Interface

An interface is an abstract concept in MintFlow NetStack that allows you to steer app traffic.

For example, if you create a WireGuard (L3VPN¹) interface, you can steer all your iOS app's traffic to it by specifying a special CIDR route (0.0.0.0/0), which directs all IPv4 traffic to the interface. This provides high privacy and eliminates concerns about IP leakage in high-risk environments.

Currently MintFlow NetStack support the following interface types:

• L3VPN interface

  This is the interface where packets will be encrypted and routed to the VPN server using IP based processing, since it does not need to reconstruct TCP/UDP sessions using fd.io VPP hoststack, which is more efficient.

  Currently WireGuard L3VPN is supported.

• L4PROXY interface

  This is the interface where packets will be encrypted and routed to the remote VPN server using session based processing, it need to reconstruct TCP/UDP sessions using fd.io VPP hoststack, which is less efficient compared to L3VPN interface.

  Currently the following L4PROXY types is supported:

  • VMESS-WS-TLS (with AEAED ciphers)
  • Shadowsocks with AEAD ciphers

• Direct Virtual interface (Requires App Routing Enabled)

  This is the interface where packets will be routed to local internet, be it WIFI or Cellular.

• Reject Virtual interface

  This is the interface where TCP packets will be rejected by sending RST, which is mainly used for AdBlock, which quickly to make app believe the Ad related domain reject the connection. for UDP packets, it's behavior is same with Drop Virtual Interface.

• Drop Virtual interface

  This is the interface where packets will be dropped silently. it can be used to implement AdBlock.

We are developing new L4Proxy² interface to satisfy more user scenarios.

1. L3VPN is a type of VPN technology that basically only route packet by it's IP address. ↩

2. L4Proxy is a type of VPN technology that basically handle TCP/UDP session. ↩