v1.0.3

Rustun v1.0.3 Release Notes

🎉 Overview

Rustun v1.0.3 focuses on fixing a client-side deadlock in the event loop and restoring correct P2P-first outbound behavior. It also updates documentation and relay send behavior.

🐛 Bug Fixes

Client event loop deadlock (tokio::select)

Fixed a deadlock where the main event loop could block each other when handling TUN device packets, relay frames, and P2P frames in a single tokio::select!.

• Cause: Device outbound handling and relay/P2P receive were competing in the same select; waiting on one branch could block the others and cause deadlock or stalls.
• Change:
  • Device outbound is moved to a dedicated spawned task. The task receives TUN packets via a channel and sends them via relay or P2P without holding the main loop.
  • Relay outbound no longer requires &mut RelayHandler in the device path. The main loop gets mpsc::Sender<Frame> with get_outbound_tx() and passes only this sender into the spawned task. Sending uses the static method RelayHandler::send_frame(outbound_tx, frame).
  • P2P handler is shared with the device task via Arc<RwLock<PeerHandler>>. The device task tries P2P first (read lock + send_frame), then falls back to relay on failure or when P2P is disabled.
• DeviceHandler: Added get_dev_inbound() to hand the TUN inbound channel receiver to the device task.
• Result: Device → P2P (when available) then relay, with no deadlock; main loop only does relay recv, P2P recv, and status refresh.

Relay send timeout removed

• Change: Outbound relay send uses outbound_tx.send(frame).await instead of send_timeout(...).
• Reason: Avoid unnecessary timeouts and failures when the relay task is briefly busy; let the channel backpressure naturally.

✨ Behavior / Improvements

P2P-first outbound (restored)

• Outbound TUN traffic again tries P2P first when P2P is enabled: handle_device_packet calls PeerHandler::send_frame with the packet’s destination IP; on success it returns without using relay.
• On P2P send failure or when P2P is disabled, traffic falls back to relay as before.

📚 Documentation

• README: Updated (English and Chinese).
• routes.json.example: Example updates for configuration reference.

📦 Download

• GitHub Releases: v1.0.3
• Pre-built binaries: Available for Linux, macOS, and Windows.

🙏 Acknowledgments

Thanks to all contributors and users who provided feedback and testing for this release.

---

Full Changelog: v1.0.2...v1.0.3

v1.0.2

Rustun v1.0.2 Release Notes

🎉 Overview

Rustun v1.0.2 introduces CIDR mapping for network conflict resolution, Linux NAT support, client name display improvements, and several bug fixes.

✨ New Features

🔄 CIDR Mapping (Network Conflict Resolution)

Resolve network conflicts when multiple clients have overlapping CIDR ranges using CIDR mapping.

• How it works: Map conflicting CIDRs to unique virtual CIDRs that other clients see
• Implementation: Uses iptables NETMAP on Linux clients for automatic IP translation
• Configuration: Add cider_mapping field in routes.json to map virtual CIDRs to real CIDRs
• Example: Map 192.168.11.0/24 (virtual) → 192.168.10.0/24 (real) to resolve conflicts

Requirements:

• Linux only (uses iptables NETMAP)
• Kernel support for NETMAP target (Linux 2.6.32+)

🐧 Linux NAT Support (--masq Option)

Enable MASQUERADE and SNAT for VPN traffic on Linux clients.

• MASQUERADE: Allows VPN clients to access external networks
• SNAT: Makes packets from local CIDRs appear as coming from virtual IP
• Usage: Add --masq flag when starting the client
• Requirements: Requires iptables command (checked at startup)
• Cleanup: Automatic cleanup of iptables rules on program exit

👤 Client Name Display

Improved client identification and display in the VPN network.

• Protocol Enhancement: Client name included in HandshakeReply and KeepAlive frames
• HTTP API: Peer information now includes client names instead of just identities
• Better UX: More user-friendly identification in network management interfaces

🐛 Bug Fixes

• Fixed P2P peers deadlock: Resolved deadlock issue in P2P peer management
• Improved error handling: Better error messages for missing iptables command

📚 Documentation Updates

• Demo Environment: Added official demo server information and quick start guide
• CIDR Mapping: Added configuration documentation for CIDR mapping feature
• MASQUERADE: Added documentation for --masq option and requirements
• README Improvements: Updated architecture diagrams and feature descriptions

📝 Configuration Changes

New Field in routes.json

{
  "cluster": "production",
  "identity": "client-1",
  "private_ip": "10.0.1.1",
  "mask": "255.255.255.0",
  "gateway": "10.0.1.254",
  "ciders": ["192.168.11.0/24"],
  "cider_mapping": {
    "192.168.11.0/24": "192.168.10.0/24"
  }
}

• cider_mapping: Optional field for CIDR mapping (Linux only)
• Maps virtual CIDRs (in ciders) to real network CIDRs

📦 Download

• GitHub Releases: v1.0.2
• Pre-built binaries: Available for Linux, macOS, and Windows

🙏 Acknowledgments

Thanks to all contributors and users who provided feedback and testing for this release.

