Mission
Provide reliable, undetectable internet access to anyone facing censorship, regardless of where they live or how technical they are.
We build VPN that disappears.
NexTunnel is engineered for the places where traditional VPNs stop working. Reality protocol, twelve fallbacks, zero-log architecture — built so your traffic looks like everyone else's.
Our story
For years, the standard answer to censorship was OpenVPN or WireGuard. Both worked — until governments in Iran, Russia, and China started fingerprinting their handshakes at the network level. Suddenly the people who needed VPN the most were the first to lose it.
When VLESS+Reality emerged from the open-source Xray community, it changed the equation. Instead of disguising VPN traffic, Reality copies a real TLS handshake from a legitimate website. To deep-packet inspection, your tunnel is indistinguishable from someone visiting a major news site or cloud provider.
We started NexTunnel because we had family and friends in censored regions who couldn't reliably bypass blocks. Reality solved the technical problem — our job became packaging it (and eleven other censorship-resistant protocols) so anyone can use it without a CLI or a config file.
Our mission, in one line: keep the internet open for people the rest of the world has stopped reaching.
Vision
A world where geography never decides what you can read, watch, or say online.
Values
- Zero-logs by design — we cannot disclose what we never store.
- Transparent operation — public protocol stack, public infrastructure list.
- Multi-protocol resilience — when one path is blocked, eleven others stay open.
- Accessible to non-technical users — no config files, no command line.
Why we built NexTunnel
The problem
Modern censorship infrastructure (Roskomnadzor TSPU in Russia, the Great Firewall in China, Iran's national filtering) fingerprints OpenVPN and WireGuard handshakes within seconds. Mass VPN bans are the new normal. Every month, more services vanish behind regional blocks.
Our solution
A twelve-protocol stack with VLESS+Reality as the flagship. If Reality is throttled, the client falls back to Hysteria2, AmneziaWG, ShadowTLS+Mieru, Trojan, TUIC v5 or one of the classic protocols. The dashboard picks the best server automatically and migrates your device when one goes offline.
- Servers
- 7
- Countries
- 5
- Protocols
- 12
- Platforms
- 4
What makes us different
VLESS+Reality flagship
Our default protocol mimics a real TLS handshake to a public site. Deep-packet inspection sees normal HTTPS — there is no protocol fingerprint to block.
Twelve-protocol stack
Reality, Hysteria2, AmneziaWG, ShadowTLS+Mieru, Trojan-GFW, TUIC v5, Shadowsocks 2022, WireGuard, OpenVPN, IKEv2 and two restricted variants. When one fails, another connects.
Zero-log architecture
Our infrastructure does not store browsing history, DNS lookups, destination IPs, or traffic content. We retain only what is operationally necessary — email, subscription state, aggregate bytes.
Crypto payments
Pay with Bitcoin, USDT, Monero and other cryptocurrencies via NowPayments. No credit card trail, no bank visibility into your subscription.
24/7 monitoring with auto-failover
Synthetic probes hit every server every two minutes. When a server degrades, active devices are migrated to the healthiest available node automatically.
Four-locale support
Native English, Spanish, Russian, and Farsi — including RTL layout for Persian users. Documentation and support in your language, not machine-translated.
Founded by Pablo Ivaldi
Pablo Ivaldi
Founder & Engineering Lead
9-year track record
Pablo has been building privacy and infrastructure products for nine years. NexTunnel started in 2024, after years of watching the censorship arms race accelerate in Iran, Russia and China — and watching the open-source protocol stack (Reality, AmneziaWG, Hysteria2) finally catch up. His prior products include Kandengu and other infrastructure work; the through-line is small teams shipping reliable systems for users that the big providers under-serve.
His engineering focus on NexTunnel is the parts of a censorship-resistant VPN that nobody markets: the watchdogs that detect a Reality fingerprint going stale, the auto-failover that migrates your device when a server is throttled by an ISP at 3am, the per-server X25519 keypair rotation, and the systemd hardening that makes a server seizure useful to no one. The protocols are public; the operational reliability is the moat.
He works directly with users in Tehran, Moscow and Shanghai who hit blocking events first. That feedback loop is why NexTunnel ships AmneziaWG support before most providers know what TSPU is, and why our subscription URL bundles regenerate every 30 minutes with fresh ports. The product roadmap is set by what stops working in the field, not by what looks good on a feature comparison.
Core expertise
- VLESS+Reality protocol design, X25519 Reality fingerprinting, anti-DPI engineering
- AmneziaWG / WireGuard junk-packet obfuscation against Roskomnadzor TSPU
- Hysteria2 + QUIC tuning, BBR congestion control, mobile-network resilience
- Direct field research with Iranian, Russian and Chinese users on active blocking events
The team
A small team of privacy-focused engineers, security researchers, and people who use the product themselves. We have family and friends behind every major firewall NexTunnel is built to defeat — that is not a marketing line, it is the reason this service exists.
We deliberately keep individual identities low-profile. Several team members live in or have lived in countries where running a VPN service carries personal risk; we will not put names on a public page until we can do so safely. Our security and transparency commitments are public regardless.
Ready to try a VPN that actually works in your region?
Start with a free trial. If Reality does not connect on your network, eleven fallbacks still will — or your money back within three days, no questions asked.