Security architecture
NexTunnel is built for censorship-resistance in Russia, Iran, and China. This page documents every protocol, every cipher, and every policy decision that protects your traffic.
1. Threat model
We design NexTunnel to defend against four specific adversaries. Everything on this page traces back to one of them.
- A1 — Passive DPI observer. Can see your traffic patterns and TLS handshakes. Reality and AmneziaWG are built to defeat this adversary.
- A2 — Active DPI probe. Sends crafted packets to our endpoints to detect the protocol. Reality answers non-authenticated probes with traffic from a real target site.
- A3 — ISP-level traffic shaping. Throttles or blocks TLS, UDP, or non-443 ports. Hysteria2, CDN fallback, and the restricted profile rotate ports/SNI to escape this.
- A4 — Legal request / server seizure. Local authorities compel data or physically seize a server. No-logs + full-disk encryption + our warrant canary cover this.
2. Protocols
Every NexTunnel server runs multiple protocols in parallel. Clients pick whichever one reaches them first, and the dashboard suggests a fallback if the primary is blocked.
| Protocol | Role | Ciphers | Servers |
|---|---|---|---|
| VLESS + Reality | Primary — best speed, anti-DPI | ChaCha20-Poly1305 / AES-256-GCM (handshake: X25519 Reality) | All servers |
| VLESS Reality (restricted) | Fallback when port 443 is blocked | ChaCha20-Poly1305 / AES-256-GCM | All servers |
| VLESS + WebSocket + Cloudflare CDN | For networks that block TLS directly | TLS 1.3 via CDN + inner layer | Europa, USA |
| WireGuard | Native client support (iOS/Android/Win) | Curve25519 + ChaCha20-Poly1305 | All servers |
| AmneziaWG | DPI-obfuscated WireGuard — bypasses Roskomnadzor TSPU | Curve25519 + ChaCha20-Poly1305 + junk packet obfuscation | All servers (rollout in progress) |
| Hysteria2 | UDP high-speed transport with QUIC congestion control | TLS 1.3 | USA |
| Shadowsocks 2022 | GFW bypass (China) | 2022-blake3-aes-256-gcm | Rollout in progress |
| Trojan-GFW | Traffic indistinguishable from real HTTPS | TLS 1.3 | Rollout in progress |
| TUIC v5 | Experimental QUIC multiplexing — lowest latency | TLS 1.3 + BBR | Rollout in progress |
3. No-logs policy
We do not log, store, or transmit any of the following: the websites you visit, DNS lookups, destination IPs, source IPs after tunnel termination, or traffic contents.
We do keep the minimum data required to operate: your email for login, your subscription status, your device count, and aggregate bytes transferred per device per day for abuse-prevention and quota enforcement. None of this is linked to your traffic.
4. Server hardening
- • SSH key-only authentication, fail2ban with aggressive banning
- • UFW whitelists only the protocol ports + our management IPs
- • Automatic kernel upgrades via unattended-upgrades
- • systemd hardening for xray/wireguard/hysteria2 (NoNewPrivileges, ProtectSystem, PrivateTmp)
- • 3-layer xray watchdog: systemd restart limits, local timer, remote health-check cron
- • BigInt-tracked traffic counters so we can detect abuse without inspecting packets
- • All servers run a minimal Ubuntu 22.04 / 24.04 base image, no desktop, no extra services
5. Cryptography
- • TLS 1.3 end-to-end, HSTS with
max-age=31536000; preload - • CSP with nonce-based
script-src+ strict-dynamic (no unsafe-inline) - • Passwords hashed with bcrypt cost 12, timing-safe comparison on invalid users
- • Session cookies: HttpOnly, SameSite=Lax, Secure, 30-day rolling expiry
- • 2FA via TOTP with backup codes stored as bcrypt hashes
- • Webhook signatures verified with HMAC-SHA256 +
timingSafeEqual(Stripe, Lava.top, Suby.fi)
6. Independent audits
We plan a Cure53 independent security audit in Q3 2026 once the payment integrations stabilize. Results and any remediation will be published here.
Related documents
Last updated: April 2026. Questions? Email security@nextunnel.com.