v0.2.0 Technical Specification Live

Maximum Stealth.
Zero Compromise.

A next-generation VPN architecture built entirely in Rust. Operates over a single WebSocket connection multiplexed through port 443, masking behind a legitimate website with Double Ratchet encryption.

Get R-VPN View Architecture
src/crypto/ratchet.rs
pub struct DoubleRatchet {
    // DH Ratchet for Self-Healing
    dh_pair: Option<X25519KeyPair>,
    remote_dh_key: Option<X25519PublicKey>,
    
    // Symmetric Ratchet for Forward Secrecy
    root_key: [u8; 32],
    sending_chain_key: Option<[u8; 32]>,
    receiving_chain_key: Option<[u8; 32]>,
    
    // Out-of-Order Message Handling
    skipped_keys: LruCache<(PublicKey, u32), MessageKey>,
}

Holistic Architecture Overview

See how R-VPN effortlessly splits traffic, resolves secure DNS, defeats active probing, and applies client-side ad blocking in real-time.

Ad/Tracker Filter Direct / LAN Bypass Encrypted Tunnel Multiplexed :443 Unauthenticated Probe X3DH Authenticated Encrypted DNS & Data Client Device Smart Route & AdBlock Local Sinkhole 0.0.0.0 Drop Hostile Network DPI Firewall Direct Network Split Tunnel / ISP R-VPN Proxy Gateway Port 443 Decoy Website HTTP 200 OK R-VPN Engine Ratchet + Secure DNS Target Internet Unrestricted Access
1

Smart Split Tunneling

The client instantly routes local traffic back to your LAN/ISP, while actively dropping ad and tracker domains via a 0.0.0.0 sinkhole to preserve bandwidth before encryption even begins.

2

Active Probing Defense

The gateway acts as a multiplexer. If a DPI firewall attempts an unauthenticated probe, the proxy seamlessly routes the request to a real Decoy Website, throwing zero distinguishable errors.

3

Zero-Compromise Crypto

Authenticated traffic passes to the R-VPN Core, utilizing the Double Ratchet Algorithm and ML-KEM PQC. Future key exposures cannot decrypt past messages.

4

Secure DNS Caching

All external DNS requests are fully encrypted and resolved through the R-VPN server's internal memory-mapped cache, actively preventing ISP snooping and DNS leaks.

Protocol Comparison

How R-VPN stacks up against legacy alternatives.

Feature R-VPN WireGuard OpenVPN VLESS / Xray
Transport Layer WebSocket / TLS 1.3 UDP TCP / UDP Various
Port Operations 443 (Stealth) Any 1194 Any
Post-Compromise Security Automatic (Ratchet) No No No
Active Probing Resistance Decoy Website None None REALITY (Partial)
Post-Quantum Support Hybrid Mode Built-in Not yet TLS 1.3 Dependent No