api/timezone as soon as the user picks an option, matching the "save on change" behaviour intended by the API endpoint.
  • Fix Exclude user sub-allocations from network counting - 2026-04-15
    Route all quota and resource counting through User.resource_count so consumers never special-case network vs other kinds, and apply the same filter to the Networks list header, dashboard stats, admin user menu counts, request creation handlers, and the quota_impact macro so users and handlers see a consistent allocation count everywhere.
  • New Show user resources on admin request view - 2026-04-15
    Add a "User Resources" card to the request view page summarising the requester's existing networks, ASNs, tunnels, and pending requests with quota-aware badges, so administrators and ticket handlers can see what the requester already has before approving. Adds Network.is_top_level and User.top_level_networks/resource_count so the card excludes sub-allocations the user carved out of their own top-level allocations from both counts and the displayed list.
  • New Add download button for tunnel configuration files - 2026-04-15
    Add a Download button next to Copy to Clipboard on the tunnel view page so users can save text configs directly as files.
  • New Add version management, pyproject.toml, and changelog automation - 2026-04-09
    - Add VERSION file (semver, manual bump) as single source of truth - Add pyproject.toml with full PEP 621 metadata, simplify setup.py to shim - Move CHANGELOG_DATA.txt install from /etc/ to /usr/share/pop-controld/ - Use absolute path in features.py for reliable changelog reading - Update generate_changelog.py: group by month+author with branch creator attribution - Update debian/control with proper Maintainer/Uploaders format - Update debian/rules to read version from VERSION file - Add MANIFEST.in to include VERSION in sdist builds - Add .git check in Makefile before running changelog generation
  • New Make Terms of Service URL configurable via admin config - 2026-04-02
  • New Add Terms of Service link to footer - 2026-04-01
  • Enhancement Add alembic.ini for database migrations - 2026-04-01

  • New Add status to dynamic routing - 2026-03-21

  • New add per-user rate limiting for request creation endpoints - 2026-01-23
    - Add LIMIT_REQUEST_CREATION constant (10 per hour, configurable) - Add get_current_user_id() for per-user rate limiting (fairer for shared IPs) - Apply rate limiting to UI routes: network_allocate, network_existing, asn - Apply rate limiting to API routes: request_asn, request_network_existing, request_network_allocation
  • Fix correct config import in limiter.py - 2026-01-23
  • New add rate limiting to authentication endpoints - 2026-01-13
    Add Flask-Limiter with Redis backend to protect auth endpoints from brute force and credential stuffing attacks.
  • New make auth token expiry configurable - 2026-01-13
    Add [security] section to config with auth_token_expiry_hours setting. Centralize default in __init__.py using read_dict(). Templates read from config to display correct expiry time.
  • Fix reduce token expiry from 48h to 24h - 2026-01-13
  • New add security response headers - 2026-01-14
  • Fix remove traceback printing from API error handler - 2026-01-14
  • Fix use allow list for dynamic query parameter filtering - 2026-01-13
  • New add audit logging for authentication events - 2026-01-14
  • Fix add CSRF token to timezone API call - 2026-01-13
  • Fix use session for API key token instead of URL - 2026-01-13
  • Fix add null check in api_load_user - 2026-01-13
  • Fix add @login_required to /delete route - 2026-01-13
  • Fix validate redirect URL after login - 2026-01-13
  • New use gunicorn in dev script for HUP reload support - 2026-01-07
  • Documentation add comprehensive README with development guide - 2026-01-06
  • Fix MR !41 feedback - IPv6 /128 allocation and skip_ssl_verification config - 2026-01-06
    - Fixed IPv6 allocation back to /128 (was incorrectly changed to /64) - Added skip_ssl_verification config option for OIDC - SSL verification only skipped when BOTH debug=True AND skip_ssl_verification=True - Set debug=False in example config (production default)
  • Fix set debug=False as secure default - 2026-01-07
  • Fix clipboard copy for input elements (use .value property) - 2026-01-07
  • Fix use data-clipboard-selector for Redirect URI copy button - 2026-01-07
  • Fix use appconfigbool for debug check in User Maintenance visibility - 2026-01-07
  • Fix remove US-first region sorting bias - 2026-01-07
  • Fix use config-based SSL verification for OIDC discovery - 2026-01-06
    Replace automatic SSL fallback with explicit config option. SSL verification only skipped when BOTH debug=True AND skip_ssl_verification=True in [auth.oidc] section.

  • Enhancement Update changelog for December 2025 - 2025-12-18
  • Uncategorized chore(packaging): Simplify dependencies and add graceful reload - 2025-12-18
    - Simplify debian package dependencies (remove -dev packages) - Add ExecReload to systemd service for graceful worker reload - Use HUP signal to reload without dropping connections
  • New feat(server): Improve error handling and debug mode support - 2025-12-18
    Backend improvements for better development experience and error handling:
  • New feat(ui): Improve tunnel and ASN form templates - 2025-12-18
    Enhancements to model forms and list views:
  • New feat(ui): Improve navigation and base template structure - 2025-12-18
    UI/UX improvements across the application:
  • New feat(ui): Improve tunnel request interface with collapsible regions - 2025-12-18
    Enhances the tunnel request page with better UX for selecting nodes:
  • New Add user maintenance tools for data cleanup - 2025-12-18
    Adds superadmin-only maintenance tools for handling data integrity issues:
  • New feat(auth): Improve OIDC discovery and registration flow - 2025-12-18
    Enhances OIDC integration with better error handling and user experience:
  • New feat(node): Add transport_ip field for WireGuard interconnect endpoints - 2025-12-18
    Adds a transport_ip field to nodes for specifying the public/WAN IP address used for WireGuard interconnect endpoints, separate from access_ips.

Ready to get started?

Log In Documentation