Skip to main content

Documentation Index

Fetch the complete documentation index at: https://mintlify.com/jedisct1/dsvpn/llms.txt

Use this file to discover all available pages before exploring further.

DSVPN (Dead Simple VPN) is a lightweight, single-binary VPN designed to solve one specific problem: getting reliable, encrypted internet access when you are on a network that blocks everything except TCP. Whether you are on a restrictive corporate WiFi, a hotel network, or any environment where only port 443 is reliably open, DSVPN creates a fully encrypted tunnel from your device to a server you control — with no configuration files, no certificates, and no manual firewall rules.

Runs on TCP / Port 443

Tunnels all traffic over TCP, making it work on public WiFi and restricted networks where only TCP/443 is open or reliable.

Zero Configuration Files

No config files, no post-setup steps. A single command on the server and a single command on the client is all it takes.

~25 KB Binary, No Dependencies

The compiled binary is roughly 25 KB with a small, constant memory footprint. No heap allocations and no external runtime dependencies.

Formally Verified Cryptography

Uses only modern cryptographic primitives from the Charm library, which provides formally verified implementations.

Automatic Firewall & Routing

Configures iptables rules on Linux and ifconfig/route commands on BSD and macOS automatically on connect, and restores previous state cleanly on disconnect.

Automatic Reconnection

Attempts to reconnect up to 100 times if the connection drops, making it resilient to brief network interruptions.

IPv6 Leak Prevention

Blocks IPv6 on the client side during the session so that traffic cannot leak outside the encrypted tunnel on dual-stack networks.

Cross-Platform

Supports Linux (kernel ≥ 3.17), macOS, OpenBSD, FreeBSD, DragonFly BSD, and NetBSD.

When to Use DSVPN

DSVPN is the right tool when you need a straightforward, point-to-point encrypted tunnel and do not want to deal with the complexity of traditional VPN software. Common scenarios include:
  • Restricted or untrusted networks — public WiFi, hotel networks, or corporate environments where UDP is blocked and only TCP/80 or TCP/443 is available.
  • Simple site-to-site routing — connect a home or office network to a remote server without configuring a full mesh or managing certificates.
  • Small device routing — the minimal binary size and lack of external dependencies make DSVPN a practical choice for routers, Raspberry Pis, and other constrained hardware.
  • Quick, ad-hoc tunnels — when you need a tunnel in minutes rather than hours and do not want to maintain a PKI or edit configuration files.

When NOT to Use DSVPN

DSVPN is intentionally limited in scope. You should look elsewhere if your requirements include:
  • Multi-peer or mesh networking — DSVPN is a strict point-to-point tunnel between one client and one server. It does not support multiple simultaneous peers or mesh topologies.
  • Advanced access control — there is no concept of user accounts, per-user certificates, or granular routing policies.
  • Planned feature growth — the project README explicitly states that extending DSVPN to solve different problems is not planned. If you need those features, fork it or choose a different tool.
DSVPN must be run as root (or with the CAP_NET_ADMIN capability on Linux) because it needs to create and configure a TUN network interface and modify the system routing table.

Next Steps

Installation

Build DSVPN from source with make or zig build, or install via Homebrew on macOS.

Quickstart

Generate a shared key, start the server, and connect a client in under five minutes.

Build docs developers (and LLMs) love