We’ve kept our promise: AdGuard VPN protocol goes open-source — meet TrustTunnel
Today is a big day for us, and for everyone who cares about transparency, privacy, and having full control over their own traffic. We’re finally open-sourcing the protocol that powers AdGuard VPN. And it now has a name: TrustTunnel.
For a long time, we’ve wanted to make the protocol public. Many of you asked for it, and we always said: yes, we will, it’s only a matter of time. Well, the time has come.
What is TrustTunnel?
At its core, TrustTunnel is a modern, secure, mobile-optimized VPN protocol. It’s the very same technology that has been running inside all AdGuard VPN apps: on mobile, desktop, and browser extensions.
Why TrustTunnel? Because we needed something better
There are plenty of VPN protocols out there, so why create our own, some might ask. That is because we’ve seen in practice the faults of popular VPN protocols, especially in countries with tight restrictions on internet access. Protocols like OpenVPN, WireGuard, and IPSec share common weaknesses: they are easy to detect and block at the network level, and attempts to conceal VPN traffic often reduce speed. Traditional approaches “wrap” VPN data in a TCP connection and mimic normal web traffic, but TCP’s way of confirming every piece of data creates delays and makes the connection slower.
Unlike those conventional VPN protocols, TrustTunnel is engineered to blend in with regular HTTPS traffic, making it far harder to throttle or block and helping it slip past deep-packet inspection, all while preserving strong privacy and security. It achieves this through TLS-based encryption, the same standard that secures HTTPS, and by leveraging HTTP/2 or HTTP/3 transport, which are ubiquitous on the web. Each connection runs on its own dedicated stream, which combines packets for faster, more efficient transmission. It is also optimized for mobile platforms and performs well even in unstable network conditions.
A protocol you can use, run, tweak, extend, and build upon
By releasing TrustTunnel, we hope to achieve two things. First of all, we want to finally show our users what protocol is powering AdGuard VPN, thus allowing them to audit it openly. At AdGuard, we have always been staunch supporters of the idea of open-source software, and many of our products have long been open source. AdGuard VPN was lagging behind in this regard, but with TrustTunnel being released publicly, it is starting to catch up.
But most importantly, we want to change the status quo in the world of VPN protocols and offer an alternative to existing solutions. That said, we do not want it to be just a PR stunt, when the protocol’s code is de-facto ‘open source,’ but only one VPN service actually runs it. We believe in free and open-source software (FOSS) and want TrustTunnel to be used widely, including by other VPN services. We believe this is the right way to go about open source development, and we hope the community will participate in the TrustTunnel evolution. We welcome any contribution, whether it is a feature request, a bug report, or even a direct contribution to the app’s development.
What have we done to make this possible?
- We are publishing the first version of the TrustTunnel specification.
- We are releasing the complete code of our reference implementation of the TrustTunnel server and its clients under a very permissive license.
You don’t have to install AdGuard VPN to use TrustTunnel. You can configure your own server and use open source TrustTunnel clients:
-
Command-line TrustTunnel clients support Linux, Windows, and macOS
-
We are also releasing two client apps for iOS and Android
TrustTunnel clients already have a lot of functionality, they allow you to:
-
Use flexible routing rules to decide which requests go through the tunnel and which stay on the local network
-
Exercise fine-grained control, separating work and personal traffic, routing specific domains or apps, and tuning network behavior without complicated setup
-
Benefit from a real-time request log that provides full transparency into where the device sends traffic, how routing rules apply, and which connections use the tunnel
Useful links
This is a long-awaited moment for us. We promised to open-source our protocol, and today we’re delivering on that promise. With TrustTunnel now open source, users and developers alike can explore, self-host, and build on the technology.
To get started, check out the following resources:
TrustTunnel website
TrustTunnel open-source repository on GitHub
TrustTunnel app for iOS
TrustTunnel app for Android
