๐ Website ยท ๐ Documentation ยท ไธญๆๆๆกฃ ยท ๐ Report Bug ยท โจ Request Feature
Platform Clients: ๐ฑ iOS ยท ๐ค Android ยท ๐ช Windows ยท ๐ macOS ยท ๐ง Linux
An AI-driven intelligent VPN tunnel built with Rust, featuring automatic path selection and smart routing capabilities.
Status: Actively Developing ๐ง
- ๐ Open Source - MIT License, completely free and transparent
- โก Simple & Fast - One command to start:
./client -s SERVER:8080 -i client-001 - ๐ข Multi-Tenant - Cluster-based isolation for multiple teams or business units
- ๐ Secure Encryption - ChaCha20-Poly1305 (default), AES-256-GCM, XOR/Plain options
- ๐ Dual-Path P2P - IPv6 direct connection + STUN hole punching with auto-fallback to relay
- ๐ Smart Routing - Automatic path selection: IPv6 (lowest latency) โ STUN (NAT traversal) โ Relay
- ๐ Cross-Platform - Linux, macOS, Windows with pre-built binaries
Server Installation:
# Automatically installs the latest version
curl -fsSL https://raw.githubusercontent.com/smartethnet/rustun/main/install.sh | sudo bash
# Configure
sudo vim /etc/rustun/server.toml
sudo vim /etc/rustun/routes.json
# Start service
sudo systemctl start rustun-server
sudo systemctl enable rustun-serverDownload from GitHub Releases
Available Platforms:
- Linux: x86_64 (glibc/musl), ARM64 (glibc/musl)
- macOS: Intel (x86_64), Apple Silicon (ARM64)
- Windows: x86_64 (MSVC)
Each release includes:
server- VPN server binaryclient- VPN client binaryserver.toml.example- Server configuration templateroutes.json.example- Routes configuration template
All Platforms:
- Root/Administrator privileges (required for TUN device and routing)
Windows Only:
- Wintun driver - extract
wintun.dllto the same directory as binaries
Linux/macOS:
- TUN/TAP driver support (usually pre-installed)
# Install latest version
curl -fsSL https://raw.githubusercontent.com/smartethnet/rustun/main/install.sh | sudo bashWhat it does:
- โ Detects your system automatically (Ubuntu/Debian/CentOS/Fedora/Arch)
- โ Downloads the correct binary for your architecture
- โ
Installs to
/usr/local/bin/rustun-server - โ
Creates configuration directory
/etc/rustun/ - โ Sets up systemd service for auto-start
- โ Configures automatic restart on failure
Post-installation:
# Edit server configuration
sudo vim /etc/rustun/server.toml
# Edit routes configuration
sudo vim /etc/rustun/routes.json
# Start server
sudo systemctl start rustun-server
# Enable auto-start on boot
sudo systemctl enable rustun-server
# Check status
sudo systemctl status rustun-server
# View logs
sudo journalctl -u rustun-server -fStep 1: Download
# Go to releases page and download for your platform
# https://github.com/smartethnet/rustun/releases/latest
# Example for Linux x86_64
wget https://github.com/smartethnet/rustun/releases/latest/download/rustun-x86_64-unknown-linux-gnu.tar.gz
tar xzf rustun-x86_64-unknown-linux-gnu.tar.gz
cd rustun-*Step 2: Run
# Start server (Linux/macOS)
sudo ./server server.toml.example
# Start client (Linux/macOS)
sudo ./client -s SERVER_IP:8080 -i client-001Windows:
# 1. Download rustun-x86_64-pc-windows-msvc.zip
# 2. Extract to a folder
# 3. Download Wintun from https://www.wintun.net/
# 4. Extract wintun.dll to the same folder
# 5. Run as Administrator:
.\server.exe server.toml.example
# or
.\client.exe -s SERVER_IP:8080 -i client-001Create or edit /etc/rustun/server.toml:
[server_config]
# Server listening address
listen_addr = "0.0.0.0:8080"
