Qeli is a robust, self-hosted VPN solution designed to give users complete control over their network traffic, privacy, and infrastructure. By operating directly on your own server, Qeli eliminates reliance on third-party providers, subscriptions, and unknown intermediaries. The tool is written in Rust, ensuring memory safety and high performance, and features a sophisticated, custom network protocol designed for modern cryptographic standards, including post-quantum protection.

Unlike many common proxy-based solutions such as VLESS, V2Ray, or Shadowsocks, which only redirect traffic for specifically configured applications, Qeli establishes a comprehensive L3 network tunnel. This protects the entire device by automatically routing all system traffic, including browsers, games, system updates, and background services, through a single encrypted channel. It supports seamless site-to-site networking, allowing users to connect multiple branch offices, home networks, or remote servers into a unified, secure infrastructure without complex external configurations.

Some of the key features are:

• Post-Quantum Cryptography: Employs a hybrid X25519 and ML-KEM-768 key exchange to ensure traffic remains secure against future quantum computing threats.
• Multiple Transport Modes: Supports various modes including reality-tls, fake-tls, obfs, plain, and QUIC, allowing users to tailor the connection to their specific environment or censorship-avoidance needs.
• Reality-TLS Implementation: Provides genuine TLS 1.3 handshaking with browser-consistent fingerprints (Chrome JA4), making VPN traffic indistinguishable from legitimate HTTPS browsing.
• Built-in Web Dashboard: Includes an integrated browser-based management panel to handle users, profiles, routing rules, and key rotation, eliminating the need for manual SSH or configuration file editing.
• Native Multi-Platform Support: Offers native clients for Linux, Windows, macOS, and Android, all built with a consistent protocol and high-performance realtls engine.
• Robust Security Mechanics: Implements server key pinning to prevent MITM attacks, Argon2id password hashing, and granular per-user traffic controls.
• Device-Wide Tunneling: Functions at the network interface level (TUN), ensuring all data streams, including system-critical traffic and DNS queries, are protected without configuration gaps.

Operationally, Qeli consists of a single, self-sufficient binary that serves both client and server roles. Users can deploy it on any standard Linux VPS via a one-line install script or through Docker containers. Once installed, configuration is managed through a flat-INI format, and clients can connect instantly by importing a simple qeli:// link or scanning a QR code. The server processes run as a service, automatically managing routing, NAT, and cryptographic handshakes, while the management dashboard provides real-time oversight of active sessions and bandwidth usage.

Some common use cases include:

• Personal Privacy in Public Networks: Shielding all device traffic from local network operators or untrusted public Wi-Fi hotspots.
• Bypassing Censorship: Using the reality-tls or obfs modes to mask VPN activity as regular web traffic in restricted network environments.
• Site-to-Site Networking: Connecting home and office networks together securely so that local devices on both sides can interact as if they were on the same local network.
• Secure Remote Access: Granting team members or contractors access to specific private internal subnets (e.g., cameras, NAS, or internal dashboards) without exposing the entire network.