How VPN Works

The VPN Connection — Step by Step

When you connect to Neon Tunnel VPN, here's exactly what happens in the background:

1

VPN Client Initialization

The Android VPN app reads your selected server configuration (protocol, IP, port, credentials). It sets up a virtual network interface (TUN/TAP) on your device — this captures all outgoing network traffic.

2

Cryptographic Handshake

Your device and the VPN server perform a TLS or Noise Protocol handshake to authenticate each other and negotiate encryption parameters. WireGuard uses Noise_IKpsk2 with Curve25519 ECDH. OpenVPN uses TLS 1.3 with RSA/ECDSA certificates.

3

Session Keys Generated

Ephemeral session keys are generated using Diffie-Hellman key exchange. These keys are temporary — regenerated every few minutes (Perfect Forward Secrecy). If a key is compromised, past sessions remain safe.

4

Encrypted Tunnel Established

All your internet traffic — DNS queries, HTTP/HTTPS requests, app data — is captured by the TUN interface, encrypted, and sent to the VPN server through the tunnel.

5

IP Masking & Traffic Forwarding

The VPN server decrypts your traffic, replaces your real IP with its own, and forwards requests to destination websites. Websites see only the server's IP. The server receives responses and sends them back encrypted through the tunnel.

6

DNS Protection

DNS queries are also routed through the VPN tunnel to the VPN server's DNS resolver, preventing DNS leaks where your ISP could see which domains you visit even when on VPN.

7

Kill Switch Protection

If the VPN connection drops, the kill switch immediately blocks all internet traffic until the VPN reconnects. This prevents accidental IP exposure. Implemented via iptables/nftables rules at OS level in the Android VPN app.

VPN Architecture — Client, Server & Admin Panel

Neon Tunnel VPN has a 3-tier architecture:

Android VPN Client: Kotlin/Java app with TUN interface. Handles protocol connection (WireGuard, OpenVPN, V2Ray, Trojan, Shadowsocks), traffic routing, kill switch, DNS protection, and server switching.
VPN Server: Linux server running protocol daemons (wireguard, openvpn, xray/v2ray, trojan-go). Forwards traffic, manages bandwidth limits, and reports connection logs to the admin panel via API.
PHP Admin Panel: Central management system. Manages users, subscription plans, VPN servers, sub-admins, resellers, payment processing, and generates configuration credentials for the Android app.

Data flow: Android App → VPN Tunnel → VPN Server → Internet
Management: Admin Panel → API → Android App (server list, credentials, subscription status)

Key VPN Security Features

Perfect Forward Secrecy

New session keys generated for every connection. Past sessions cannot be decrypted even if current keys are compromised.

Kill Switch

Blocks all internet traffic if VPN disconnects. Your real IP never leaks during connection drops.

DNS Leak Protection

All DNS queries go through the encrypted VPN tunnel. Your ISP cannot see which domains you visit.

DPI Obfuscation

V2Ray, Trojan, and Shadowsocks disguise VPN traffic as normal HTTPS, bypassing Deep Packet Inspection firewalls.

Auto-Reconnect

The VPN app automatically reconnects to the server if the connection drops, with configurable retry intervals.

Multi-Server Routing

Admin panel supports unlimited VPN servers. Users can select server by country, city, or protocol from within the app.

Technical Implementation in Neon Tunnel VPN

Android App (Kotlin/Java)

Uses Android's VpnService API to create TUN interface and capture all device traffic
WireGuard via WireGuard Android library with kernel module support
OpenVPN via OpenVPN3 Android library
V2Ray/Trojan/Shadowsocks via Xray-core Android integration
Kill switch via VpnService.Builder.blockConnectionsWithoutVpn()
Communicates with admin panel API using HTTPS + JWT token authentication

VPN Server Setup

Linux-based (Ubuntu 20.04+) with WireGuard kernel module, OpenVPN daemon, Xray-core for V2Ray/Trojan/Vless
Firewall rules (iptables) for traffic forwarding, NAT, and kill switch enforcement
Reports connection events to admin panel API for real-time monitoring

MENU