Portfolio
Project / VPNARR

Tunnely

A privacy-first VPN platform built entirely in Rust. WireGuard-grade encryption, multi-relay mesh networking, channel bonding across multiple interfaces, QUIC traffic obfuscation, and network-level ad/tracker blocking. Shipped as a polished Tauri desktop app with a Next.js marketing site.

View Source on GitHub Visit tunnely.org
01 / Architecture

System Design

Four subsystems, one monorepo. Every component built from the ground up.

01

Desktop Client

Cross-platform desktop app built with Tauri 2. Rust backend handles tunnel lifecycle, tray integration, and system-level networking. Frontend is a reactive Solid.js + TypeScript UI.

RustTauriSolid.jsTypeScript
02

Relay Server

Distributed relay infrastructure in Rust. Handles WireGuard tunnel termination, peer discovery, latency probing, and multi-hop packet forwarding across the mesh network.

RustWireGuardDocker
03

Marketing Site

Public-facing website at tunnely.org. Built with Next.js, featuring landing pages, pricing tiers, and Stripe-integrated checkout flows.

Next.jsTypeScriptStripe
04

Backend

Supabase-powered backend handling auth, subscription management, relay registry, and user config with Row-Level Security and Edge Functions.

SupabasePostgreSQLEdge Functions
02 / Features

Under the Hood

The technical details that make Tunnely different.

WireGuard Encryption

ChaCha20-Poly1305 symmetric encryption with Curve25519 key exchange. Implemented via userspace boringtun stack with async TUN device management. No kernel modules needed.

Mesh Networking

Automatic peer discovery, continuous latency probing, and optimal path computation for multi-hop routing across a distributed network of relay servers.

Channel Bonding

Aggregates multiple network interfaces simultaneously. WiFi, Ethernet, and Cellular combined with a custom binary protocol, packet reordering, and three selectable bonding modes.

QUIC Obfuscation

Wraps WireGuard traffic as standard HTTPS/HTTP3 via a QUIC layer. VPN traffic becomes indistinguishable from normal web browsing, bypassing ISP-level DPI.

Ad & Tracker Blocking

Built-in MITM HTTPS proxy performing client-side ad and tracker blocking directly at the network layer. No browser extensions required.

Stripe Billing

Full subscription billing with Stripe integration, webhook signature verification, and Supabase Edge Functions for secure payment processing and plan management.

03 / Stack

Technology

Languages
Rust TypeScript JavaScript SQL HTML / CSS
Frameworks
Tauri 2 Solid.js Next.js boringtun quinn (QUIC) tokio
Infrastructure
Docker Supabase PostgreSQL Stripe Netlify