Helium - Self-Hosted Mesh VPN with Desktop GUI

A friendly desktop fork of Nebula (Slack's open-source mesh VPN). Helium keeps Nebula's certificate-backed peer-to-peer mesh under the hood but wraps it in a polished Windows GUI so a non-technical private client can stand up a secure network in minutes — no YAML editing, no command line. Three pieces: **Helium Server** (admin console — generates a CA, issues per-device profiles, manages firewall rules, shows who's online), **Helium Client** (one-click connect, lives in the system tray, survives window close), and a small **Linux lighthouse** for peer discovery on a $4/month VPS. Each device's whole identity — cert + key + config — is one encrypted `.helium` file: import it and you're on the mesh. Includes group-based firewall rules (matching device certificates, not IPs), automatic Windows Firewall handling, public-address detection, self-healing routes that survive conflicts with Tailscale/ZeroTier/OpenVPN, optional relays for CGNAT clients, a one-click Self-check diagnostic, and a single MSI/NSIS installer covering both apps with a clean uninstaller. Built in Go (mesh engine + services) with an embedded WebView2 UI. MIT licensed, but distributed as a hardened build for a single private client engagement.