|Project Name||Stars||Downloads||Repos Using This||Packages Using This||Most Recent Commit||Total Releases||Latest Release||Open Issues||License||Language|
|Lantern||13,259||4 months ago||2,531||Go|
|Lantern官方版本下载 蓝灯 翻墙 代理 科学上网 外网 加速器 梯子 路由 - Быстрый, надежный и безопасный доступ к открытому интернету - lantern proxy vpn censorship-circumvention censorship gfw accelerator پراکسی لنترن، ضدسانسور، امن، قابل اعتماد و پرسرعت|
|Dsvpn||5,076||a month ago||1||March 03, 2021||mit||C|
|A Dead Simple VPN.|
|Freelan||1,029||3 years ago||26||other||C++|
|The main freelan repository.|
|Radvpn||952||3 years ago||2||mit||Go|
|Easy Wg Quick||876||2 months ago||gpl-2.0||Shell|
|Creates Wireguard configuration for hub and peers with ease|
|Check if your location is actually hidden|
|Vpn||250||10 months ago||gpl-3.0||Shell|
|Personal VPN using Shadowsocks and v2ray|
|Minivtun||236||2 months ago||20||gpl-3.0||C|
|A fast, secure and reliable VPN service based on non-standard protocol|
|Kubewg||126||4 years ago||3||Go|
|Use Kubernetes to manage & distribute Wireguard configuration|
|Wireguard Vanity Address||119||3 years ago||4||September 22, 2019||7||mit||Rust|
|generate Wireguard keypairs with a given prefix string|
DSVPN is a Dead Simple VPN, designed to address the most common use case for using a VPN:
[client device] ---- (untrusted/restricted network) ---- [vpn server] ---- [the Internet]
On Raspberry Pi 3 and 4, use the following command instead to enable NEON optimizations:
env OPTFLAGS=-mfpu=neon make
Alternatively, if you have zig installed, it can be used to compile DSVPN:
zig build -Drelease
On macOS, DSVPN can be installed using Homebrew:
brew install dsvpn.
DSVPN uses a shared secret. Create it with the following command:
dd if=/dev/urandom of=vpn.key count=1 bs=32
And copy it on the server and the client.
If required, keys can be exported and imported in printable form:
base64 < vpn.key echo 'HK940OkWcFqSmZXnCQ1w6jhQMZm0fZoEhQOOpzJ/l3w=' | base64 --decode > vpn.key
sudo ./dsvpn server vpn.key auto 1959
Here, I use port
1959. Everything else is set to the default values. If you want to use the default port (
443), it doesn't even have to be specified, so the parameters can just be
sudo ./dsvpn client vpn.key 188.8.131.52 1959
This is a macOS client, connecting to the VPN server
184.108.40.206 on port
1959. The port number is optional here as well. And the IP can be replaced by a host name.
You are connected. Just hit
C to disconnect.
Evaggelos Balaskas wrote a great blog post walking through the whole procedure: A Dead Simple VPN.
He also maintains systemd service files for DSVPN. Thank you Evaggelos!
If you were previously using a DNS resolver only accessible from the local network, it won't be accessible through the VPN. That might be the only thing you may have to change. Use a public resolver, a local resolver, or DNSCrypt.
Or send a pull request implementing the required commands to change and revert the DNS settings, or redirect DNS queries to another resolver, for all supported operating systems.
dsvpn "server" <key file> <vpn server ip or name>|"auto" <vpn server port>|"auto" <tun interface>|"auto" <local tun ip>|"auto" <remote tun ip>"auto" <external ip>|"auto" dsvpn "client" <key file> <vpn server ip or name> <vpn server port>|"auto" <tun interface>|"auto" <local tun ip>|"auto" <remote tun ip>|"auto" <gateway ip>|"auto"
serveron the server, and
<key file>: path to the file with the secret key (e.g.
<vpn server ip or name>: on the client, it should be the IP address or the hostname of the server. On the server, it doesn't matter, so you can just use
<vpn server port>: the TCP port to listen to/connect to for the VPN. Use 443 or anything else.
<tun interface>: this is the name of the VPN interface. On Linux, you can set it to anything. Or macOS, it has to follow a more boring pattern. If you feel lazy, just use
<local tun ip>: local IP address of the tunnel. Use any private IP address that you don't use here.
<remote tun ip>: remote IP address of the tunnel. See above. The local and remote tunnel IPs must the same on the client and on the server, just reversed. For some reason, I tend to pick
192.168.192.254for the server, and
192.168.192.1for the client. These values will be used if you put
autofor the local and remote tunnel IPs.
<external ip>(server only): the external IP address of the server. Can be left to
<gateway ip>(client only): the internal router IP address. The first line printed by
netstat -rnwill tell you (
If all the remaining parameters of a command would be
auto, they don't have to be specified.
I needed a VPN that works in an environment where only TCP/80 and TCP/443 are open.
WireGuard doesn't work over TCP.
GloryTun is excellent, but requires post-configuration and the maintained branch uses UDP.
I forgot about VTUN-libsodium. But it would have been too much complexity and attack surface for a simple use case.
OpenVPN is horribly difficult to set up.
Sshuttle is very nice and I've been using it a lot in the past, but it's not a VPN. It doesn't tunnel non-TCP traffic. It also requires a full Python install, which I'd rather avoid on my router.
Everything else I looked at was either too difficult to use, slow, bloated, didn't work on macOS, didn't work on small devices, was complicated to cross-compile due to dependencies, wasn't maintained, or didn't feel secure.
TCP-over-TCP is not as bad as some documents describe. It works surprisingly well in practice, especially with modern congestion control algorithms (BBR). For traditional algorithms that rely on packet loss, DSVPN couples the inner and outer congestion controllers by lowering
TCP_NOTSENT_LOWAT and dropping packets when congestion is detected at the outer layer.
The cryptographic primitives used in DSVPN are available as a standalone project: Charm.
This is not intended to be a replacement for GloryTun or WireGuard. This is what I use, because it solves a problem I had. Extending it to solve different problems is not planned, but feel free to fork it and tailor it to your needs!