Calls: Send in your ideas. Deadline June 1st, 2021.
Source code :



VPN technology is a key enabler for end user security in insecure environments. Vita aims to achieve high performance (beyond 10G speeds) on commodity server hardware. Vita is intended to be both simple in terms of code, as well as in terms of deployment, and non-invasive to deploy in existing networks. Vita also strives to be affordable, in terms of both energy footprint and cost of maintenance: its goal is to make the best possible use of commodity hardware while remaining easy to deploy safely.

Why does this actually matter to end users?

<img src="vita-sketch.png" alt="Vita components" style="width: 90%">


<ul> <li>Runs on commodity hardware </li> <li>Implements IPsec for IPv4, specifically <em>IP Encapsulating Security Payload</em> ESP) in tunnel mode (audit needed) </li> <li>Uses optimized AES-GCM 128-bit encryption based on a reference implementation by <em>Intel</em> for their AVX2 (generation-4) processors</li> <li>Suitable for 1-Gigabit, 10-Gigabit (and beyond?) Ethernet </li> <li>Automated key exchange and rotation, with perfect forward secrecy (PFS) (audit needed) </li> <li>Dynamic reconfiguration (update routes while running) </li> <li>Strong observability: access relevant statistics of a running Vita node </li> </ul>

Navigate projects

Please check out NLnet's theme funds, such as NGI Assure, NGI0 Discovery (which is focussed on search, discovery and discoverability) and the Internet Hardening Fund.

Want to help but no money to spend? Help us by protecting open source and its users.