TrustTunnel

A modern, open-source VPN protocol originally developed by AdGuard VPN and now available for anyone to use, audit, and implement.

It delivers fast, secure, and reliable VPN connections without the usual trade-offs. By design, TrustTunnel traffic is indistinguishable from regular HTTPS traffic, allowing it to bypass throttling and deep-packet inspection while maintaining strong privacy protections.

Getting Started The Problem The Solution

Getting Started

1

Set Up Your VPN Endpoint

First, you need to deploy your own TrustTunnel server.

View server setup instructions on GitHub
2

Connect Using Client Apps

Once your server is running, use one of the available clients to connect:

Mobile Clients

App Store (iOS)* Google Play (Android)

* In some countries, the iOS app is not available in the App Store. You may need an Apple ID from another country to download it. Learn how to change your App Store country.

CLI Clients

macOS Linux Windows

The Problem with Traditional VPN Protocols

Popular VPN protocols (OpenVPN, WireGuard, IPSec, etc.) share common weaknesses:

  • Easy detection — They can be identified and blocked at the network level.
  • Performance penalty for stealth — Concealing VPN traffic typically degrades speed.

Traditional approaches "wrap" VPN data in a TCP connection and add encryption to mimic normal web traffic. However, TCP's delivery confirmation overhead introduces latency and reduces throughput.

Traditional VPN protocol overhead

With conventional protocols, users face a trade-off: fast but detectable or stealthy but slow.

How TrustTunnel Solves This

TrustTunnel protocol design

TrustTunnel eliminates this trade-off through several key design choices:

Indistinguishable from HTTPS

Connections to a TrustTunnel server look identical to connections to any normal website. Deep-packet inspection cannot differentiate TrustTunnel traffic from regular HTTPS browsing.

Battle-tested Encryption

TrustTunnel uses TLS (the same encryption that secures HTTPS) rather than a custom cryptographic implementation. TLS libraries are widely deployed and continuously audited for security vulnerabilities.

HTTP/2 and HTTP/3 Transport

By leveraging HTTP/2 or HTTP/3 as the transport layer, TrustTunnel achieves both undetectability and high performance. These modern protocols are ubiquitous on the web, making TrustTunnel traffic blend in seamlessly.

Stream-based Architecture

Unlike traditional VPNs that operate on packets, TrustTunnel operates on data streams. Each connection gets its own HTTP/2 (or HTTP/3) stream, creating a dedicated tunnel. This design enables packet buffering—multiple packets can be combined before transmission, dramatically reducing confirmation overhead and improving throughput.

TrustTunnel vs traditional protocol comparison