Skip to main content

DMTun - Drift my tunnel

Zero-knowledge P2P CLI tool for secure remote services access without VPN

Get Started (soon)

Secure access to services

🔒

Zero-Knowledge Security

Your private key is encrypted with your master password before storage. Only you can decrypt it

Direct P2P Connections

No servers in the middle when P2P succeeds. Ultra-low latency.

🛠️

Simple CLI Tool

TUI interface for developers and system administrators.

DMTun is a tool P2P tunneling tool that establishes secure connections and remote access without traditional VPN setup. Built with zero-knowledge & zero-trust architecture for maximum privacy and security.

Why choose DMTun for remote access?

Database Tunneling Without VPN - Direct secure access to remote databases, MySQL, PostgreSQL, MongoDB
Zero-Trust Network Security - No implicit trust, encrypted private keys, zero-knowledge architecture
TCP Port Forwarding - Access any TCP service on remote systems securely
NAT Traversal Technology - Works behind firewalls and routers automatically
Enterprise-Grade Encryption - TLS (TCP) and DTLS (UDP) encryption by default
Cross-Platform Support - Linux ✓, Windows ✓, macOS (coming soon)

How DMTun Secure Tunneling Works

DMTun operates in two modes for different remote access scenarios:

Connector Mode - Remote Database Access

  1. 1 Receive secure connection token from authorized user
  2. 2 Establish P2P connection or use encrypted relay fallback
  3. 3 Access databases, web services, or any TCP port securely

Beacon Mode - Remote Server Management

  1. 1 Create secure beacon using web management interface
  2. 2 Make services available to authorized users only
  3. 3 Grant access to specific IP addresses and ports

All peer-to-peer connections (direct or via relay) use double encryption - our encryption layer for secure connection establishment, plus your encryption layer for data protection. Even if our systems are compromised, your data remains encrypted with your own keys—which are themselves encrypted with your master password that only you know

Zero-Knowledge Security Architecture

Complete Privacy Protection

DMTun cannot access your connections because all communications are peer-to-peer (or via relay) only. We cannot establish connections on your behalf because they require your password-protected private keys that can only be decrypted by you.

Secure User Profile Management

When creating your DMTun profile, the system generates public/private certificate pairs. Your private certificate is encrypted with your master password before storage, ensuring DMTun servers never access your unencrypted private keys.

Granular Access Control

Beacon access requires creating authentication tokens with specific user public keys. Only authorized users can decrypt and connect using their private keys, which requires their master password for decryption.

Technical Specifications

Connection Protocol
Direct P2P with encrypted relay fallback
Encryption Standards
TLS 1.3 for TCP, DTLS 1.2 for UDP
NAT Traversal
ICE, STUN, TURN protocols
Platform Support
Linux ✓, Windows ✓, macOS (beta)
Interface Type
Command-line interface (CLI)
Security Model
Zero-knowledge, zero-trust

Getting Started with DMTun

DMTun is designed for developers, system administrators, and technical users familiar with networking and command-line tools:

  1. 1 Download DMTun CLI for your operating system (Linux/Windows)
  2. 2 Create your secure profile with a strong master password
  3. 3 Choose Connector mode for database access or Beacon mode for server sharing
  4. 4 Exchange secure connection tokens with authorized users
  5. 5 Establish encrypted P2P tunnel for secure remote access

Frequently Asked Questions

How is DMTun different from traditional VPN solutions?

Unlike VPNs that route all traffic through central servers, DMTun creates direct peer-to-peer connections for specific services like database access. This eliminates intermediate servers, reduces latency, and provides zero-knowledge security where even DMTun cannot access your connections.

Can DMTun work behind corporate firewalls?

Yes, DMTun uses advanced NAT traversal with ICE, STUN, and TURN protocols to establish connections through firewalls and NAT devices automatically. If direct P2P connection fails, it seamlessly falls back to encrypted relay servers.

What services does DMTun support?

DMTun works with any TCP-based service including MySQL, PostgreSQL, MongoDB, Redis, SSH, HTTP/HTTPS, and custom applications. It provides secure port forwarding for any TCP connection your remote system can access.

How does zero-knowledge architecture protect my data?

Your private keys are encrypted with your master password before being stored anywhere. DMTun servers never have access to your unencrypted keys, and all connections are made directly between peers. Even if our infrastructure is compromised, your communications remain completely secure.