Most circumvention tools use open-source protocols that millions of people share: Shadowsocks, V2Ray, Trojan, Hysteria 2. They work — until censors catch up. Open-source means the protocol code is public, the traffic patterns are well-studied, and firewalls can build detection signatures that block all users at once. RelyVPN takes a fundamentally different approach. We built our own proprietary VPN protocol from the ground up — based on QUIC transport with our custom BBR Max congestion control, automatic fastest node selection, and multi-node cluster mode. This article explains the technology behind what may be the fastest VPN protocol available today, so you can understand not just that RelyVPN is fast, but why it is fast — and why it stays connected when others get blocked.
Why We Built Our Own Protocol
Every popular circumvention protocol today has the same problem: too many users sharing the same fingerprint. When millions of people use Shadowsocks or Hysteria 2, the traffic patterns become easy for censors to study and detect. One detection rule can block every user of that protocol overnight. This has happened repeatedly in China, Iran, and Russia.
Beyond the fingerprint problem, existing protocols have fundamental speed and usability limitations. TCP-based protocols (Shadowsocks, V2Ray, Trojan) stall on lossy cross-border links. Hysteria 2 is fast but requires manual speed configuration, has no fallback when UDP is blocked, and connects to only one server at a time. All of them require manual server selection and third-party client apps.
We needed something that could do four things no existing protocol does well together: stay invisible to censors, maximize throughput on imperfect networks, automatically adapt to the best available path, and distribute load across multiple servers. Building our own protocol was not about reinventing the wheel. It was about combining proven building blocks — QUIC, BBR, HTTP/3 — in a way that is purpose-built for VPN workloads, wrapped in a proprietary implementation that censors cannot fingerprint from public source code.
No Fingerprint: Harder to Detect, Harder to Block
This is arguably the most important advantage of a proprietary protocol, and the one most people overlook.
Open-source protocols have a public blueprint. When a protocol's code is open source, anyone — including government censors — can read the source code, study the handshake sequence, analyze the packet structure, and build automated detection rules. China's Great Firewall, Iran's filtering system, and Russia's TSPU have all developed signatures for Shadowsocks, VMess, Trojan, and Hysteria. When they flip the switch, every user of that protocol goes dark simultaneously. The protocol maintainers then have to update the code, and the cat-and-mouse game starts again.
RelyVPN's protocol is not published. Censors cannot download our source code and study the handshake. They cannot build detection signatures from a specification document. They have to analyze actual traffic — which is encrypted, padded with random data, and designed to look like ordinary HTTPS or QUIC web traffic. Our H2 fallback mode is indistinguishable from normal web browsing because it is real HTTP/2 traffic on port 443. Our QUIC mode uses the same port and TLS handshake as Google, YouTube, and every major website.
Smaller user base, smaller target. Millions of people use Shadowsocks. That makes it a high-value target for censors — one detection rule, millions of users blocked. RelyVPN's protocol is used only by RelyVPN users. It is a smaller, harder-to-study target that does not justify the same investment in detection. Even if a censor did develop partial detection, we can update our protocol unilaterally and deploy changes across all users instantly — without waiting for an open-source community to review, debate, and merge a pull request.
Constant evolution. Because we control both the client and the server, we can change padding patterns, handshake sequences, and protocol behaviors at any time. Each update makes previous detection attempts obsolete. Open-source protocols can evolve too, but slowly — changes need to be backwards-compatible, community-approved, and adopted by multiple third-party clients. We ship a change, and every RelyVPN user gets it on the next app update.
Built on QUIC: A Modern Foundation
Our protocol is built on QUIC, the same transport protocol that powers Google, YouTube, and most of the modern web. Here is what that means for you as a user:
Instant connection. Traditional VPN protocols need several back-and-forth exchanges before you are connected. QUIC combines everything into a single step. You tap connect and you are online — often in under a second. Reconnecting after waking your phone or switching networks is even faster: near-instant.
One slow download does not drag everything down. With older protocols, a single lost packet can freeze all your traffic — your video, your chat, your browsing — because everything shares one queue. QUIC handles each flow independently. Your video keeps playing even if a web request stalls.
Encrypted from the first byte. Every packet is encrypted with TLS 1.3 from the very start. There is no unprotected phase. Even the packet headers are encrypted, making the traffic harder for anyone to tamper with or identify.
Seamless network switching. Switch from WiFi to cellular, step into an elevator, change coffee shops — your VPN session stays alive. No reconnection, no interruption. The connection follows you across networks automatically.
BBR Max: Full Speed, Even on Bad Networks
Speed on a VPN is not just about how fast the server is — it is about how the protocol handles real-world network conditions. Most protocols use congestion control algorithms that slam the brakes at the first sign of trouble. A few packets lost? Speed cut in half. Crowded WiFi? Crawl to a stop. International link with jitter? Forget about streaming.
We built BBR Max, a custom congestion control algorithm based on Google's BBR, specifically designed for the messy reality of cross-border VPN traffic.
Full speed in under a second. Most VPNs spend several seconds "warming up" after you connect, cautiously increasing speed. With BBR Max, you hit full speed almost instantly. Press connect, and you are already at maximum — no waiting.
Stays fast on bad connections. You know the feeling: VPN works great for a few seconds, then freezes on a crowded WiFi or mobile hotspot. That is because traditional algorithms panic at packet loss and drop to near-zero speed. BBR Max does not panic. It maintains usable speed even on lossy networks — the kind you encounter daily on public WiFi, cellular data, and international links.
