Privacy By
Architecture
Tunnely was engineered from a simple computational belief: network packet activity is nobody else's business. We construct infrastructure where true privacy is enforced by mathematics and code layout, not just terms of service policies.
Core Philosophy
Traditional single-hop architectures enforce trust upon a single entity. The entry node processes everything — your IP, your destination, your payload telemetry. That's not privacy; that's simply migrating surveillance logs from your local ISP directly to a centralized VPN provider.
Tunnely implements a radical cryptographic shift. Traffic is routed violently through multiple independent decentralized relay nodes. The entry server identifies you, but remains blind to your destination. The exit node transmits to your destination, but remains blind to your origin identity.
Combined with OS-level channel bonding — the ability to multiplex packet fragments across independent network interfaces — we guarantee both privacy and raw bandwidth. Your local ISP only sniffs chaotic encrypted fragments. The relays only process encrypted hops. Zero-knowledge visibility.
Engineering Tenets
Privacy Precedence
Every architectural decision starts with a single constraint: does this protect the end-user? We implement rigorous privacy methodologies over convenience, every time.
Open Infrastructure
Our core relay daemon is strictly open-source. Security researchers can audit the codebase, compile locally, and continuously verify our cryptographic claims.
Zero Knowledge
We cannot decrypt your payload. The multi-hop topology ensures no single relay instance holds the state of both your origin IP and your destination.
Performance Constraints
Engineered in Rust for zero-cost hardware abstractions. Our proprietary channel bonding algorithms keep packet latency to an absolute minimum globally.
Zero-Trust Adblock Proxy
Cosmetic network filtering over an encrypted VPN is traditionally impossible without compromising the server's zero-knowledge guarantee. Sending decrypted traffic to a remote relay for filtering mathematically destroys the privacy model.
Instead, the Tunnely client installs a localized, ephemeral Root Certificate Authority directly onto your OS. It acts as an aggressive MITM (Man-in-the-Middle) proxy sitting entirely on the client machine.
Traffic is intercepted locally, decrypted, sanitized against our aggressive filter lists, and immediately re-encrypted before it ever touches the WireGuard tunnel or exits your network interface. The remote relays remain completely blind to your payload content.
OS-Level Channel Bonding
Typical VPN implementations bind the encrypted tunnel to a single network interface (like your Wi-Fi card). If that adapter drops packets or loses signal, your entire connection stalls until the handshake is renegotiated by the daemon.
Tunnely's Rust client intercepts the raw TUN interface stream and aggressively fragments every packet. These fragments are simultaneously multiplexed across all available network hardware — utilizing Wi-Fi, Ethernet, and Cellular layers concurrently.
By treating your various hardware adapters as parallel bandwidth pipes, we effectively aggregate your bandwidth thresholds while providing absolute redundancy. A Wi-Fi dropout simply means the remaining fragments continue flowing uninterrupted over Cellular.
Bare-Metal VPS Infrastructure
Our relay network relies on highly-optimized bare-metal Linux servers operating entirely out of RAM cache. We utilize Tokio as a multi-threaded async runtime to route millions of concurrent stateless packets with zero I/O execution locks.
Privacy begins where data retention ends. These relays are purposefully configured with Read-Only OS images. We use rigid nftables policies for dynamic IP masquerading, ensuring outbound network traffic is completely disassociated from the origin client.
Additionally, the relay daemon explicitly denies inbound ICMP or extraneous protocol handshakes. The server will only acknowledge geometrically perfect cryptokey handshakes, making the node completely black-holed to standard Nmap port scans or automated exploitation bots.
table inet relay_nat {
chain postrouting {
type nat hook postrouting priority srcnat;
oifname "eth0" masquerade
}
chain forward {
type filter hook forward priority filter;
ct state established,related accept
iifname "wg-*" accept
drop
}
}Tech Stack
We deploy only performant, battle-tested modern architectures emphasizing memory safety and speed.
Rust
Core Relay Daemon
WireGuard
Cryptography
Tauri
Client Binaries
Tokio
Async Runtime
React
Marketing UI
Postgres
Cluster Auth
Root CA
Zero-Trust MITM Proxy
nftables
Packet Framework