---

Full Changelog: v1.0.1...v1.0.2

1.0.1

Rustun 1.0.1 Release Notes

🎉 New Features

• Control Plane Integration: Built-in conf-agent for automatic route synchronization and connection status reporting, configured via [conf_agent] section in server.toml

🔧 Improvements

• Simplified architecture: removed separate log files, connection data passed directly to conf-agent
• Efficient concurrent execution using tokio::select! for route fetching and connection reporting
• Atomic route file updates for data consistency

📝 Configuration

[conf_agent]
control_plane_url = "http://localhost:8080"
api_token = "your-api-token-here"
routes_file = "/etc/rustun/routes.json"
poll_interval = 60      # Route fetch interval (seconds)
report_interval = 30    # Connection report interval (seconds)## 🐛 Bug Fixes

• Fixed install script version detection error
• Fixed server not updating CIDRs for online connections
• Fixed client connected status calculation based on last_active timestamp

🔄 Migration

• Remove separate conf-agent process; configure directly in server.toml
• connection_log_file option removed; handled automatically by conf-agent
• Routes now use rewrite_clients_config for complete synchronization

---

Full Changelog: 1.0.0...1.0.1

1.0.0

🎉 Rustun v1.0.0 - First Stable Release

We're excited to announce the first stable release of Rustun! This milestone version brings a production-ready VPN tunnel solution with intelligent routing, P2P connectivity, and comprehensive platform support.

🚀 Major Features

Core Functionality

• ✅ Complete VPN Tunnel - Full TUN/TAP interface support for seamless network integration
• ✅ Multi-Tenant Support - Cluster-based isolation for secure multi-team deployments
• ✅ Dynamic Route Updates - Real-time route synchronization without service restart
• ✅ Intelligent Path Selection - Automatic optimization: IPv6 → STUN → Relay

P2P Connectivity

• ✅ IPv6 Direct Connection - Ultra-low latency peer-to-peer connections
• ✅ STUN Hole Punching - NAT traversal for IPv4 networks
• ✅ Automatic Fallback - Seamless failover to relay when P2P unavailable
• ✅ Connection Health Monitoring - Real-time status tracking for each path

Security & Encryption

• ✅ ChaCha20-Poly1305 - Default encryption (high security, excellent performance)
• ✅ AES-256-GCM - Hardware-accelerated option for modern CPUs
• ✅ XOR/Plain - Lightweight options for testing and debugging
• ✅ Identity-Based Authentication - Secure client identification

Platform Support

• ✅ Linux - x86_64 (glibc/musl), ARM64 (glibc/musl)
• ✅ macOS - Intel (x86_64), Apple Silicon (ARM64)
• ✅ Windows - x86_64 (MSVC) with Wintun support

Monitoring & Management

• ✅ HTTP Status API - RESTful API for connection status and metrics
• ✅ Self Information Endpoint - Get client identity, IP, and network configuration
• ✅ Real-time Status Display - Comprehensive connection and peer information
• ✅ Traffic Statistics - Receive/send byte counters with MB conversion

📦 What's New in v1.0.0

New Features

• HTTP Status API (--http-port) - Query connection status via HTTP endpoint
• Self Information - Get client's own identity, private IP, mask, gateway, CIDRs, IPv6, and STUN info
• Dynamic Route Reloading - Routes update automatically via KeepAlive frames
• Enhanced Status Display - Detailed peer information and connection health

Improvements

• Better error handling and reconnection logic
• Improved timeout configuration for network operations
• Enhanced logging with ANSI color support on Windows
• More robust keepalive mechanism

Bug Fixes

• Fixed keepalive not working in certain scenarios
• Fixed read timeout issues
• Fixed Windows route configuration
• Fixed route reloading on reconnection

📥 Installation

Quick Install (Server)

curl -fsSL https://raw.githubusercontent.com/smartethnet/rustun/main/install.sh | sudo bash

Download Binaries

Visit Releases to download pre-built binaries for your platform.

🎯 Use Cases

• Remote Office Connectivity - Connect multiple office locations
• Secure Remote Work - Enable encrypted remote access
• Multi-Environment Isolation - Separate production, staging, and development
• IoT Device Management - Securely connect and manage IoT devices
• Gaming Server Networks - Low-latency server-to-server communication
• Hybrid Cloud Connectivity - Bridge on-premise and cloud resources

📚 Documentation

• Full Documentation
• 中文文档
• Contributing Guide

🙏 Acknowledgments

Thank you to all contributors and users who helped make this release possible!

