Projects / VTun


VTun is the easiest way to create Virtual Tunnels over TCP/IP networks with traffic shaping, compression, and encryption. It is a user space implementation and doesn't need modification of any kernel parts. VTun supports IP, PPP, SLIP, Ethernet, and other tunnel types. VTun is easily and highly configurable; it can be used for various network tasks like VPN, Mobil IP, Shaped Internet access, Ethernet tunnel, IP address saving, etc.

Operating Systems

Recent releases

  •  26 Aug 2012 05:03

    Release Notes: This release fixes UDP timeouts with keepalive, and various other bugs.

    •  08 Feb 2008 11:18

      Release Notes: Compatibility with older versions and newer LZO libraries was improved.

      •  12 Jun 2007 16:52

        Release Notes: LZO2 compatibility was improved.

        •  11 Dec 2006 18:42

          Release Notes: The VTund binary should now be a bit better behaved (and killable), should bind to specific interfaces a little more easily, and should restart tunnels a bit more easily. A few new --with and --without options were added to the configure, so it should build with less surprises. Many new ciphers have been added.

          •  07 Aug 2001 15:33

            Release Notes: Encryption fixes include improved challenge generation and a padding check. The config parser was fixed to disallow empty passwords. A config option to specify syslog logging facility was added. Support for the new Linux TUN/TAP driver was added. I/O (read_n/write_n) cancellation was added. Signal handling and other minor fixes were made. The Makefile was improved, and the documentation was updated.

            Recent comments

            23 Aug 2004 15:29 kervel

            simple VPN solution
            i like vtun a lot, for its simplicity. no complex setup,

            no NAT incompatibilities and so on ...

            actually, i was looking for a program that just

            bridged a stdout/stdin par (or a tcp connection) to

            tun/tap, no security at all. i could then use ssh

            tunneling to secure the connection. But i understand

            udp makes a better protocol for tunneling, so i like


            26 Jan 2002 22:23 cnbishop

            XOR 'encryption' is only used on systems that don't have libcrypto. Michael should maybe upgrade his machine in other ways before reviewing VTund. .. and maybe explore lower case a bit more.

            CBC encryption. It'll be nice, but Steinar's probably been following the discussion on vtun-devel. It'll be in 3.0.0, probably. Aldem should follow the discussion there, too, and maybe offer a few tips as well as patches.

            Have I got your patch, Steinar?

            05 Jun 2000 18:00 sgunderson

            More secure VTUN
            I've just made a patch for VTUN, which changes its algorithms from MD5 and Blowfish/ECB to SHA1 and Twofish/CBC, respectively. It appears to work properly, but it requires a bit more testing before it's released (either as part of the official VTUN tree, or here on Freshmeat as a standalone `product'). It also eliminates the need for OpenSSL (that's a 2MB download less). So... stay tuned :-)
            /* Steinar */

            12 Jan 2000 16:19 aldem

            BlowFish? It is not enough, though :)
            Well, BlowFish is good, same as a lot of other encryption algorithms, but ONLY if it is used properly.

            What I've found - BlowFish in VTUN is used in ECB mode, it means, in turn, that attacker could use a very wide range of cryptoanalisys to recover the key in _extremely short_ time (say, several hours). Why? It is a little bit difficult to explain _here_, but I'd suggest to take a look on design of some protocols like SSL and SSH and (especially) explanations to what attention should be paid. Of course everyone who has experience in cryptology understand what I mean, but for those who does not:

            VTUN is good enough to protect you against snifers in regular environment, but if you are going to keep in secret something _really_ significant, it will not help. For casual "hacker", of course, it provides a good protection (at least there are no public known tools to crack BlowFish encryption in ECB mode).

            And last... Concerning comment above "totally insecure"... Even a XOR encryption is good enough if it is implemented in a right way, and just FYI (author of comment) - almost all encryption algorithms use XOR as final transformation over plain text. "totally insecure" mean "no security at all" - but even in first versions it was not true - protection against non-professional attacker is still protection, not good enough, but anyway...

            Good luck!

            04 Apr 1999 12:01 karellen

            lame site
            Get rid of the lame windoze distribution site. Since you
            are an open source developer you could get a free webspace
            and a decent subdomain at I can't use lynx
            to download your cool programs nor can I use wget. And I
            am NOT going to "upgrade" my browser to some Misc0$oftish


            Project Spotlight


            A Fluent OpenStack client API for Java.


            Project Spotlight

            TurnKey TWiki Appliance

            A TWiki appliance that is easy to use and lightweight.