This guide walks through establishing a fully encrypted VPN tunnel in three steps: generating a shared key, starting DSVPN on your server, and connecting from your client. By the end you will have all traffic from your client device routed through your server with no firewall rules to configure manually.Documentation Index
Fetch the complete documentation index at: https://mintlify.com/jedisct1/dsvpn/llms.txt
Use this file to discover all available pages before exploring further.
Build DSVPN on both server and client
You need the On macOS, you can install via Homebrew instead:Confirm the build succeeded by checking that the binary exists:
dsvpn binary on both machines. On each machine, run:Generate the shared key on the server
DSVPN uses a pre-shared symmetric key rather than certificates. Generate a 32-byte random key on your server:This creates a file called
vpn.key in the current directory. Protect it immediately:Copy the key to the client
The same This prints a single line such as Replace
vpn.key file must be present on the client. The safest transfer method is scp or another authenticated channel. If you need to copy it through a text medium, encode it as Base64 first.On the server — export the key as Base64:HK940OkWcFqSmZXnCQ1w6jhQMZm0fZoEhQOOpzJ/l3w=.On the client — paste that line into the following command to recreate the key file:PASTE_BASE64_HERE with the actual Base64 string printed by the server.Start the server
On your server, run DSVPN in server mode. The
auto argument tells DSVPN to detect and use the system’s public IP address automatically:vpn.key— path to the shared key fileauto— use the server’s detected external IP address1959— TCP port to listen on (replace with your preferred port)
The default port is 443. If you want to use 443, the port argument can be omitted entirely:
sudo ./dsvpn server vpn.keyConnect the client
On your client, run DSVPN in client mode, supplying the server’s public IP address and the same port:
vpn.key— path to the shared key file (copied in Step 3)34.216.127.34— replace with your server’s actual public IP address or hostname1959— must match the port the server is listening on
Connected and all outbound traffic will be routed through the server.Just like the server, the port argument is optional when using the default port 443.
Verify the connection
After seeing The returned IP should be your server’s public IP, not your local one. Both the TUN interface and routing rules were configured automatically by DSVPN.
Connected in the client output, verify that your traffic is leaving through the server by checking your public IP address:What Happens When You Connect
When DSVPN starts, it performs the following steps automatically — no manual intervention needed:- Creates a TUN interface — a virtual network device (e.g.,
tun0on Linux) is brought up with the tunnel IP addresses (192.168.192.254on the server,192.168.192.1on the client by default). - Configures routing — on Linux, iptables rules are added to route all client traffic through the tunnel. On BSD and macOS, equivalent
ifconfigandroutecommands are issued. - Blocks IPv6 — IPv6 is suppressed on the client to prevent leaks on dual-stack networks.
- Maintains the connection — if the TCP connection drops, DSVPN automatically attempts to reconnect up to 100 times before giving up.
Disconnecting
PressCtrl-C on either the server or the client to initiate a clean shutdown: