3.9k
Stars
271
Forks
77
Open issues
13
Contributors
AI Analysis
This Go-based tool tunnels WireGuard/Hysteria traffic through VK call TURN servers or Yandex Telemost by encrypting packets with DTLS 1.2 and relaying them via STUN ChannelData. It is purpose-built for bypassing network restrictions in specific geographic regions and is designed for users who need to establish VPN connectivity through constrained networks; it is not a general-purpose proxy tool and requires technical setup on both server and client sides.
Inferred from signals mentioned in the README (tests, CI, type safety) — not a review of the actual code.
AI's overall editorial judgment — not an average of the bars above, can weigh other factors too.
TURN proxy tunneling WireGuard through VK calling infrastructure for circumvention
vk-turn-proxy is a Go-based tunneling tool that routes WireGuard and Hysteria traffic through TURN servers exposed by VK's calling system, using DTLS encryption and STUN ChannelData framing. Built by and for users in regions with network restrictions, it leverages publicly accessible VK calling links to establish encrypted egress. The project gained ~3,800 stars in 6 months, with active multi-platform client implementations (Android, iOS, macOS). Adoption appears concentrated in Russian-speaking regions facing ISP-level censorship.
Created November 2025, vk-turn-proxy emerged during a wave of similar VK/Yandex TURN-based circumvention tools (whitelist-bypass, lionheart). It combines older TURN proxy concepts with modern WireGuard integration and appears designed as a more polished alternative to earlier ad-hoc solutions.
Rapid adoption in first 6 months (3,857 stars by June 2026, 56 stars in final week), driven by network restrictions in target regions and low barrier to entry (no infrastructure required beyond a VPS). Growth sustained by ecosystem of platform-specific clients maintained by community contributors, suggesting product-market fit within circumvention community.
Adoption not formally verified through public case studies or companies. However, ecosystem of independently maintained clients (turn-proxy-android with Material 3 UI, wireguard-turn-android, turnbridge for iOS, macOS GUI) indicates organic uptake among technical users. Docker image published to GHCR. Systemd service setup instructions and tmux documentation suggest some production deployment mindset, but scale unknown.
Based on README: encapsulates traffic in DTLS 1.2, frames via STUN ChannelData protocol, multiplexes across parallel TCP/UDP streams to TURN servers, decrypts and forwards to WireGuard on backend. Likely written as single-threaded or coroutine-based Go binary; credentials derived programmatically from VK calling URLs.
Not documented in README. Binary releases provided (server, client variants for linux-amd64, android-arm64, linux-386) but no mention of test suites or CI/CD pipelines.
Last push 2026-04-16 (74 days ago from evaluation date 2026-06-29), indicating active but not daily maintenance. 268 forks and referenced ecosystem of Android/iOS/macOS clients suggest community engagement. No evidence of issue triage velocity or release cadence in README.
ADOPT IF: you operate in a region where VK calling infrastructure is accessible and unfiltered, require low-latency circumvention, and have technical capacity to run a VPS backend. AVOID IF: you need long-term stability guarantees, rely on official support, require audit/compliance trails, or operate in regions where VK itself is blocked. MONITOR IF: you work on open-source circumvention tooling or censorship research; the VK TURN vector may represent temporary/brittle window that closes as VK hardens infrastructure.
Independent dimensions
Mainstream potential
3/10
Technical importance
5/10
Adoption evidence
4/10
- VK TURN vector may be patched by service provider (calling link generation or TURN credential rotation hardened), rendering tool unusable with little warning.
- Credentials derived from calling URLs may be rate-limited, revoked, or require user participation (joining active calls), creating operational friction.
- No formal security audit documented; DTLS 1.2 implementation quality and key derivation from URLs not independently verified.
- Adoption concentrated in specific geopolitical context; tool becomes inert if used elsewhere or if ISP-level filtering stops targeting this vector.
- Community-maintained clients (Android, iOS, macOS) not under single project governance; inconsistent security updates or feature drift across forks.
Likely to remain active but narrow-use tool serving circumvention community in regions with VK infrastructure exposure. May fork or go dormant if VK hardens TURN access or if regional restrictions shift. Ecosystem will probably stabilize around 2–3 maintained client implementations; core server may see only patch-level updates.
Newsletter
Get analyses like this every Monday
Free weekly digest of the most interesting open-source discoveries.
Languages
Information
- Language
- Go
- License
- GPL-3.0
- Last updated
- 3mo ago
- Created
- 8mo ago
- Analyzed with
- anthropic/claude-haiku-4-5
Stars over time
Contributors over time
Top 100 contributors only — repos with more will plateau at 100.
Open issues
Top contributors
Recent releases
Similar repos
kulikov0/whitelist-bypass
This project tunnels internet traffic through video calling platforms (VK Call,...
| Repository | Stars | Week Δ | Language | Score | Updated |
|---|---|---|---|---|---|
|
|
3.9k | +22 | Go | 6/10 | 3mo ago |
|
|
1.5k | — | Go | 7/10 | 20h ago |
|
|
5.7k | — | Go | 7/10 | 4d ago |
|
|
2.9k | — | Kotlin | 7/10 | 19h ago |
|
|
14.8k | — | Go | 8/10 | 2d ago |
|
|
34.3k | — | Go | 8/10 | 2d ago |
Gluetun is general-purpose VPN/proxy aggregator supporting many protocols; vk-turn-proxy is purpose-built for single vector (VK TURN). Gluetun likely broader adoption, vk-turn-proxy more specialized and maintenance-light for its use case.
V2ray is mature, multi-protocol, widely deployed censorship circumvention tool; vk-turn-proxy is narrower, exploits single ISP-exposed service. V2ray represents mainstream circumvention tooling; vk-turn-proxy targets specific VK infrastructure vulnerability.
Wireproxy is general WireGuard proxy; vk-turn-proxy combines WireGuard with VK TURN exploitation. Different problem domain: wireproxy is transport-agnostic, vk-turn-proxy is VK-specific tunnel.
Ghostunnel is TLS proxy for certificate-based authentication; vk-turn-proxy is DTLS-framed TURN tunnel. Different security model and use case (mutual TLS vs. ISP-level circumvention).
Appears to be predecessor or parallel project targeting same VK infrastructure. vk-turn-proxy may represent refinement or fork with better UX; adoption relative to whitelist-bypass unclear.