EasyTier/EasyTier
{ "createdAt": "2023-09-29T17:03:53Z", "defaultBranch": "main", "description": "A simple, decentralized mesh VPN with WireGuard support.", "fullName": "EasyTier/EasyTier", "homepage": "https://easytier.cn", "language": "Rust", "name": "EasyTier", "pushedAt": "2025-11-25T05:59:27Z", "stargazersCount": 8289, "topics": [ "nat-traversal", "p2p", "rust", "tailscale", "vpn", "zerotier" ], "updatedAt": "2025-11-25T16:19:23Z", "url": "https://github.com/EasyTier/EasyTier"}EasyTier
Section titled “EasyTier”
[简体中文]!(/README_CN.md) | [English]!(/README.md)
✨ A simple, secure, decentralized virtual private network solution powered by Rust and Tokio
📚 Full Documentation | 🖥️ Web Console | 📝 Download Releases | 🧩 Third Party Tools | ❤️ [Sponsor]!(#sponsor)
Features
Section titled “Features”Core Features
Section titled “Core Features”- 🔒 Decentralized: Nodes are equal and independent, no centralized services required
- 🚀 Easy to Use: Multiple operation methods via web, client, and command line
- 🌍 Cross-Platform: Supports Win/MacOS/Linux/FreeBSD/Android and X86/ARM/MIPS architectures
- 🔐 Secure: AES-GCM or WireGuard encryption, prevents man-in-the-middle attacks
Advanced Capabilities
Section titled “Advanced Capabilities”- 🔌 Efficient NAT Traversal: Supports UDP and IPv6 traversal, works with NAT4-NAT4 networks
- 🌐 Subnet Proxy: Nodes can share subnets for other nodes to access
- 🔄 Intelligent Routing: Latency priority and automatic route selection for best network experience
- ⚡ High Performance: Zero-copy throughout the entire link, supports TCP/UDP/WSS/WG protocols
Network Optimization
Section titled “Network Optimization”- 📊 UDP Loss Resistance: KCP/QUIC proxy optimizes latency and bandwidth in high packet loss environments
- 🔧 Web Management: Easy configuration and monitoring through web interface
- 🛠️ Zero Config: Simple deployment with statically linked executables
Quick Start
Section titled “Quick Start”📥 Installation
Section titled “📥 Installation”Choose the installation method that best suits your needs:
# 1. Download pre-built binary (Recommended, All platforms supported)# Visit https://github.com/EasyTier/EasyTier/releases
# 2. Install via cargo (Latest development version)cargo install --git https://github.com/EasyTier/EasyTier.git easytier
# 3. Install via Docker# See https://easytier.cn/en/guide/installation.html#installation-methods
# 4. Linux Quick Installwget -O- https://raw.githubusercontent.com/EasyTier/EasyTier/main/script/install.sh | sudo bash -s install
# 5. MacOS via Homebrewbrew tap brewforge/chinesebrew install --cask easytier-gui
# 6. OpenWrt Luci Web UI# Visit https://github.com/EasyTier/luci-app-easytier
# 7. (Optional) Install shell completions:easytier-core --gen-autocomplete fish > ~/.config/fish/completions/easytier-core.fisheasytier-cli gen-autocomplete fish > ~/.config/fish/completions/easytier-cli.fish🚀 Basic Usage
Section titled “🚀 Basic Usage”Quick Networking with Shared Nodes
Section titled “Quick Networking with Shared Nodes”EasyTier supports quick networking using shared public nodes. When you don’t have a public IP, you can use the free shared nodes provided by the EasyTier community. Nodes will automatically attempt NAT traversal and establish P2P connections. When P2P fails, data will be relayed through shared nodes.
The currently deployed shared public node is tcp://public.easytier.cn:11010.
When using shared nodes, each node entering the network needs to provide the same --network-name and --network-secret parameters as the unique identifier of the network.
Taking two nodes as an example (Please use more complex network name to avoid conflicts):
- Run on Node A:
# Run with administrator privilegessudo easytier-core -d --network-name abc --network-secret abc -p tcp://public.easytier.cn:11010- Run on Node B:
# Run with administrator privilegessudo easytier-core -d --network-name abc --network-secret abc -p tcp://public.easytier.cn:11010After successful execution, you can check the network status using easytier-cli:
| ipv4 | hostname | cost | lat_ms | loss_rate | rx_bytes | tx_bytes | tunnel_proto | nat_type | id | version || ------------ | -------------- | ----- | ------ | --------- | -------- | -------- | ------------ | -------- | ---------- | --------------- || 10.126.126.1 | abc-1 | Local | * | * | * | * | udp | FullCone | 439804259 | 2.4.5-70e69a38~ || 10.126.126.2 | abc-2 | p2p | 3.452 | 0 | 17.33 kB | 20.42 kB | udp | FullCone | 390879727 | 2.4.5-70e69a38~ || | PublicServer_a | p2p | 27.796 | 0.000 | 50.01 kB | 67.46 kB | tcp | Unknown | 3771642457 | 2.4.5-70e69a38~ |You can test connectivity between nodes:
# Test connectivityping 10.126.126.1ping 10.126.126.2Note: If you cannot ping through, it may be that the firewall is blocking incoming traffic. Please turn off the firewall or add allow rules.