🔗 Related Projects

• iOS/macOS App
• Android App
• Desktop App

---

Full Changelog: 0.0.2...1.0.0

0.0.2

Release v0.0.2

✨ New Features

P2P Direct Connection

• IPv6 Direct Connection: Peer-to-peer communication using global IPv6 addresses for lowest latency
• STUN Hole Punching: NAT traversal for IPv4 networks, automatic public IP/port discovery
• Smart Routing: Automatic path selection - IPv6 (fastest) → STUN (NAT traversal) → Relay (fallback)
• Real-time Monitoring: Connection status for both IPv6 and STUN paths

Enable P2P with --enable-p2p flag:
./client -s SERVER:8080 -i client-001 --enable-p2p

🐛 Bug Fixes

• Windows Routing: Fixed route addition to correctly use TUN interface instead of physical network adapter

• Windows Logging: Disabled ANSI color codes to prevent garbage characters in console output

📦 Downloads

Linux

• rustun-0.0.2-x86_64-unknown-linux-gnu.tar.gz - x86_64 (glibc)
• rustun-0.0.2-x86_64-unknown-linux-musl.tar.gz - x86_64 (musl, static)
• rustun-0.0.2-aarch64-unknown-linux-gnu.tar.gz - ARM64 (glibc)
• rustun-0.0.2-aarch64-unknown-linux-musl.tar.gz - ARM64 (musl, static)

macOS

• rustun-0.0.2-x86_64-apple-darwin.tar.gz - Intel Mac
• rustun-0.0.2-aarch64-apple-darwin.tar.gz - Apple Silicon (M1/M2/M3)

Windows

• rustun-0.0.2-x86_64-pc-windows-msvc.zip - Windows 10/11 64-bit
  • Requires: Wintun driver - extract wintun.dll to the same directory as client.exe

🚀 Quick Start

1. Start Server

Linux/macOS

sudo ./server etc/server.toml

Windows (as Administrator)

.\server.exe etc\server.toml

2. Connect Client (Relay Mode)

Linux/macOS

sudo ./client -s SERVER_IP:8080 -i client-001

Windows (as Administrator)

.\client.exe -s SERVER_IP:8080 -i client-001

3. Connect Client (P2P Mode)

Linux/macOS

sudo ./client -s SERVER_IP:8080 -i client-001 --enable-p2p

Windows (as Administrator)

.\client.exe -s SERVER_IP:8080 -i client-001 --enable-p2p

📖 Documentation

• English Documentation
• 中文文档
• Website

Full Changelog: 0.0.1...0.0.2

v0.0.1

Rustun is a modern VPN tunnel implementation written in Rust, featuring high performance, multi-tenancy support, and cross-platform compatibility.

✨ Key Features

• Multi-Platform Support - Linux (x86_64, ARM64), macOS (Intel, Apple Silicon), Windows (MSVC)
• Multiple Encryption Methods - ChaCha20-Poly1305 (default), AES-256-GCM, XOR, Plain
• Multi-Tenancy - Cluster-based isolation for different organizations
• High Performance - Asynchronous I/O with Tokio runtime
• Easy Configuration - Simple TOML/JSON configuration files

📦 Download

Pre-built binaries are available for:

• rustun-v1.0.0-x86_64-unknown-linux-gnu.tar.gz - Linux x86_64 (glibc)
• rustun-v1.0.0-x86_64-unknown-linux-musl.tar.gz - Linux x86_64 (static)
• rustun-v1.0.0-aarch64-unknown-linux-gnu.tar.gz - Linux ARM64 (glibc)
• rustun-v1.0.0-aarch64-unknown-linux-musl.tar.gz - Linux ARM64 (static)
• rustun-v1.0.0-x86_64-apple-darwin.tar.gz - macOS Intel
• rustun-v1.0.0-aarch64-apple-darwin.tar.gz - macOS Apple Silicon
• rustun-v1.0.0-x86_64-pc-windows-msvc.zip - Windows x86_64

Each archive contains:

• server - VPN server binary
• client - VPN client binary
• server.toml.example - Server configuration example
• routes.json.example - Client routes example

Verify downloads:
shasum -a 256 -c SHA256SUMS

🚀 Quick Start

Start Server:
./server server.toml

Connect Client:
./client -s SERVER_IP:8080 -i CLIENT_IDENTITY### 💻 Platform-Specific Notes

Windows:

• Requires Wintun driver for TUN device support
• Download Wintun from https://www.wintun.net/ and place wintun.dll in the same directory as the client binary
• Administrator privileges required

Linux/macOS:

• Root/sudo privileges required for TUN device creation
• On Linux, you can alternatively set capabilities: sudo setcap cap_net_admin=eip ./client

For detailed documentation, see README.md

⚠️ Notes

• Ensure encryption keys match between server and clients
• This is an initial release - use with caution in production
• Windows users must download Wintun driver separately