Repository files navigation

简体中文 |English

✨ A simple, secure, decentralized virtual private network solution powered by Rust and Tokio

📚Full Documentation | 🖥️Web Console | 📝Download Releases | 🧩Third Party Tools | ❤️Sponsor

• 🔒Decentralized: Nodes are equal and independent, no centralized services required
• 🚀Easy to Use: Multiple operation methods via web, client, and command line
• 🌍Cross-Platform: Supports Win/MacOS/Linux/FreeBSD/Android and X86/ARM/MIPS architectures
• 🔐Secure: AES-GCM or WireGuard encryption, prevents man-in-the-middle attacks

• 🔌Efficient NAT Traversal: Supports UDP and IPv6 traversal, works with NAT4-NAT4 networks
• 🌐Subnet Proxy: Nodes can share subnets for other nodes to access
• 🔄Intelligent Routing: Latency priority and automatic route selection for best network experience
• ⚡High Performance: Zero-copy throughout the entire link, supports TCP/UDP/WSS/WG protocols

• 📊UDP Loss Resistance: KCP/QUIC proxy optimizes latency and bandwidth in high packet loss environments
• 🔧Web Management: Easy configuration and monitoring through web interface
• 🛠️Zero Config: Simple deployment with statically linked executables

Choose the installation method that best suits your needs:

# 1. Download pre-built binary (Recommended, All platforms supported)# Visit https://github.com/EasyTier/EasyTier/releases# 2. Install via cargo (Latest development version)cargo install --git https://github.com/EasyTier/EasyTier.git easytier# 3. Install via Docker# See https://easytier.cn/en/guide/installation.html#installation-methods# 4. Linux Quick Installwget -O- https://raw.githubusercontent.com/EasyTier/EasyTier/main/script/install.sh| sudo bash# 5. MacOS via Homebrewbrew tap brewforge/chinesebrew install --cask easytier-gui# 6. OpenWrt Luci Web UI# Visit https://github.com/EasyTier/luci-app-easytier

EasyTier supports quick networking using shared public nodes. When you don't have a public IP, you can use the free shared nodes provided by the EasyTier community. Nodes will automatically attempt NAT traversal and establish P2P connections. When P2P fails, data will be relayed through shared nodes.

The currently deployed shared public node istcp://public.easytier.cn:11010.

When using shared nodes, each node entering the network needs to provide the same--network-name and--network-secret parameters as the unique identifier of the network.

Taking two nodes as an example (Please use more complex network name to avoid conflicts):

1. Run on Node A:

# Run with administrator privilegessudo easytier-core -d --network-name abc --network-secret abc -p tcp://public.easytier.cn:11010

2. Run on Node B:

# Run with administrator privilegessudo easytier-core -d --network-name abc --network-secret abc -p tcp://public.easytier.cn:11010

After successful execution, you can check the network status usingeasytier-cli:

| ipv4         | hostname       | cost  | lat_ms | loss_rate | rx_bytes | tx_bytes | tunnel_proto | nat_type | id         | version         || ------------ | -------------- | ----- | ------ | --------- | -------- | -------- | ------------ | -------- | ---------- | --------------- || 10.126.126.1 | abc-1          | Local | *      | *         | *        | *        | udp          | FullCone | 439804259  | 2.3.2-70e69a38~ || 10.126.126.2 | abc-2          | p2p   | 3.452  | 0         | 17.33 kB | 20.42 kB | udp          | FullCone | 390879727  | 2.3.2-70e69a38~ ||              | PublicServer_a | p2p   | 27.796 | 0.000     | 50.01 kB | 67.46 kB | tcp          | Unknown  | 3771642457 | 2.3.2-70e69a38~ |

You can test connectivity between nodes:

# Test connectivityping 10.126.126.1ping 10.126.126.2

Note: If you cannot ping through, it may be that the firewall is blocking incoming traffic. Please turn off the firewall or add allow rules.

To improve availability, you can connect to multiple shared nodes simultaneously:

# Connect to multiple shared nodessudo easytier-core -d --network-name abc --network-secret abc -p tcp://public.easytier.cn:11010 -p udp://public.easytier.cn:11010

Once your network is set up successfully, you can easily configure it to start automatically on system boot. Refer to theOne-Click Register Service guide for step-by-step instructions on registering EasyTier as a system service.

