v0.2.0 SPECIFICATION LIVE

Verifiable secure.
Zero trust.

Commercial VPNs ask you to trust "no-logs" policies while operating in jurisdictions with complex data retention requirements. R-VPN replaces trust with verifiable math. A next-generation architecture built entirely in Rust, operating over a single WebSocket connection multiplexed through port 443.

curl -fsSL https://assets.rvpn.org/install.sh | sudo bash
RATCHET.RS
pub struct DoubleRatchet {
    // DH Ratchet for Post-Compromise Security
    dh_pair: Option<X25519KeyPair>,
    remote_dh_key: Option<X25519PublicKey>,
    
    // Symmetric Ratchet for Forward Secrecy
    root_key: [u8; 32],
    sending_chain_key: Option<[u8; 32]>,
    receiving_chain_key: Option<[u8; 32]>,
    
    // Prevents traffic analysis via ML heuristics
    padding_strategy: ConstantRate,
}

Architectural Blueprint

A strict, verifiable pipeline. See how R-VPN splits traffic, resolves secure DNS, and prevents unauthorized traffic inspection without relying on opaque, closed-source dependencies.

SINKHOLE_ROUTE LOCAL_ROUTE ENCRYPTED_TUNNEL MULTIPLEXED_443 NET_PROBE X3DH_AUTH_OK NODE_01 Client Device Smart Route Engine NULL_ROUTE Local Sinkhole 0.0.0.0 Drop PUBLIC_NET Public Network Network Inspection CLEAN_NET Direct Network Split Tunnel NODE_02_PROXY R-VPN Proxy Multiplexer :443 DECOY_SYS Decoy Website HTTP 200 OK NODE_03_CORE R-VPN Engine Ratchet + SecDNS TARGET_DEST Target Internet Public Internet
01

Smart Split Tunneling

The client instantly routes local traffic back to your LAN/ISP, while actively dropping ad and tracker domains via a local 0.0.0.0 sinkhole to preserve bandwidth before encryption begins.

02

Active Probing Defense

The gateway acts as a strict multiplexer. If a network analysis system attempts an unauthenticated probe, the proxy invisibly routes the request to a real Decoy Website.

03

Zero-Trust Crypto

Authenticated traffic passes to the R-VPN Core, utilizing the Double Ratchet Algorithm and ML-KEM PQC. Future server seizures or key exposures cannot decrypt past messages.

04

Secure DNS Resolution

All external DNS requests are encrypted and resolved securely through the R-VPN server, ensuring private browsing.

Technical Specification

A raw data comparison against alternative open-source transport layers.

Feature R-VPN WireGuard Brook VLESS / Xray
Transport Layer WSS / TLS 1.3 UDP Custom TCP/UDP Various
Port Operations 443 (Standard HTTPS) Any Any Any
Post-Compromise Security YES (Ratchet) NO NO NO
Active Probing Resistance Decoy Intercept None Silent Drop REALITY (Partial)
Post-Quantum Support Hybrid Built-in Not natively NO NO
Corporate vs. Mathematics

Commercial VPNs vs. Zero Trust

Incumbent VPNs are heavily centralized. Many are owned by data brokers or operate in jurisdictions with complex data retention requirements. R-VPN ensures privacy through code, not corporate promises.

VS Corporate Incumbents STATIC_HANDSHAKE CONNECTION_DROPPED PROPRIETARY_APP Closed-Source Client Hidden Telemetry NET_INSPECT Network Analysis WireGuard/OVPN Flagged CENTRAL_SERVER Corporate Node "Trust our PDF Policy" R-VPN Pipeline WSS_TLS_1.3 RATCHET_PAYLOAD SOURCE_CODE 100% Open Source Auditable. No Telemetry. NET_INSPECT Network Analysis Passed as regular HTTPS ZERO_TRUST_NODE R-VPN Node Mathematical Forward Secrecy
Bare-Metal Performance

Engineered in Rust

Security shouldn't come at the cost of system resources. We stripped away the bloat of legacy runtimes and built the R-VPN core entirely in Rust. This guarantees strict memory safety and thread safety without relying on a garbage collector.

The result is a highly parallel, cryptographically secure engine that consumes virtually zero overhead. You don't need dedicated enterprise server hardware or massive cloud instances—you can easily power an entire secure network tunnel for a small office using a single Raspberry Pi.

R-VPN_CORE_METRICS LIVE_READ
STATIC_BINARY_SIZE ~5.0 MB
ACTIVE_MEMORY_FOOTPRINT ~35.0 MB
GARBAGE_COLLECTION ZERO_OVERHEAD
MEMORY_SAFETY GUARANTEED
MINIMUM_TARGET_HARDWARE RASPBERRY_PI_ARM64

Cross-Platform Availability

Run the R-VPN core anywhere. We provide fully open-source binaries for desktop and server environments, alongside premium mobile clients to fund continuous protocol development. Flexibility is paramount: anyone can build a client providing they respect the AGPL license.

Component Supported OS Architecture License / Model Access
Core & Desktop Binaries macOS, Linux, FreeBSD x86_64, ARM64 AGPL v3.0 (Open Source) Download
Official Mobile Clients iOS, Android, HarmonyOS Native Mobile Commercial (Funds Dev) App Stores
Custom / 3rd-Party GUI Platform Agnostic Core Engine API AGPL v3.0 (Open Source) Dev Guidelines