A lightweight, self-hosted virtual LAN tool. C core, minimal dependencies, optional desktop GUI.
MIT license · source code on GitHub
⚠️ Packet contents are authenticated but not encrypted — use only on trusted networks.
SipHash authentication
Every packet is verified using the shared network key.
Hub and spoke
One server node, up to 253 connected client peers.
Zero registration
No accounts, no external services. Just an IP and a key.
# on the machine with a public IP sudo ./tund server -k "a-long-random-key" # on every machine that should join the LAN sudo ./tund client -s <server_ip> -k "a-long-random-key"
Getting it running on Windows
tund-windows-x86_64.zip above and extract all files into the same folder.
tund-gui.exe for the GUI or tund-cli.exe for the CLI. If Windows shows a UAC prompt, accept it so Tund can create the TUN interface.
9909 in Windows Defender Firewall so clients can reach it:
tund-cli.exe server -k "a-long-random-key".
Windows Firewall often blocks ping (ICMP) on the virtual adapter even when the tunnel works fine — this doesn't affect game traffic, only connectivity checks.
macOS — first run
xattr -d com.apple.quarantine ./tund
If the warning persists, go to System Settings → Privacy & Security and click Open Anyway.
Firewall — allow port 9909 on Linux / macOS
# ufw (Ubuntu/Debian) sudo ufw allow 9909/udp # firewalld (Fedora/RHEL) sudo firewall-cmd --add-port=9909/udp --permanent sudo firewall-cmd --reload # iptables sudo iptables -A INPUT -p udp --dport 9909 -j ACCEPT # macOS — usually no firewall blocks inbound, # but check System Settings > Network > Firewall