Commercial VPNs ask you to trust a no-logs policy. rVPN replaces that trust with open-source cryptography. A Rust-built transport protocol that runs over a single, indistinguishable connection on port 443.
pub struct DoubleRatchet { // DH ratchet for post-compromise security dh_pair: Option<X25519KeyPair>, remote_dh_key: Option<X25519PublicKey>, // Symmetric ratchet for forward secrecy root_key: [u8; 32], sending_chain_key: Option<[u8; 32]>, receiving_chain_key: Option<[u8; 32]>, // Defeats traffic analysis via ML heuristics padding_strategy: ConstantRate, }
Traffic moves through four distinct stages before it reaches the open internet. Each stage is open-source and independently verifiable. Nothing happens inside a black box.
Local and LAN-bound traffic routes back to your network directly. Known ad and tracker domains are dropped at a local sinkhole before they reach the tunnel, saving bandwidth and reducing noise.
If a network operator attempts to fingerprint the connection with an unauthenticated probe, the gateway invisibly serves a real decoy website. From the outside, the connection looks like ordinary HTTPS.
Authenticated traffic is handled by the Double Ratchet algorithm with X3DH key agreement. Even if a server is later seized, past sessions remain unreadable. Forward secrecy is mathematical, not contractual.
Every DNS query is resolved inside the encrypted tunnel. Your ISP and local network see a single multiplexed connection on port 443. Nothing more.
A direct comparison against widely-used open-source VPN and proxy protocols.
| Feature | rVPN | WireGuard | Brook | VLESS / Xray |
|---|---|---|---|---|
| Transport layer | WSS / TLS 1.3 | UDP | Custom TCP / UDP | Various |
| Port operation | 443 (standard HTTPS) | Any | Any | Any |
| Post-compromise security | Yes, ratchet | No | No | No |
| Active probing resistance | Decoy intercept | None | Silent drop | Reality (partial) |
| Post-quantum support | On roadmap | Not natively | No | No |
Most commercial VPNs are closed-source clients connecting to centralised infrastructure. rVPN is fully open source, so every claim below is something you can independently verify.
Closed-source client with undisclosed telemetry
100% open-source client and core. Fully auditable.
Centralised infrastructure under one corporate entity
Traffic passes as standard HTTPS over TLS 1.3
Privacy guaranteed by a written no-logs policy
Forward secrecy enforced by the Double Ratchet algorithm
WireGuard and OpenVPN signatures are easily flagged by network filters
No telemetry collection by design, not by promise
rVPN's core is written in Rust with no garbage collector and no legacy runtime overhead. It's small enough to run a full secure tunnel for a small office on a single board computer.
Core binaries are free and open source under AGPLv3. Premium mobile clients fund ongoing protocol development.
| Component | Platforms | License | Access |
|---|---|---|---|
| Core & desktop binaries | macOS, Linux, FreeBSD: x86_64 / ARM64 | AGPLv3, open source | Download → |
| Official mobile clients | iOS, Android, HarmonyOS | Commercial, funds development | App stores → |
| Custom & third-party GUIs | Any platform via core engine API | AGPLv3, open source | Developer guide → |