Security architecture
NexTunnel is built for censorship-resistance in Russia, Iran, and China. This page documents every protocol, every cipher, and every policy decision that protects your traffic.
Last reviewed by Pablo Ivaldi, Founder & Engineering Lead, on 2026-04-25.
1. Threat model
We design NexTunnel to defend against four specific adversaries. Everything on this page traces back to one of them.
- A1 — Passive DPI observer. Can see your traffic patterns and TLS handshakes. Reality and AmneziaWG are built to defeat this adversary.
- A2 — Active DPI probe. Sends crafted packets to our endpoints to detect the protocol. Reality answers non-authenticated probes with traffic from a real target site.
- A3 — ISP-level traffic shaping. Throttles or blocks TLS, UDP, or non-443 ports. Hysteria2, CDN fallback, and the restricted profile rotate ports/SNI to escape this.
- A4 — Legal request / server seizure. Local authorities compel data or physically seize a server. No-logs + full-disk encryption + our warrant canary cover this.
2. Protocols
Every NexTunnel server runs multiple protocols in parallel. Clients pick whichever one reaches them first, and the dashboard suggests a fallback if the primary is blocked.
| Protocol | Role | Ciphers | Servers |
|---|---|---|---|
| VLESS + Reality | Primary — best speed, anti-DPI | ChaCha20-Poly1305 / AES-256-GCM (handshake: X25519 Reality) | All servers |
| VLESS Reality (restricted) | Fallback when port 443 is blocked | ChaCha20-Poly1305 / AES-256-GCM | All servers |
| VLESS + WebSocket + Cloudflare CDN | For networks that block TLS directly | TLS 1.3 via CDN + inner layer | Europa, USA |
| WireGuard | Native client support (iOS/Android/Win) | Curve25519 + ChaCha20-Poly1305 | All servers |
| AmneziaWG | DPI-obfuscated WireGuard — bypasses Roskomnadzor TSPU | Curve25519 + ChaCha20-Poly1305 + junk packet obfuscation | All servers (rollout in progress) |
| Hysteria2 | UDP high-speed transport with QUIC congestion control | TLS 1.3 | USA |
| Shadowsocks 2022 | GFW bypass (China) | 2022-blake3-aes-256-gcm | Rollout in progress |
| Trojan-GFW | Traffic indistinguishable from real HTTPS | TLS 1.3 | Rollout in progress |
| TUIC v5 | Experimental QUIC multiplexing — lowest latency | TLS 1.3 + BBR | Rollout in progress |
3. No-logs policy
We do not log, store, or transmit any of the following: the websites you visit, DNS lookups, destination IPs, source IPs after tunnel termination, or traffic contents.
We do keep the minimum data required to operate: your email for login, your subscription status, your device count, and aggregate bytes transferred per device per day for abuse-prevention and quota enforcement. None of this is linked to your traffic.
4. Server hardening
- • SSH key-only authentication, fail2ban with aggressive banning
- • UFW whitelists only the protocol ports + our management IPs
- • Automatic kernel upgrades via unattended-upgrades
- • systemd hardening for xray/wireguard/hysteria2 (NoNewPrivileges, ProtectSystem, PrivateTmp)
- • 3-layer xray watchdog: systemd restart limits, local timer, remote health-check cron
- • BigInt-tracked traffic counters so we can detect abuse without inspecting packets
- • All servers run a minimal Ubuntu 22.04 / 24.04 base image, no desktop, no extra services
5. Cryptography
- • TLS 1.3 end-to-end, HSTS with
max-age=31536000; preload - • CSP with nonce-based
script-src+ strict-dynamic (no unsafe-inline) - • Passwords hashed with bcrypt cost 12, timing-safe comparison on invalid users
- • Session cookies: HttpOnly, SameSite=Lax, Secure, 30-day rolling expiry
- • 2FA via TOTP with backup codes stored as bcrypt hashes
- • Webhook signatures verified with HMAC-SHA256 +
timingSafeEqual(Stripe, Lava.top, Suby.fi)
6. Independent audits
We plan a Cure53 independent security audit in Q3 2026 once the payment integrations stabilize. Results and any remediation will be published here.
Related documents
Last updated: April 2026. Questions? Email security@nextunnel.com.