A multi-layer HTTPS tunnel indistinguishable from browser traffic.
Works where others fail silently.
Deep Packet Inspection analyzes traffic at the provider level. IP address and port alone are no longer enough.
Unique handshake signature. Blocked within seconds of detection.
UDP packets identified by entropy and size. Trivial to block.
Statistical entropy analysis. Detected via traffic pattern matching.
Indistinguishable from browser HTTPS. Seven independent layers of detection resistance.
Traffic passes through four independent components. The client only knows control node addresses — exit and arbiter addresses are never exposed to it.
Each layer is an independent barrier. Even if one is compromised, the rest hold.
TLS ClientHello is indistinguishable from Chrome, Firefox, or Safari. Rotated on every connection.
Control byte hidden inside the standard TLS Session ID field. Indistinguishable from random data to DPI.
Tunnel looks like a chunked HTTP upload: random chunk sizes 4–64 KB, padding no less than 512 B, jitter 0–50 ms.
Parallel uTLS requests to real CDN endpoints (jsDelivr, googleapis). Traffic statistics match a real browser session.
Burst smoothing. Traffic pattern stays within the bounds of normal web browsing activity.
The server never reveals its purpose. No VPN headers, no CONNECT method, no 401 or 403 responses.
Client does not know the exit address. Exit does not know the arbiter. Blocking one node reveals nothing about the rest.
| Feature | OpenVPN | WireGuard | Outline | Tor | NavLink |
|---|---|---|---|---|---|
| DPI-resistant | No | No | Partial | Partial | Yes |
| Indistinguishable from HTTPS | No | No | No | No | Yes |
| Decoy traffic | No | No | No | No | Yes |
| No public node IPs | No | No | No | No | Yes |
| UDP | Yes | Yes | No | No | Yes |
| Enterprise management | Partial | No | No | No | Yes |
| Speed | Partial | Yes | Yes | No | Yes |
Tunnel through the noise
Reach anything, from anywhere.
Get Access