Unified VPN SDK for Windows

General

The Windows SDK is part of the Aura Partner SDK, providing client-side libraries and server-side applications for implementing custom VPN infrastructure. The SDK enables developers to create secure and reliable VPN solutions for Windows users, leveraging the benefits of a VPN while offering a seamless integration experience.

VPN Overview

A Virtual Private Network (VPN) is a secure, encrypted connection between your device and a remote server operated by a VPN service provider. When you connect to a VPN, all your internet traffic is routed through this encrypted tunnel, making it difficult for others to intercept or monitor your online activities.

When you connect to a VPN, your device establishes a secure connection with the VPN server. This connection is encrypted using robust protocols like Hydra, OpenVPN, IPSec, or WireGuard. Once the connection is established, all your internet traffic is sent through the encrypted tunnel to the VPN server, which then forwards it to its final destination on the internet.

To the outside world, it appears as though your traffic is originating from the VPN server rather than your actual device. This effectively masks your real IP address, making it harder for websites or other third parties to track your online activities or determine your physical location.

Architectural Diagram

The image shows a high-level architecture diagram for an application involving a VPN (Virtual Private Network) backend accessed by a client application.

The client application communicates with the UnifiedSDK service, which includes a VPN Controller, Firewall Controller, Throttling Controller, and Events. These components manage various aspects of the VPN connection, such as establishing the VPN tunnel, controlling firewall rules, and managing bandwidth throttling. The Events component forwards UnifiedSDK notifications to the Client Application.

The UnifiedSDK also includes a Backend Provider component that communicates with the backend to obtain the necessary data for establishing the VPN tunnel connection. This data includes authorization and authentication information, lists of available countries and locations, traffic limits, user information, connection data, configuration patches, and more.

The Firewall includes multiple modules, some based on the Windows Filtering Platform (WFP) and others on Netfilter. The WFP modules focus on protecting VPN traffic. On the other hand, the Netfilter modules are used to manage traffic when necessary, providing fine-grained control over network traffic.

The DNS Monitor is a separate module that specifically handles DNS requests when the VPN tunnel is disconnected. Its distinct functionality sets it apart from the other modules in the Firewall component.

Finally, there is a VPN Node component, which represents the remote VPN server that the client application connects to through the established VPN tunnel.

Prerequisites

The following prerequisites are required to use the SDK:

• OS: Windows 10, 11

• Software:

  • .NET 8.0 is required if the provided build is not self-contained

Additionally, in order to be able to use the SDK, the following steps have to be done:

• Sign in at pango-cloud.com.

• Create a project and use a name for your project as a Public key. Private key is optional.

• Use SDK where carrierId equals given Public Key and backend url equals default SDK url or url provided by Pango team.

Note that at this time, it is not possible for users to create their own accounts directly if they do not already have an account established with us. Please contact your sales representative to initiate account creation as part of the project and client onboarding process or contact us. We apologize for any inconvenience.

Supported protocols

• Hydra

• OpenVPN

• WireGuard

• IPSec

Supported features

• Backend URL configuration

  • The SDK supports overriding default backend API URLs by providing reserved backend URL to Initialize method.

• Traffic protection features

  • Killswitch: Can be enabled/disabled programmatically. When turned on, it acts as a mechanism that prevents traffic leakage outside the VPN-tunnel during an emergency rupture. A kill switch will stop your computer from transmitting data until your connection to the VPN server is restored, protecting from all leaks.

  • Prevent IP leaks: Blocks IPv6 and DNS requests outside the VPN tunnel

  • Block LocalNetwork: Block all local network connections during VPN session using BlockLocalNetwork property

• Firewall: Supports enabling/disabling the firewall, updating bypass domains and processes, adding/removing processes to the killswitch exception list, enabling/disabling DNS monitoring, and getting the current killswitch state.

  • Domain bypass: Allows excluding certain domains from the VPN tunnel, routing them through the regular internet connection instead

  • Process bypass: Allows excluding certain processes or applications from the VPN tunnel, sending their traffic outside the encrypted connection

  • Domain route via VPN: Allows you to select specific domains to be routed through the VPN tunnel while all other traffic remains unaffected

  • Process route via VPN: Allows you to select specific processes to be routed through the VPN tunnel while all other traffic remains unaffected

  • DNS monitor: When the VPN tunnel is disconnected, this module monitors and logs all DNS requests made by the system to help identify potential DNS leaks or unusual domain queries. The DNS monitor is automatically disabled when the VPN tunnel is connecting or connected.

• Throttling: Supports various one-line requests to configure the firewall, including managing processes, speed limits, and enabling/disabling throttling.

• Supported only on Hydra protocol features

  • CustomDNS, UserDNS, MultiHop, VpnProfiles (Hydra Protocol): Provide users with greater control and customization options for managing their VPN connections and DNS requests

    • Custom DNS profile and UserDNS: Setting up custom DNS profile or use UserDNS to direct all their DNS requests to the desired server instead of the default ones.

    • MultiHop: Routes their VPN connection through an intermediate server before reaching the main VPN server.

    • VPN Profiles: Creating separate VPN profiles for various purposes (e.g. work, streaming, general browsing), allowing them to quickly switch between the appropriate servers without manually configuring the connection each time.

  • FireShield (Hydra Protocol): Supports configuring URL filtering and categorization, specifying actions like blocking, alerting, bypassing VPN, or routing through VPN, and can be set up via the developer portal, client-side configuration files, or using the FireshieldService API.

Getting Started

To begin using this project, please refer to Setup.

Changelog

The SDK version history and changes are documented here.

Support

If you encounter any issues or have questions regarding integrating the SDK, please visit here.