To improve availability, you can connect to multiple shared nodes simultaneously:
# Connect to multiple shared nodessudo easytier-core -d --network-name abc --network-secret abc -p tcp://public.easytier.cn:11010 -p udp://public.easytier.cn:11010Once your network is set up successfully, you can easily configure it to start automatically on system boot. Refer to the One-Click Register Service guide for step-by-step instructions on registering EasyTier as a system service.
Decentralized Networking
Section titled “Decentralized Networking”EasyTier is fundamentally decentralized, with no distinction between server and client. As long as one device can communicate with any node in the virtual network, it can join the virtual network. Here’s how to set up a decentralized network:
- Start First Node (Node A):
# Start the first nodesudo easytier-core -i 10.144.144.1After startup, this node will listen on the following ports by default:
- TCP: 11010
- UDP: 11010
- WebSocket: 11011
- WebSocket SSL: 11012
- WireGuard: 11013
- Connect Second Node (Node B):
# Connect to the first node using its public IPsudo easytier-core -i 10.144.144.2 -p udp://FIRST_NODE_PUBLIC_IP:11010- Verify Connection:
# Test connectivityping 10.144.144.2
# View connected peerseasytier-cli peer
# View routing informationeasytier-cli route
# View local node informationeasytier-cli nodeFor more nodes to join the network, they can connect to any existing node in the network using the -p parameter:
# Connect to any existing node using its public IPsudo easytier-core -i 10.144.144.3 -p udp://ANY_EXISTING_NODE_PUBLIC_IP:11010🔍 Advanced Features
Section titled “🔍 Advanced Features”Subnet Proxy
Section titled “Subnet Proxy”Assuming the network topology is as follows, Node B wants to share its accessible subnet 10.1.1.0/24 with other nodes:
flowchart LR
subgraph Node A Public IP 22.1.1.1nodea[EasyTier<br/>10.144.144.1]end
subgraph Node Bnodeb[EasyTier<br/>10.144.144.2]end
id1[[10.1.1.0/24]]
nodea <--> nodeb <-.-> id1To share a subnet, add the -n parameter when starting EasyTier:
# Share subnet 10.1.1.0/24 with other nodessudo easytier-core -i 10.144.144.2 -n 10.1.1.0/24Subnet proxy information will automatically sync to each node in the virtual network, and each node will automatically configure the corresponding route. You can verify the subnet proxy setup:
- Check if the routing information has been synchronized (the proxy_cidrs column shows the proxied subnets):
# View routing informationeasytier-cli route![Routing Information]!(/assets/image-3.png)
- Test if you can access nodes in the proxied subnet:
# Test connectivity to proxied subnetping 10.1.1.2WireGuard Integration
Section titled “WireGuard Integration”EasyTier can act as a WireGuard server, allowing any device with a WireGuard client (including iOS and Android) to access the EasyTier network. Here’s an example setup:
flowchart LR
ios[[iPhone<br/>WireGuard Installed]]
subgraph Node A Public IP 22.1.1.1nodea[EasyTier<br/>10.144.144.1]end
subgraph Node Bnodeb[EasyTier<br/>10.144.144.2]end
id1[[10.1.1.0/24]]
ios <-.-> nodea <--> nodeb <-.-> id1- Start EasyTier with WireGuard portal enabled:
# Listen on 0.0.0.0:11013 and use 10.14.14.0/24 subnet for WireGuard clientssudo easytier-core -i 10.144.144.1 --vpn-portal wg://0.0.0.0:11013/10.14.14.0/24- Get WireGuard client configuration:
# Get WireGuard client configurationeasytier-cli vpn-portal- In the output configuration:
- Set
Interface.Addressto an available IP from the WireGuard subnet - Set
Peer.Endpointto the public IP/domain of your EasyTier node - Import the modified configuration into your WireGuard client
- Set
Self-Hosted Public Shared Node
Section titled “Self-Hosted Public Shared Node”You can run your own public shared node to help other nodes discover each other. A public shared node is just a regular EasyTier network (with same network name and secret) that other networks can connect to.
To run a public shared node:
# No need to specify IPv4 address for public shared nodessudo easytier-core --network-name mysharednode --network-secret mysharednodeRelated Projects
Section titled “Related Projects”- ZeroTier: A global virtual network for connecting devices.
- TailScale: A VPN solution aimed at simplifying network configuration.
Contact Us
Section titled “Contact Us”- 💬 Telegram Group
- 👥 [QQ Group]
License
Section titled “License”EasyTier is released under the LGPL-3.0.
Sponsor
Section titled “Sponsor”CDN acceleration and security protection for this project are sponsored by Tencent EdgeOne.
Special thanks to Langlang Cloud and RainCloud for sponsoring our public servers.
If you find EasyTier helpful, please consider sponsoring us. Software development and maintenance require a lot of time and effort, and your sponsorship will help us better maintain and improve EasyTier.