I’m excited to share my side project, Tunelo VPN — a lightweight and open-source VPN solution that’s perfect for quickly setting up a secure connection using a custom protocol I developed from scratch.
What is Tunelo VPN?
Tunelo is a VPN software that uses IP over UDP, designed to work efficiently on cloud servers like AWS, Google Cloud, or any other provider. It’s free, open-source, and built with simplicity and speed in mind. The protocol focuses on minimal overhead and was crafted to be lightweight and fast while maintaining security and flexibility.
Key Features:
Quick Setup: You can spin up a fully operational VPN in minutes with simple commands. Perfect for developers, hobbyists, and remote teams.
Custom Protocol: Tunelo doesn’t rely on pre-existing standards like OpenVPN or WireGuard. It uses a custom-built protocol over UDP, optimized for modern cloud environments.
Flexibility: Works seamlessly on AWS, GCP, or any virtual machine. You can even run it locally for private networks.
Open Source: Tunelo is free for everyone, and I’d love feedback, contributions, or ideas from the community.
Why did I build this?
I’ve always been fascinated by networking protocols and the magic behind communication between systems. Existing solutions like OpenVPN and WireGuard are fantastic, but I wanted something more customizable, lightweight, and suited for rapid deployment. Building my own protocol from scratch was a challenge I couldn’t resist!
How you can get involved:
Try it out: Test it on your favorite cloud provider or local environment. Let me know how it works for you.
Contribute: Whether you’re a developer, designer, or just someone curious about VPNs, there’s always room for fresh ideas and improvements.
Spread the word: If you think Tunelo could help someone, share it! I’d love to see how others are using it.
Documentation: Detailed setup and usage instructions are available on the GitHub page.
Contact: Drop a comment here
Closing Thoughts:
I’ve spent countless hours coding, debugging, and refining Tunelo. It’s a project close to my heart, and I’m thrilled to share it with this amazing community. If you’ve ever thought about building a VPN, experimenting with protocols, or just want to try something new, I’d love for you to check it out.
Let me know your thoughts, suggestions, or feedback. I’m here to learn, collaborate, and improve Tunelo together with you.
Thank you for your interest! Let me provide a deeper dive into how Tunelo is built and works, as well as insights into its architecture and security layers.
Architecture and Components
Tunelo consists of three custom-built modules designed from the ground up to create a lightweight, flexible VPN solution:
SUDP (Secure UDP):
This is the transport protocol used to encapsulate IP packets over UDP.
It includes three layers of security:
HMAC: The header is hashed with a password to ensure integrity.
ECDSA: Control messages are signed to guarantee authenticity.
AES-GCM: Data messages (encapsulated IP packets) are encrypted to maintain confidentiality.
Key exchange: Tunelo uses Diffie-Hellman for secure key exchange, and keys are refreshed every 30 seconds to enhance security and reduce exposure risks.
SUDP supports multiple simultaneous connections, making it ideal for creating VLANs or handling complex networking scenarios.
UTUN:
This module handles integration with the TUN/TAP driver on Linux and utun on macOS.
It enables seamless management of virtual network interfaces, allowing for efficient routing and tunneling of IP traffic.
Tunelo:
This is the orchestrator that brings everything together. It configures, manages, and runs the VPN, ensuring all components work cohesively.
Throughput Comparison
While formal benchmarks are still underway, Tunelo’s architecture is similar to WireGuard in terms of simplicity and efficiency. The use of:
AES-GCM for encryption (optimized for speed and security),
Diffie-Hellman for key exchange,
and lightweight UDP encapsulation
ensures low overhead and high throughput. The added flexibility of supporting multiple simultaneous connections offers a unique edge in VLAN-like setups.
Documentation and Next Steps
I’m finalizing the internal documentation on how Tunelo operates, including detailed explanations of the SUDP protocol and UTUN module. Once complete, I’ll host it for public access so everyone can explore and analyze the technical specifics.
Thank you for your interest in Tunelo — your feedback means a lot to me.
Hello Born_Cash, I used Go for the majority of the project (about 95%). The remaining 5% is written in C, as there are certain system calls on both macOS and Linux that cannot be easily invoked directly from the language. While there were third-party libraries available, I preferred to use either standard libraries or code built entirely by me.
