It's a thin HTTP/2 and HTTP/3 tunneling protocol for TCP, UDP, and ICMP traffic.
It should be easy to write an independent implementation based on this specification provided you already have an HTTP/2 or HTTP/3 library. Pretty neat!
Very cool! Thanks for supporting open source (unlike a half-hearted attempt, like ExpressVPN's Lightway). Quick question: the website animated gif has no arrows from the website to the VPN server. Am I missing something?
Update: just followed the quickstart and worked great; speed is virtually line speed - impressive!
One clarification that may not be obvious: open-sourcing this isn’t primarily about signaling or auditability. If that were the goal, a standalone protocol spec or a minimal reference repo would have been enough.
Instead, we’re deliberately shipping full client and server implementations because the end goal is for this to become an independent, vendor-neutral project, not something tied to AdGuard.
We want it to be usable by any VPN or proxy stack and, over time, to serve as a common baseline for stealthy transports — similar to the role xray/vless play today.
Happy to answer questions or clarify design choices.
I can't thank Adguard enough for providing so much to the community, they are a BIG part of my privacy-funded lifestyle.
Out of the topic — but if you by any chance work on the mobile apps.
Do you know why the iOS version is still sub-par compared to Android?
You all add more features for rooted Android but what about Jailbroken iOS devices?
I have bought 20+ Adguard licenses and have never regretted buying them. Only if the iOS version could be much better.
I like and use your products, so, first of all, thank you!
that the protocol was not open was one of my main issues for not using the vpn service,?it is great to see. i look forward for the upcoming audits.
one thing i would like to see more is info about the company. the team, the offices, etc. there have been rumors and contradictory infos over the years, and the blog always have a “stock photo”, shady vibe. putting your address in google maps brings you to a shady alley… improving the image of the company (in my opinion) as it is now would do lots to create and improve trust.
(we are moving to a bit bigger office in the neighboring building, no nice photos on google yet)
We do not have a dedicated team page on the website, but we’re not hiding our faces, the team can be found on Github. Members of the team often visit AFDS [1] [2], you can see some faces there (including mine).
What makes this worth using over something like vless? Work blocked my gatcha game so I've had to set up a xray/vless/xhttp/tls proxy and it works flawlessly. Gets through the corp firewall unscathed at full bandwidth and no appreciable increase in latency.
Does anyone know if this protocol uses QUIC's RFC 9221 extension in order to eliminate overhead when tunnelling UDP over QUIC? According to their blog post, TrustTunnel does somehow avoid that overhead, but the actual protocol specification doesn't mention anything of that sort.
It’s great for you to open source the protocol and implementation, it written in rust which I will definitely consider to learn it add add to my vpn client in the future
Standard wireguard is blocked by DPI in Russia, China, Iran, etc.
The soluton in the post for VPNs as in "censorship bypass", not as in "virtual lan over the internet for businesses". Like AmneziaWG or VLESS protocols.
One interesting thing I’ve noticed is that AdGuard means different things in different parts of the world. In some places, people know us primarily as an ad blocker, in others we’re best known for our DNS service and in some regions AdGuard is associated almost exclusively with our VPN. The reality is that AdGuard makes several different products, not just one.
It would be also nice if they could hold their implicit promise of having the AdGuard extension working on Safari iOS, it's broken for me even when I reinstal it. Anyone else have the same problem?
This is not a common issue tbh. What sometimes may happen is that after an iOS update the content blockers in Safari becomes corrupted and the only thing that fixes it is not just a reinstall, but uninstall + reboot + reinstall after that. If even this doesn’t help please contact me at “am at adguard.com”, I will try to help.
stefanha|1 month ago
It's a thin HTTP/2 and HTTP/3 tunneling protocol for TCP, UDP, and ICMP traffic.
It should be easy to write an independent implementation based on this specification provided you already have an HTTP/2 or HTTP/3 library. Pretty neat!
dixie_land|1 month ago
mintflow|1 month ago
I can understand that put UDP payload into a single HTTP stream, at least when QUIC transport is in use, there is no UDP in TCP case.
The Source Address/Port in the UDP payload message serve as key to handle to the tunnel client if I understand correctly?
userbinator|1 month ago
mrbluecoat|1 month ago
Update: just followed the quickstart and worked great; speed is virtually line speed - impressive!
ameshkov|1 month ago
One clarification that may not be obvious: open-sourcing this isn’t primarily about signaling or auditability. If that were the goal, a standalone protocol spec or a minimal reference repo would have been enough.
Instead, we’re deliberately shipping full client and server implementations because the end goal is for this to become an independent, vendor-neutral project, not something tied to AdGuard.
We want it to be usable by any VPN or proxy stack and, over time, to serve as a common baseline for stealthy transports — similar to the role xray/vless play today.
Happy to answer questions or clarify design choices.
rfv6723|1 month ago
GFW has been able to filter SNI to block https traffic for a few years now.
vitorsr|1 month ago
Any particular reason to adopt Rust for this project instead of Go as many of your other products?
Because I think since you have quite extensive Go codebase I would imagine you had to rewrite possibly a significant amount of code.
kumrayu|1 month ago
Out of the topic — but if you by any chance work on the mobile apps.
Do you know why the iOS version is still sub-par compared to Android? You all add more features for rooted Android but what about Jailbroken iOS devices?
I have bought 20+ Adguard licenses and have never regretted buying them. Only if the iOS version could be much better.
tommica|1 month ago
DrBurrito|1 month ago
that the protocol was not open was one of my main issues for not using the vpn service,?it is great to see. i look forward for the upcoming audits.
one thing i would like to see more is info about the company. the team, the offices, etc. there have been rumors and contradictory infos over the years, and the blog always have a “stock photo”, shady vibe. putting your address in google maps brings you to a shady alley… improving the image of the company (in my opinion) as it is now would do lots to create and improve trust.
ameshkov|1 month ago
We have only one office in Limassol, the company is mostly remote: https://maps.app.goo.gl/pounSEQqBvYftZGZ6?g_st=ic
(we are moving to a bit bigger office in the neighboring building, no nice photos on google yet)
We do not have a dedicated team page on the website, but we’re not hiding our faces, the team can be found on Github. Members of the team often visit AFDS [1] [2], you can see some faces there (including mine).
[1]: https://adfilteringdevsummit.com/
[2]: https://youtube.com/playlist?list=PL61EKVIQWizG0tIYqNDoenVaO...
denkmoon|1 month ago
subscribed|1 month ago
I need to open ssh myself and for now I decided on tunnelling over http/3 terminated somewhere in aws/gcp/cf, but maybe your method is better.
Sir_Burpalot|1 month ago
ameshkov|1 month ago
reader9274|1 month ago
mrbluecoat|1 month ago
https://obscura.net/#faq-technical
mintflow|1 month ago
nfgrep|1 month ago
GardenLetter27|1 month ago
dmantis|1 month ago
The soluton in the post for VPNs as in "censorship bypass", not as in "virtual lan over the internet for businesses". Like AmneziaWG or VLESS protocols.
almaight|1 month ago
unknown|1 month ago
[deleted]
zx8080|1 month ago
ameshkov|1 month ago
jabroni_salad|1 month ago
huflungdung|1 month ago
[deleted]
sillyfluke|1 month ago
ameshkov|1 month ago