ospab
a7ec878518
Changes: 1. ✅ Updated SHA256SUMS with new ostp-server binary 2. ✅ Made oncp-master optional in deploy.sh (two deployment modes) 3. ✅ Added enrollment_token support to ostp-server 4. ✅ Updated config examples with token field Deployment Modes: - Mode 1 (Standalone): Connect to existing master with enrollment token - Mode 2 (Full Stack): Deploy both master + server on one host ostp-server Enrollment Flow: 1. Admin generates token on master: \oncp-master node token --expiry 60\ 2. Node submits enrollment with token in config (psk: 'AUTO') 3. Master validates token (silent drop if invalid - security) 4. Admin approves node: \oncp-master node approve <node-id>\ 5. Node receives PSK + IP from 10.X.0.0/16 pool 6. Update config with PSK, restart server deploy.sh Features: - Interactive mode selection - Conditional oncp-master installation - Automated token generation (full stack mode) - Enrollment submission (standalone mode) Config Examples: - server.json.example: Full stack with local master - server-enrollment.json.example: Standalone with token Security: - Token validation before enrollment acceptance - Silent drop on invalid token (prevents enumeration) - One-time use tokens with expiration - IPAM automatic IP allocation from pool Documentation: - Updated README with deployment modes - Added enrollment workflow explanation - Security features documented - CLI examples for both modes
OSTP — Ospab Stealth Transport Protocol
Secure, Private, Undetectable
OSTP is a next-generation VPN protocol engineered for privacy-conscious users operating in restrictive network environments. Built from the ground up to resist Deep Packet Inspection (DPI), active probing, and traffic analysis, OSTP provides secure tunnel connectivity that appears indistinguishable from legitimate HTTPS traffic.
🎯 Core Features
- 🔒 Military-Grade Encryption — ChaCha20-Poly1305 AEAD cipher with ephemeral X25519 key exchange
- 👻 Stealth by Design — TLS mimicry with geo-aware SNI selection to blend with regional traffic patterns
- 🛡️ Silent Authentication — Pre-shared key validation that never reveals port state or protocol presence
- ⚡ High Performance — UDP-over-TCP framing with adaptive padding for optimal throughput
- 🌐 Cross-Platform — Native binaries for Windows (client) and Linux (server)
- 📊 Integrated Billing — Built-in session management with quota tracking and SQLite persistence
🚀 Quick Start
Server Deployment (Linux)
# Generate pre-shared key
ostp-server gen-key
# Start server with PSK
ostp-server -l 0.0.0.0:8443 -p <hex-encoded-psk>
# Or use configuration file
ostp-server -c /etc/ostp/server.json
Client Connection (Windows)
# Interactive setup wizard
ostp-client setup
# Connect to server
ostp-client connect -s 1.2.3.4:8443 -p <hex-encoded-psk> -c RU
# Manage profiles
ostp-client profiles
🏗️ Architecture
OSTP consists of multiple specialized components:
| Component | Purpose |
|---|---|
| ostp | Core transport layer with encryption, handshake protocol, and TLS mimicry |
| oncp | Control plane for session management, user registry, and billing |
| osn | Network layer abstraction for TUN device management and routing |
| osds | Stealth DNS forwarder with anti-hijack detection |
| ostp-guard | Anti-reverse engineering protection suite (proprietary) |
All components work together to provide a robust, stealth VPN solution that evades detection while maintaining high performance and security standards.
🔐 Security Model
OSTP employs multiple layers of security:
- Silent Handshake — Invalid authentication attempts receive no response, preventing protocol fingerprinting
- Zero Fingerprints — All TLS fields are randomly generated to match legitimate HTTPS traffic
- Perfect Forward Secrecy — Ephemeral key exchange ensures session keys are never reused
- Encrypted Metadata — Even packet lengths and timing are obfuscated through adaptive padding
- Anti-Analysis Protection — Runtime protection against debugging, VM detection, and reverse engineering (release builds only)
📋 Requirements
Server (Linux)
- Linux kernel 3.10+ (tested on Ubuntu 22.04+, Debian 11+)
- 512 MB RAM minimum
- Ports: TCP 443 or 8443 (configurable)
- Persistent storage for user database
Client (Windows)
- Windows 10/11 (64-bit)
- Administrator privileges for TUN device creation
- .NET Framework not required (statically linked)
🛠️ Build from Source
# Clone repository (private access required)
git clone https://github.com/ospab/ospab.network.git
cd ospab.network
# Build all components
cargo build --workspace --release
# Binaries will be in target/release/
# - ostp-server.exe (Linux server)
# - ostp-client.exe (Windows client)
Note: This is a proprietary project. Source code access requires authorization. See LICENSE for details.
📚 Documentation
- Server Configuration Guide
- Client Setup Guide
- Protocol Specification (private)
- Security Architecture (private)
- Deployment Best Practices
🌍 Use Cases
- Journalists & Activists — Secure communication in countries with internet censorship
- Business Travelers — Bypass restrictive corporate and hotel networks
- Privacy Advocates — Maintain anonymity without revealing VPN usage
- Remote Workers — Access corporate resources without detection
- IoT Security — Secure embedded device communication with stealth capabilities
⚠️ Legal Notice
OSTP is a proprietary software product. Unauthorized distribution, reverse engineering, or modification is prohibited. This project is intended for legitimate privacy protection purposes only. Users are responsible for complying with local laws regarding encryption and VPN usage.
This repository is private. Public README is provided for documentation purposes only.
📞 Contact
- Author: Ospab
- Email: ospab@ospab.host
- Website: (coming soon)
📜 License
Copyright © 2025-2026 Ospab. All rights reserved.
This software is proprietary and confidential. See LICENSE file for complete terms.
Built with Rust 🦀 | Engineered for Privacy 🔐 | Designed to Disappear 👻