Built different. On purpose.

Every feature exists because a commercial VPN failed us in China. This isn't a feature checklist -- it's a battle-tested toolkit for the Great Firewall.

VLESS+Reality+Vision Protocol

The gold standard for bypassing the Great Firewall. Reality uses the actual TLS certificates of legitimate websites (microsoft.com) to create connections that are cryptographically indistinguishable from normal HTTPS traffic. The GFW's deep packet inspection sees what looks like a standard visit to microsoft.com.

  • TLS fingerprint mimicry via uTLS library -- matches real browser fingerprints
  • ECDH shared secrets for zero-knowledge server authentication
  • Failed authentication connections forwarded to real destination (anti-probe defense)
  • No custom certificates needed -- uses target site's real TLS cert
  • Packet timing randomization defeats heuristic traffic analysis
VLESS+Reality+Vision Protocol

TUN Mode -- Full OS-Level Capture

Unlike browser-based VPN extensions or SOCKS proxies, KookVPN's TUN mode creates a virtual network adapter at the operating system level. Every single packet from every application passes through the encrypted tunnel. Nothing leaks.

  • Virtual network adapter captures ALL system traffic -- not just browser
  • DNS queries encrypted via DNS-over-TLS -- no DNS leaks possible
  • WebRTC leak prevention built-in
  • Kill switch instantly blocks all traffic if VPN disconnects
  • Works with CLI tools (Claude Code, Codex, Gemini CLI, git, npm)
TUN Mode -- Full OS-Level Capture

BBR Congestion Control

Standard TCP congestion control algorithms were designed for low-latency networks. When you're routing traffic from China to Singapore, you need BBR -- Google's algorithm specifically optimized for high-bandwidth, high-latency connections.

  • Optimized for long-distance international connections
  • Maximizes throughput without causing packet loss
  • Significantly faster than CUBIC (default TCP) over VPN tunnels
  • Server-side BBR enabled by default -- no client configuration needed
  • Reduces buffering for streaming and video calls
BBR Congestion Control

Zero-Log Architecture

We don't log your traffic, DNS queries, connection timestamps, bandwidth usage, or IP addresses. Not "minimal logging." Not "anonymized logging." Zero. The server physically cannot store what doesn't exist.

  • No traffic logs, no connection logs, no metadata logs
  • DNS queries resolved via DNS-over-TLS and not stored
  • Server runs with minimal write permissions to disk
  • No analytics or tracking on VPN connections
  • Your browsing history exists only in your browser
Zero-Log Architecture

Private Dedicated Infrastructure

Commercial VPNs route thousands of users through shared servers. When one user gets flagged, everyone on that IP gets flagged. KookVPN runs on private dedicated infrastructure -- your connection isn't contaminated by other users' activity.

  • Dedicated server not shared with thousands of strangers
  • IP address not in any commercial VPN blocklist
  • Standard DigitalOcean IP range -- not flagged as VPN by AI companies
  • Server in Singapore SGP1 -- optimal routing for China Telecom and Unicom
  • UFW firewall + cloud firewall with only ports 22 and 443 open
Private Dedicated Infrastructure

Intelligent Split Routing

Chinese apps like WeChat, Alipay, Taobao, and Meituan work best with direct connections. KookVPN's split routing sends Chinese traffic directly while routing international traffic through the VPN tunnel.

  • Chinese app traffic (WeChat, Alipay, Taobao) goes direct -- no speed penalty
  • International traffic (Google, YouTube, Claude, Codex) routes through VPN
  • Configurable rules for custom routing preferences
  • Chinese banking apps maintain direct connection for reliability
  • Optimized for dual-stack usage patterns of China expats
Intelligent Split Routing
And more

Every detail thought through

Kill Switch

If the VPN connection drops, all internet traffic is immediately blocked. Zero packets leak to expose your real IP.

Auto-Reconnect

Connection interruptions are automatically detected and the VPN reconnects within seconds. No manual intervention needed.

DNS-over-TLS

All DNS queries are encrypted and routed through the VPN tunnel. No DNS leaks, no DNS poisoning, no manipulation.

TLS Fingerprint Mimicry

uTLS library generates browser-authentic TLS fingerprints. Your connection looks like Chrome visiting microsoft.com.

Active Probe Defense

When the GFW probes our server, failed auth connections are transparently forwarded to microsoft.com. Probes get a real response.

Low Latency

Singapore server provides sub-50ms latency for most China locations. Optimized routing for China Telecom, Unicom, and Mobile.

Ready to finally have a VPN that works?

Join hundreds of expats who stopped fighting the Great Firewall and started winning.

Get KookVPN Now See How It Works