TrustTunnel

A modern, open-source VPN protocol originally developed by AdGuard VPN and now available for anyone to use, audit, and implement.

It delivers fast, secure, and reliable VPN connections without the usual trade-offs. By design, TrustTunnel traffic is indistinguishable from regular HTTPS traffic, allowing it to bypass throttling and deep-packet inspection while maintaining strong privacy protections.

The Problem with Traditional VPN Protocols

Popular VPN protocols (OpenVPN, WireGuard, IPSec, etc.) share common weaknesses:

  • Easy detection — They can be identified and blocked at the network level.
  • Performance penalty for stealth — Concealing VPN traffic typically degrades speed.

Traditional approaches "wrap" VPN data in a TCP connection and add encryption to mimic normal web traffic. However, TCP's delivery confirmation overhead introduces latency and reduces throughput.

Traditional VPN protocol overhead

With conventional protocols, users face a trade-off: fast but detectable or stealthy but slow.

How TrustTunnel Solves This

TrustTunnel protocol design

TrustTunnel eliminates this trade-off through several key design choices:

Indistinguishable from HTTPS

Connections to a TrustTunnel server look identical to connections to any normal website. Deep-packet inspection cannot differentiate TrustTunnel traffic from regular HTTPS browsing.

Battle-tested Encryption

TrustTunnel uses TLS (the same encryption that secures HTTPS) rather than a custom cryptographic implementation. TLS libraries are widely deployed and continuously audited for security vulnerabilities.

HTTP/2 and HTTP/3 Transport

By leveraging HTTP/2 or HTTP/3 as the transport layer, TrustTunnel achieves both undetectability and high performance. These modern protocols are ubiquitous on the web, making TrustTunnel traffic blend in seamlessly.

Stream-based Architecture

Unlike traditional VPNs that operate on packets, TrustTunnel operates on data streams. Each connection gets its own HTTP/2 (or HTTP/3) stream, creating a dedicated tunnel. This design enables packet buffering—multiple packets can be combined before transmission, dramatically reducing confirmation overhead and improving throughput.

TrustTunnel vs traditional protocol comparison