[crypto_config]
# Encryption method (choose one):
# ChaCha20-Poly1305 (Recommended - high security, great performance)
chacha20poly1305 = "your-secret-key-here"
# AES-256-GCM (Hardware accelerated on modern CPUs)
# aes256gcm = "your-secret-key-here"
# XOR (Lightweight, for testing only)
# xor = "test-key"
# Plain (No encryption, debugging only)
# crypto_config=plain
[route_config]
# Path to routes configuration file
routes_file = "/etc/rustun/routes.json"Create or edit /etc/rustun/routes.json:
[
{
"cluster": "production",
"identity": "prod-gateway-01",
"private_ip": "10.0.1.1",
"mask": "255.255.255.0",
"gateway": "10.0.1.254",
"ciders": ["192.168.100.0/24", "192.168.101.0/24"]
},
{
"cluster": "production",
"identity": "prod-app-server-01",
"private_ip": "10.0.1.2",
"mask": "255.255.255.0",
"gateway": "10.0.1.254",
"ciders": []
}
]Field Descriptions:
| Field | Description | Example |
|---|---|---|
cluster |
Logical group for multi-tenancy isolation | "production" |
identity |
Unique client identifier | "prod-app-01" |
private_ip |
Virtual IP assigned to the client | "10.0.1.1" |
mask |
Subnet mask for the VPN network | "255.255.255.0" |
gateway |
Gateway IP for routing | "10.0.1.254" |
ciders |
CIDR ranges routable through this client | ["192.168.1.0/24"] |
Using systemd (if installed with script):
sudo systemctl start rustun-server
sudo systemctl status rustun-server
sudo journalctl -u rustun-server -fRunning manually:
# Linux/macOS
sudo ./server /etc/rustun/server.toml
# Windows (as Administrator)
.\server.exe server.tomlBasic Connection:
# Linux/macOS
sudo ./client -s SERVER_IP:8080 -i client-identity
# Windows (as Administrator)
.\client.exe -s SERVER_IP:8080 -i client-identityExamples:
# Production gateway
./client -s 192.168.1.100:8080 -i prod-gateway-01
# Development workstation
./client -s vpn.example.com:8080 -i dev-workstation-01
# With custom encryption
./client -s SERVER:8080 -i client-001 -c chacha20:my-secret-key./client --helpCommon Options:
| Option | Description | Example |
|---|---|---|
-s, --server |
Server address | -s 192.168.1.100:8080 |
-i, --identity |
Client identity | -i prod-app-01 |
-c, --crypto |
Encryption method | -c chacha20:my-key |
--enable-p2p |
Enable P2P mode | --enable-p2p |
--keepalive-interval |
Keepalive interval (seconds) | --keepalive-interval 10 |
# ChaCha20-Poly1305 (Default, Recommended)
./client -s SERVER:8080 -i client-001 -c chacha20:my-secret-key
# AES-256-GCM (Hardware accelerated)
./client -s SERVER:8080 -i client-001 -c aes256:my-secret-key
# XOR (Lightweight, testing only)
./client -s SERVER:8080 -i client-001 -c xor:test-key
# Plain (No encryption, debugging only)
./client -s SERVER:8080 -i client-001 -c plainEnable P2P for direct peer-to-peer connections with automatic intelligent path selection:
./client -s SERVER:8080 -i client-001 --enable-p2pRustun uses a three-tier intelligent routing strategy:
-
๐ IPv6 Direct Connection (Primary Path)
- Lowest latency, highest throughput
- Works when both peers have global IPv6 addresses
- Automatic connection establishment
-
๐ STUN Hole Punching (Secondary Path)
- NAT traversal for IPv4 networks
- Works across most NAT types
- Automatic fallback when IPv6 unavailable
-
๐ก Relay Mode (Fallback)
- Via server when P2P fails
- Guaranteed connectivity
- Automatic failover
Rustun supports cluster-based multi-tenancy for complete network isolation between different teams or business units.