EasyTier is fundamentally decentralized, with no distinction between server and client. As long as one device can communicate with any node in the virtual network, it can join the virtual network. Here's how to set up a decentralized network:

1. Start First Node (Node A):

# Start the first nodesudo easytier-core -i 10.144.144.1

After startup, this node will listen on the following ports by default:

• TCP: 11010
• UDP: 11010
• WebSocket: 11011
• WebSocket SSL: 11012
• WireGuard: 11013

2. Connect Second Node (Node B):

# Connect to the first node using its public IPsudo easytier-core -i 10.144.144.2 -p udp://FIRST_NODE_PUBLIC_IP:11010

3. Verify Connection:

# Test connectivityping 10.144.144.2# View connected peerseasytier-cli peer# View routing informationeasytier-cli route# View local node informationeasytier-cli node

For more nodes to join the network, they can connect to any existing node in the network using the-p parameter:

# Connect to any existing node using its public IPsudo easytier-core -i 10.144.144.3 -p udp://ANY_EXISTING_NODE_PUBLIC_IP:11010

Assuming the network topology is as follows, Node B wants to share its accessible subnet 10.1.1.0/24 with other nodes:

flowchart LRsubgraph Node A Public IP 22.1.1.1nodea[EasyTier<br/>10.144.144.1]endsubgraph Node Bnodeb[EasyTier<br/>10.144.144.2]endid1[[10.1.1.0/24]]nodea <--> nodeb <-.-> id1

To share a subnet, add the-n parameter when starting EasyTier:

# Share subnet 10.1.1.0/24 with other nodessudo easytier-core -i 10.144.144.2 -n 10.1.1.0/24

Subnet proxy information will automatically sync to each node in the virtual network, and each node will automatically configure the corresponding route. You can verify the subnet proxy setup:

1. Check if the routing information has been synchronized (the proxy_cidrs column shows the proxied subnets):

# View routing informationeasytier-cli route

2. Test if you can access nodes in the proxied subnet:

# Test connectivity to proxied subnetping 10.1.1.2

EasyTier can act as a WireGuard server, allowing any device with a WireGuard client (including iOS and Android) to access the EasyTier network. Here's an example setup:

flowchart LRios[[iPhone<br/>WireGuard Installed]]subgraph Node A Public IP 22.1.1.1nodea[EasyTier<br/>10.144.144.1]endsubgraph Node Bnodeb[EasyTier<br/>10.144.144.2]endid1[[10.1.1.0/24]]ios <-.-> nodea <--> nodeb <-.-> id1

1. Start EasyTier with WireGuard portal enabled:

# Listen on 0.0.0.0:11013 and use 10.14.14.0/24 subnet for WireGuard clientssudo easytier-core -i 10.144.144.1 --vpn-portal wg://0.0.0.0:11013/10.14.14.0/24

2. Get WireGuard client configuration:

# Get WireGuard client configurationeasytier-cli vpn-portal

3. In the output configuration:
   • SetInterface.Address to an available IP from the WireGuard subnet
   • SetPeer.Endpoint to the public IP/domain of your EasyTier node
   • Import the modified configuration into your WireGuard client

You can run your own public shared node to help other nodes discover each other. A public shared node is just a regular EasyTier network (with same network name and secret) that other networks can connect to.

To run a public shared node:

# No need to specify IPv4 address for public shared nodessudo easytier-core --network-name mysharednode --network-secret mysharednode

• ZeroTier: A global virtual network for connecting devices.
• TailScale: A VPN solution aimed at simplifying network configuration.
• vpncloud: A P2P Mesh VPN
• Candy: A reliable, low-latency, and anti-censorship virtual private network

• 💬Telegram Group
• 👥QQ Group: 949700262

EasyTier is released under theLGPL-3.0.

CDN acceleration and security protection for this project are sponsored by Tencent EdgeOne.

Special thanks toLanglang Cloud for sponsoring our public servers.

If you find EasyTier helpful, please consider sponsoring us. Software development and maintenance require a lot of time and effort, and your sponsorship will help us better maintain and improve EasyTier.