Skip to main content

Documentation Index

Fetch the complete documentation index at: https://mintlify.com/jedisct1/dsvpn/llms.txt

Use this file to discover all available pages before exploring further.

DSVPN uses positional arguments only — no flags, no configuration file. All parameters have sensible defaults accessible via the auto keyword, and trailing auto arguments can be omitted entirely. The result is that a fully working server needs just two arguments and a fully working client needs just three.

dsvpn server

Run on the machine that will act as the VPN gateway and route client traffic to the internet.
dsvpn  "server"
       <key file>
       <vpn server ip or name>|"auto"
       <vpn server port>|"auto"
       <tun interface>|"auto"
       <local tun ip>|"auto"
       <remote tun ip>|"auto"
       <external ip>|"auto"
mode
string
required
Must be server to run in server mode.
key file
path
required
Path to the 32-byte shared secret key file (e.g. vpn.key). Must contain exactly 32 raw bytes. See Key Management for how to generate this file.
vpn server ip or name
string
IP address or hostname to bind to. Use auto to listen on all interfaces (0.0.0.0). Default: auto.
vpn server port
string
TCP port to listen on. Use auto for port 443. Default: auto (443).
tun interface
string
Name of the TUN interface to create. Use auto to let the OS assign a name. On Linux any name is valid; on macOS the name must follow the utunN pattern, so auto is recommended. Default: auto.
local tun ip
string
Local IP address of the tunnel interface on the server side. Default: auto192.168.192.254.
remote tun ip
string
Remote (client-side) IP address of the tunnel. Must match the client’s local tun ip. Default: auto192.168.192.1.
external ip
string
External IP address of the server, used when constructing firewall and routing rules. Default: auto (auto-detected from the system’s default external interface).

dsvpn client

Run on each device that should tunnel its traffic through the DSVPN server.
dsvpn  "client"
       <key file>
       <vpn server ip or name>
       <vpn server port>|"auto"
       <tun interface>|"auto"
       <local tun ip>|"auto"
       <remote tun ip>|"auto"
       <gateway ip>|"auto"
mode
string
required
Must be client to run in client mode.
key file
path
required
Path to the 32-byte shared secret key file. Must be identical to the key file used by the server.
vpn server ip or name
string
required
IP address or hostname of the DSVPN server to connect to. This argument is required on the client; auto is not a valid value here.
vpn server port
string
TCP port on the server to connect to. Use auto for port 443. Must match the port the server is listening on. Default: auto (443).
tun interface
string
Name of the TUN interface to create locally. Use auto to let the OS assign a name. Default: auto.
local tun ip
string
Local IP address of the client-side tunnel interface. Must match the server’s remote tun ip. Default: auto192.168.192.1.
remote tun ip
string
IP address of the server-side tunnel interface, used as the default gateway inside the tunnel. Must match the server’s local tun ip. Default: auto192.168.192.254.
gateway ip
string
IP address of the local network router (the device’s current default gateway). DSVPN needs this to add a specific host route for the VPN server so the VPN’s own TCP socket is not sent back into the tunnel. Use auto to detect it from the system routing table. Default: auto.

The auto Keyword

auto is a placeholder that tells DSVPN to use the built-in default for that position. Because all parameters after key file have defaults, trailing auto arguments can be omitted. DSVPN reads arguments left-to-right; any argument not supplied at all is treated as auto. This means:
  • The minimum valid server command is dsvpn server vpn.key — all remaining positions default to auto.
  • The minimum valid client command is dsvpn client vpn.key <server-ip> — the server IP is the only required non-auto argument on the client.
If you want to specify a value for a later positional argument while keeping an earlier one at its default, you must explicitly write auto for the earlier positions. For example, to set only the gateway IP on the client:
sudo ./dsvpn client vpn.key my-server.example.com 443 auto auto auto 192.168.1.1

Default Values

ParameterServer DefaultClient Default
port443443
tun interfaceOS-assignedOS-assigned
local tun ip192.168.192.254192.168.192.1
remote tun ip192.168.192.1192.168.192.254
MTU9000 (1500 on NetBSD)9000 (1500 on NetBSD)
reconnect attemptsN/A100
The local and remote tunnel IPs are mirror images of each other: what is “local” on the server is “remote” on the client, and vice versa. Using the auto defaults on both ends produces a correctly matched tunnel with no manual coordination required.

Examples

# Server: minimal — port 443, all interfaces, default tunnel IPs
sudo ./dsvpn server vpn.key

# Server: custom port, everything else at defaults
sudo ./dsvpn server vpn.key auto 1959

# Server: custom port and custom tunnel IPs
sudo ./dsvpn server vpn.key auto 1959 auto 10.8.0.1 10.8.0.2

# Client: minimal — connects to server on port 443
sudo ./dsvpn client vpn.key my-server.example.com

# Client: custom port to match the server
sudo ./dsvpn client vpn.key my-server.example.com 1959

# Client: custom tunnel IPs to match a non-default server configuration
sudo ./dsvpn client vpn.key my-server.example.com 1959 auto 10.8.0.2 10.8.0.1

# Client: specify gateway manually when auto-detection fails
sudo ./dsvpn client vpn.key my-server.example.com 443 auto auto auto 192.168.1.1
DSVPN does not support flags such as --port, -k, or --key. All configuration is passed as positional arguments in the exact order shown above. Passing flags will cause DSVPN to print its usage message and exit.

Build docs developers (and LLMs) love