- Each client belongs to a cluster
- Clients can only communicate with peers in the same cluster
- Different clusters use separate IP ranges
- Perfect for isolating production, staging, and development environments
routes.json:
[
{
"cluster": "production",
"identity": "prod-gateway",
"private_ip": "10.0.1.1",
"mask": "255.255.255.0",
"gateway": "10.0.1.254",
"ciders": ["192.168.100.0/24"]
},
{
"cluster": "production",
"identity": "prod-app-01",
"private_ip": "10.0.1.2",
"mask": "255.255.255.0",
"gateway": "10.0.1.254",
"ciders": []
},
{
"cluster": "development",
"identity": "dev-workstation-01",
"private_ip": "10.0.2.1",
"mask": "255.255.255.0",
"gateway": "10.0.2.254",
"ciders": []
},
{
"cluster": "development",
"identity": "dev-workstation-02",
"private_ip": "10.0.2.2",
"mask": "255.255.255.0",
"gateway": "10.0.2.254",
"ciders": []
}
]- โ
Production clients can only communicate within
10.0.1.0/24network - โ
Development clients are isolated in
10.0.2.0/24network - โ No cross-cluster communication possible
- โ Each team has complete network independence
Rustun is designed for various networking scenarios. Here are common use cases:
| Use Case | Description | Key Benefits | Typical Setup |
|---|---|---|---|
| ๐ข Remote Office Connectivity | Connect multiple office locations with site-to-site VPN | โข Seamless resource sharing โข P2P optimization reduces latency โข Multi-tenant support for departments |
One server + gateway client per office |
| ๐จโ๐ป Secure Remote Work | Enable secure remote access for employees working from home | โข Encrypted connections from anywhere โข P2P reduces server load โข Easy user management via routes.json |
One server + client per employee |
| ๐ Multi-Environment Isolation | Separate networks for production, staging, and development | โข Zero risk of cross-environment access โข Same infrastructure for all envs โข Easy configuration replication |
One server + separate cluster per environment |
| ๐ค IoT Device Management | Securely connect and manage IoT devices across locations | โข Encrypted device communication โข Direct P2P for low-latency control โข Scalable to thousands of devices |
One server + lightweight client per gateway |
| ๐ฎ Gaming Server Network | Low-latency network for game servers across regions | โข P2P ensures sub-10ms latency โข Secure server-to-server comms โข Easy regional expansion |
One server + client per game server region |
| โ๏ธ Hybrid Cloud Connectivity | Connect on-premise infrastructure with cloud resources | โข Secure cloud-to-datacenter bridge โข Automatic path optimization โข Support for multi-cloud scenarios |
One server + client per datacenter/cloud region |
| ๐ Zero Trust Network | Build a zero-trust network with peer isolation | โข Per-peer authentication via identity โข Fine-grained access control with CIDRs โข Complete traffic encryption |
One server + strict cluster configuration |
- Rust 1.70+: Install Rust
- Build Tools:
- Linux:
build-essentialor equivalent - macOS: Xcode Command Line Tools
- Windows: MSVC Build Tools
- Linux:
# Clone repository
git clone https://github.com/smartethnet/rustun.git
cd rustun
# Build release binaries
cargo build --release
# Binaries will be in target/release/
./target/release/server --help
./target/release/client --help# Install cross-compilation tool
cargo install cross
# Build for Linux x86_64 (musl, static)
cross build --release --target x86_64-unknown-linux-musl
# Build for ARM64 Linux
cross build --release --target aarch64-unknown-linux-gnu
# Build for Windows
cross build --release --target x86_64-pc-windows-msvc
# Build for macOS (requires macOS host)
cargo build --release --target x86_64-apple-darwin
cargo build --release --target aarch64-apple-darwinUse the provided build script for multi-platform builds:
# Build for all platforms
./build.sh
# Builds will be in build/ directory
# Archives will be in dist/ directoryWe welcome contributions! Please see our Contributing Guide for details on:
- Development setup and workflow
- Code style and conventions
- Testing requirements
- Pull request process
- Project structure
Quick Start for Contributors:
# Fork, clone and create a branch
git clone https://github.com/YOUR_USERNAME/rustun.git
cd rustun
git checkout -b feature/your-feature
# Make changes and test
cargo test
cargo fmt
cargo clippy
# Commit and push
git commit -m "feat: your feature"
git push origin feature/your-featureFor questions and discussions, visit GitHub Discussions.
For detailed protocol and architecture documentation, see:
- IPv6 P2P support - โ Completed (IPv6 direct connection)
- STUN hole punching - โ Completed (NAT traversal for IPv4)
- Dual-path networking - โ Completed (IPv6 + STUN with intelligent failover)
- Real-time connection monitoring - โ Completed (Per-path health status)
- systemd integration for Linux
- Dynamic route updates without restart
- Web-based management dashboard
- Mobile & Desktopclients(Android/iOS/Windows/MacOS)
- QUIC protocol support
- Docker container images
- Kubernetes operator
- Auto-update mechanism
- Windows service support
- Built with Tokio async runtime
- Encryption by RustCrypto
- TUN/TAP interface via tun-rs
- Issues: GitHub Issues
- Discussions: GitHub Discussions
Note: This is an experimental project. Use at your own risk in production environments.