ospab
5879344336
- osds: Added system DNS forwarder on 127.0.0.1:53 - SystemDnsManager for Windows/Linux DNS configuration - Auto-restore original DNS on exit - *.ospab.internal routing to master node - Encrypted DNS forwarding through OSTP tunnel - oncp: Implemented node enrollment system - EnrollmentRegistry with state machine (Pending->Approved->Active) - SQLite-backed enrollment storage - Node PSK generation on approval - REST API endpoints for enrollment workflow - oncp-master: Added enrollment CLI commands - 'node pending' - List pending enrollment requests - 'node approve <id>' - Approve and generate PSK - 'node reject <id>' - Reject enrollment - ostp-server: Auto-registration on startup - Submits enrollment request to master node - Exits if PSK='AUTO' and awaits approval - Integrates with ONCP enrollment API - oncp API: Enhanced CDN steering - Best nodes by country_code with fallback - Steering metadata (matched, fallback status) - Load-based node selection
OSTP — Ospab Stealth Transport Protocol
Secure, Private, Undetectable
OSTP is a next-generation VPN protocol engineered for privacy-conscious users operating in restrictive network environments. Built from the ground up to resist Deep Packet Inspection (DPI), active probing, and traffic analysis, OSTP provides secure tunnel connectivity that appears indistinguishable from legitimate HTTPS traffic.
🎯 Core Features
- 🔒 Military-Grade Encryption — ChaCha20-Poly1305 AEAD cipher with ephemeral X25519 key exchange
- 👻 Stealth by Design — TLS mimicry with geo-aware SNI selection to blend with regional traffic patterns
- 🛡️ Silent Authentication — Pre-shared key validation that never reveals port state or protocol presence
- ⚡ High Performance — UDP-over-TCP framing with adaptive padding for optimal throughput
- 🌐 Cross-Platform — Native binaries for Windows (client) and Linux (server)
- 📊 Integrated Billing — Built-in session management with quota tracking and SQLite persistence
🚀 Quick Start
Server Deployment (Linux)
# Generate pre-shared key
ostp-server gen-key
# Start server with PSK
ostp-server -l 0.0.0.0:8443 -p <hex-encoded-psk>
# Or use configuration file
ostp-server -c /etc/ostp/server.json
Client Connection (Windows)
# Interactive setup wizard
ostp-client setup
# Connect to server
ostp-client connect -s 1.2.3.4:8443 -p <hex-encoded-psk> -c RU
# Manage profiles
ostp-client profiles
🏗️ Architecture
OSTP consists of multiple specialized components:
| Component | Purpose |
|---|---|
| ostp | Core transport layer with encryption, handshake protocol, and TLS mimicry |
| oncp | Control plane for session management, user registry, and billing |
| osn | Network layer abstraction for TUN device management and routing |
| osds | Stealth DNS forwarder with anti-hijack detection |
| ostp-guard | Anti-reverse engineering protection suite (proprietary) |
All components work together to provide a robust, stealth VPN solution that evades detection while maintaining high performance and security standards.
🔐 Security Model
OSTP employs multiple layers of security:
- Silent Handshake — Invalid authentication attempts receive no response, preventing protocol fingerprinting
- Zero Fingerprints — All TLS fields are randomly generated to match legitimate HTTPS traffic
- Perfect Forward Secrecy — Ephemeral key exchange ensures session keys are never reused
- Encrypted Metadata — Even packet lengths and timing are obfuscated through adaptive padding
- Anti-Analysis Protection — Runtime protection against debugging, VM detection, and reverse engineering (release builds only)
📋 Requirements
Server (Linux)
- Linux kernel 3.10+ (tested on Ubuntu 22.04+, Debian 11+)
- 512 MB RAM minimum
- Ports: TCP 443 or 8443 (configurable)
- Persistent storage for user database
Client (Windows)
- Windows 10/11 (64-bit)
- Administrator privileges for TUN device creation
- .NET Framework not required (statically linked)
🛠️ Build from Source
# Clone repository (private access required)
git clone https://github.com/ospab/ospab.network.git
cd ospab.network
# Build all components
cargo build --workspace --release
# Binaries will be in target/release/
# - ostp-server.exe (Linux server)
# - ostp-client.exe (Windows client)
Note: This is a proprietary project. Source code access requires authorization. See LICENSE for details.
📚 Documentation
- Server Configuration Guide
- Client Setup Guide
- Protocol Specification (private)
- Security Architecture (private)
- Deployment Best Practices
🌍 Use Cases
- Journalists & Activists — Secure communication in countries with internet censorship
- Business Travelers — Bypass restrictive corporate and hotel networks
- Privacy Advocates — Maintain anonymity without revealing VPN usage
- Remote Workers — Access corporate resources without detection
- IoT Security — Secure embedded device communication with stealth capabilities
⚠️ Legal Notice
OSTP is a proprietary software product. Unauthorized distribution, reverse engineering, or modification is prohibited. This project is intended for legitimate privacy protection purposes only. Users are responsible for complying with local laws regarding encryption and VPN usage.
This repository is private. Public README is provided for documentation purposes only.
📞 Contact
- Author: Ospab
- Email: ospab@ospab.host
- Website: (coming soon)
📜 License
Copyright © 2025-2026 Ospab. All rights reserved.
This software is proprietary and confidential. See LICENSE file for complete terms.
Built with Rust 🦀 | Engineered for Privacy 🔐 | Designed to Disappear 👻