Modular Design

Ten modules, one platform

FreeSDN ships 10 domain modules: each independently toggleable per organization. Modules register their own routes, services, background tasks, and migrations. Enable only what you need; disable the rest with zero overhead.

How modules work

Registration

Each module has a manifest.py that declares its name, version, required capabilities, and dependencies on other modules.

Isolation

Modules get their own SQLAlchemy models, Pydantic schemas, API routes, and Celery tasks. They cannot access another module's internals, only the public service interface.

Enablement

Org admins toggle modules via PUT /api/v1/organizations/{id}/modules. Disabled modules are not loaded, so they add zero runtime cost.

Module System

10 self-contained infrastructure modules

Each module is a fully independent domain with its own SQLAlchemy models, Pydantic v2 schemas, service layer, background tasks, and vendor adapters. Modules register at startup and can be enabled or disabled per organization. Click any module for the full breakdown.

Network Management

Built

Manage switches, access points, VLANs, WiFi networks, PoE, and topology across vendor adapters. Interactive port-VLAN matrix, LAG, port mirroring, rogue-AP detection, firmware lifecycle, and config history.

VLAN managementWiFi/SSID configSwitch port controlPoE managementLAG & port mirroringFirmware lifecycle
Explore Network Management

Video Surveillance

Built

Camera and NVR management via Hikvision ISAPI and ONVIF adapters. Live stream (RTSP/HLS/MJPEG/fMP4), recording playback, snapshots, PTZ, LPR, and forensic export with legal hold (SHA-256 archive).

Live view (RTSP/HLS)Recording & playbackPTZ controlLPRForensic exportNVR management
Explore Video Surveillance

VoIP & Telephony

Built

Unified phone fleet and PBX management. Phone provisioning, onboarding, SIP push, and factory reset via the Grandstream adapter. FreePBX management (AMI + ARI + REST): extensions, trunks, ring groups, queues, IVR, voicemail, DIDs, active calls, and CDR.

Phone provisioningExtension managementCall logs (CDR)Ring groups & IVRTrunk configVoicemail
Explore VoIP & Telephony

Firewall

Built

Firewall management (OPNsense production-grade, pfSense, MikroTik, OpenWrt) plus absorbed gateway orchestration: canonical VLANs, drift detection, and multi-controller distribution. Rule CRUD and reorder, NAT, VPN (IPsec/OpenVPN/WireGuard) with stats, and IDS/IPS.

Rule managementNAT configurationVPN (OpenVPN/WireGuard/IPsec)IDS/IPSVLAN distributionDrift detection
Explore Firewall

Compute & Hypervisor

Built

Proxmox VE management via the Proxmox adapter. Cluster overview, node stats, VM and LXC lifecycle, snapshots, backups, storage-pool inventory, SDN zones, and cluster state.

VM lifecycleLXC managementSnapshots & backupsStorage poolsSDN zonesCluster state
Explore Compute & Hypervisor

Observability

Beta

Passive asyncio UDP listeners for SNMP traps, Syslog, and NetFlow. All ingested events land in a PostgreSQL store (the collector schema), indexed for dashboards, search, top-talker and protocol breakdowns. Zero-polling: devices push data to FreeSDN.

SNMP trap ingestionSyslogNetFlowPostgreSQL storageTop talkers & protocolsHistorical trends
Explore Observability

Storage

Built

Fabric participant for TrueNAS SCALE and CORE. Modern SCALE (25.04+) connects over a WebSocket JSON-RPC transport with TLS; older SCALE and CORE use the REST API, and the adapter auto-selects on connect. Provides ZFS pool health, disk temperatures, redundancy status, active alerts, and scrub progress as a unified rollup, and handles staged blob writes from other modules through the Fabric layer.

ZFS pool healthDisk temperaturesRedundancy statusActive alertsScrub trackingFabric blob writes
Explore Storage

AI Assistant

Beta

Multi-provider LLM assistant for OpenAI, Anthropic, and Ollama over direct httpx. It runs an agentic loop over a permission-gated tool registry, with governance from a global kill-switch through per-org policy to PII redaction before any cloud call, and an audit trail on every invocation.

Multi-provider LLMAgent toolsAgentic loopPolicy governancePII redactionAudit trails
Explore AI Assistant

Access Control

Beta

Beta, off by default. The data model for doors, credentials, cardholders, and schedules is in place. Door lock and unlock endpoints currently return 501 and no door adapter ships yet; the module is included for early adopters and integration planning.

Door CRUDCardholder managementCredential managementAccess schedulesEvent logsNo door adapter yet
Explore Access Control

Configuration Backup

Built

Portable configuration snapshots (.fsdn archive) covering sites, controllers, devices, users, and automation rules. Scheduled and on-demand, with restore, retention policies, cross-version diff, and AES-encrypted storage (Fernet). This is a config snapshot, not a full-system disaster-recovery image.

Config snapshotsOn-demand backupRestore operationsRetention policiesConfig diffAES encryption
Explore Configuration Backup
Open Source

Free as in freedom

FreeSDN is fully open-source under the AGPLv3 (AGPL-3.0-only) license. No artificial limitations, no "community edition" crippling, no surprise licensing changes.

AGPL-3.0 Licensed

No vendor lock-in, no per-device fees, no phone-home telemetry. Fork it, extend it, build services on top of it. The source is yours.

No Per-Device Fees

Monitor a small lab or a large fleet. FreeSDN charges nothing per device. Compare that to commercial per-device licensing.

Self-Hosted

By default, your credentials and data stay on your own infrastructure. No cloud dependency, no SaaS outage risk, fully air-gappable.

Community-Driven

Built by network engineers for network engineers. Feature requests, bug reports, and pull requests are all welcome.

Ready to take control of your network?

Join the community managing their multi-vendor infrastructure with a single, open-source platform.

See it running in your browser

Explore the full FreeSDN dashboard with realistic sample data, no signup, no backend. Then install it in minutes.