v0.2.0 SPECIFICATION LIVE

Verifiable stealth.
Zero trust.

Commercial VPNs ask you to trust "no-logs" policies while operating in jurisdictions friendly to state surveillance. R-VPN replaces trust with verifiable math. A next-generation architecture built entirely in Rust, operating over a single WebSocket connection multiplexed through port 443.

curl -fsSL https://assets.rvpn.org/install.sh | sudo bash
RATCHET.RS
pub struct DoubleRatchet {
    // DH Ratchet for Post-Compromise Security
    dh_pair: Option<X25519KeyPair>,
    remote_dh_key: Option<X25519PublicKey>,
    
    // Symmetric Ratchet for Forward Secrecy
    root_key: [u8; 32],
    sending_chain_key: Option<[u8; 32]>,
    receiving_chain_key: Option<[u8; 32]>,
    
    // Prevents traffic analysis via ML heuristics
    padding_strategy: ConstantRate,
}

Architectural Blueprint

A strict, verifiable pipeline. See how R-VPN splits traffic, resolves secure DNS, and defeats active DPI probing without relying on obfuscated, closed-source wrappers.

SINKHOLE_ROUTE DIRECT_BYPASS ENCRYPTED_TUNNEL MULTIPLEXED_443 UNAUTH_PROBE X3DH_AUTH_OK NODE_01 Client Device Smart Route Engine NULL_ROUTE Local Sinkhole 0.0.0.0 Drop HOSTILE_NET State / ISP Network DPI Firewall CLEAN_NET Direct Network Split Tunnel NODE_02_PROXY R-VPN Proxy Multiplexer :443 DECOY_SYS Decoy Website HTTP 200 OK NODE_03_CORE R-VPN Engine Ratchet + SecDNS TARGET_DEST Target Internet Unrestricted
01

Smart Split Tunneling

The client instantly routes local traffic back to your LAN/ISP, while actively dropping ad and tracker domains via a local 0.0.0.0 sinkhole to preserve bandwidth before encryption begins.

02

Active Probing Defense

The gateway acts as a strict multiplexer. If a hostile DPI firewall attempts an unauthenticated probe, the proxy invisibly routes the request to a real Decoy Website.

03

Zero-Trust Crypto

Authenticated traffic passes to the R-VPN Core, utilizing the Double Ratchet Algorithm and ML-KEM PQC. Future server seizures or key exposures cannot decrypt past messages.

04

Secure DNS Caching

All external DNS requests are fully encrypted and resolved through the R-VPN server's internal memory-mapped cache, actively preventing upstream ISP snooping.

Technical Specification

A raw data comparison against alternative open-source transport layers.

Feature R-VPN WireGuard Brook VLESS / Xray
Transport Layer WSS / TLS 1.3 UDP Custom TCP/UDP Various
Port Operations 443 (Stealth) Any Any Any
Post-Compromise Security YES (Ratchet) NO NO NO
Active Probing Resistance Decoy Intercept None Silent Drop REALITY (Partial)
Post-Quantum Support Hybrid Built-in Not natively NO NO
State vs. Mathematics

Commercial Surveillance vs. Zero Trust

Incumbent VPNs are heavily centralized. Many are owned by data brokers or operate in jurisdictions friendly to state-actor surveillance. R-VPN ensures privacy through code, not corporate promises.

VS Corporate Incumbents STATIC_HANDSHAKE CONNECTION_DROPPED PROPRIETARY_APP Closed-Source Client Hidden Telemetry DPI_CENSOR State DPI Firewall WireGuard/OVPN Flagged CENTRAL_SERVER Corporate Node "Trust our PDF Policy" R-VPN Pipeline WSS_TLS_1.3 RATCHET_PAYLOAD SOURCE_CODE 100% Open Source Auditable. No Telemetry. DPI_CENSOR State DPI Firewall Passed as regular HTTPS ZERO_TRUST_NODE R-VPN Node Mathematical Forward Secrecy
Bare-Metal Performance

Engineered in Rust

Security shouldn't come at the cost of system resources. We stripped away the bloat of legacy runtimes and built the R-VPN core entirely in Rust. This guarantees strict memory safety and thread safety without relying on a garbage collector.

The result is a highly parallel, cryptographically secure engine that consumes virtually zero overhead. You don't need dedicated enterprise server hardware or massive cloud instances—you can easily power an entire secure network tunnel for a small office using a single Raspberry Pi.

R-VPN_CORE_METRICS LIVE_READ
STATIC_BINARY_SIZE ~5.0 MB
ACTIVE_MEMORY_FOOTPRINT ~35.0 MB
GARBAGE_COLLECTION ZERO_OVERHEAD
MEMORY_SAFETY GUARANTEED
MINIMUM_TARGET_HARDWARE RASPBERRY_PI_ARM64

Cross-Platform Availability

Run the R-VPN core anywhere. We provide fully open-source binaries for desktop and server environments, alongside premium mobile clients to fund continuous protocol development. Flexibility is paramount: anyone can build a client providing they respect the AGPL license.

Component Supported OS Architecture License / Model Access
Core & Desktop Binaries macOS, Linux, FreeBSD x86_64, ARM64 AGPL v3.0 (Open Source) Download
Official Mobile Clients iOS, Android, HarmonyOS Native Mobile Commercial (Funds Dev) App Stores
Custom / 3rd-Party GUI Platform Agnostic Core Engine API AGPL v3.0 (Open Source) Dev Guidelines