Shorter hiccups, faster recovery. When the network gets congested, other protocols cut speed dramatically and take a long time to recover. BBR Max recovers faster, so you experience brief hiccups instead of long freezes. This matters most for video calls, live streaming, and gaming where every second of stalling is noticeable.
Dual Transport: QUIC + TCP H2 Fallback
QUIC over UDP is our primary transport and delivers the best performance. But some networks block or throttle UDP traffic. Corporate firewalls, certain ISPs, and some countries restrict UDP to limit VPN usage. A VPN that only works over UDP is unreliable in these environments.
RelyVPN solves this with an automatic dual transport system. If QUIC over UDP cannot connect, the client automatically falls back to TCP with HTTP/2 (H2). From the outside, this traffic looks like normal HTTPS web browsing. It passes through firewalls, proxies, and ISP filters that would block raw UDP or VPN-specific protocols.
Both transports use the same encryption, the same authentication, and the same server infrastructure. The only difference is the underlying carrier. QUIC gives you the best speed; TCP H2 gives you the best compatibility. The switch is automatic and transparent — you do not need to configure anything. If UDP is available, you get QUIC. If not, you get H2. Either way, you are connected and encrypted.
Invisible to censors by design. This QUIC-first, H2-fallback behavior is exactly how modern web browsers work. When Chrome or Safari visits a website, they try HTTP/3 (QUIC) first, and if the network blocks UDP, they silently fall back to HTTP/2 over TCP. RelyVPN follows the exact same pattern. To any firewall or deep packet inspection system, your VPN traffic is indistinguishable from a normal browser visiting a website. It is not disguised as web traffic — it is web traffic, following the same protocol negotiation that billions of browsers perform every day.
Automatic Fastest Node Selection
Most VPNs let you choose a server from a list, or pick "the nearest" one based on geographic distance. But the nearest server is not always the fastest. Network conditions change constantly, and you should not have to test servers manually.
RelyVPN does this for you. Our automatic fastest node selection continuously tests every server in our network and connects you to the best one — no manual intervention needed.
Real measurement, not guessing. The app sends test packets to every online server and measures real speed and packet loss — not just ping distance. A server that is slightly farther but has zero packet loss will beat a closer one with congestion. The system picks what actually performs best, not what looks closest on a map.
Smart switching. The system does not jump to a new server just because it is marginally better. It only switches when it finds a significantly better option, so you are not bouncing between servers constantly. And when it does switch, it is seamless — existing connections continue uninterrupted while new ones go to the faster server. Like changing lanes on a highway without braking.
Always up to date. The system monitors continuously and reacts instantly to network changes. Switch from WiFi to cellular? It re-evaluates and picks the best server for your new connection within seconds.
Cluster Mode: 3× the Bandwidth, One Tap
Every other VPN connects you to one server. One server means one throughput ceiling. If that single server can deliver 300 Mbps, that is your limit — no matter how fast your own internet connection is.
RelyVPN breaks through that ceiling. Our cluster mode simultaneously connects to multiple servers in the same datacenter and spreads your traffic across all of them. With 3 nodes in the same facility, you get roughly 3× the bandwidth of a single-server VPN. With 5 nodes — the maximum — the multiplier goes even higher.
This is not a theoretical advantage. On a datacenter with 3 nodes, a single-server connection that tops out at 300 Mbps becomes a cluster delivering close to 900 Mbps. For anyone with a fast fiber connection, this is the difference between a VPN that bottlenecks your speed and one that lets you use your full bandwidth as if the VPN were not there.
It also makes you more resilient. If one server in the cluster goes down, the others keep carrying your traffic. You do not notice the difference. The system automatically finds a replacement node and adds it back. Compare this to a traditional VPN: one server goes down, your entire connection drops, and you wait for reconnection.
Smart expansion. The cluster is not limited to a single datacenter. If there are not enough nodes in one facility, the system automatically scouts nearby datacenters in the same city. If their latency is close enough, they join the cluster. You get more bandwidth without any perceptible increase in latency. All of this happens in the background — you just tap connect and get the fastest experience possible.
Always-On VPN with Nearly Zero Battery Impact
Most VPN apps are battery hogs. They run background timers every few seconds to check if the connection is alive, poll servers for updates, and cycle through keep-alive packets. Leave them on overnight and you will see it in your battery stats the next morning.
RelyVPN is designed to run 24 hours a day with virtually zero extra battery drain. The secret is our zero-polling architecture: nothing runs in the background unless something actually changes. The app does not check your connection on a timer. It sleeps until the system tells it something happened — a network switch, a server event, or a user action. Between events, the CPU usage is exactly zero.
When your screen is locked, the protocol shifts into a low-power mode automatically. Keep-alive intervals stretch out, probing pauses, and non-essential tasks are suspended. When you unlock, everything snaps back to full performance instantly. The result: you can leave RelyVPN connected all day and all night, and your battery life looks the same as if you were not running a VPN at all.
This is not just a nice-to-have. For users in censored regions who need their VPN on at all times, battery efficiency is the difference between a VPN you actually keep running and one you turn off to save battery — leaving yourself unprotected.
How It Compares to Other Protocols
The tables below compare RelyVPN's proprietary protocol against the most widely used circumvention protocols — both the older TCP-based generation and the newer QUIC-based Hysteria 2.
vs. Circumvention Protocols (TCP-based)
Shadowsocks, VMess (V2Ray), and Trojan are the "first generation" of circumvention protocols. They were designed to disguise traffic and evade DPI — and they do that reasonably well. But they are all built on TCP, which creates a hard speed ceiling on lossy international links.
| Shadowsocks | VMess (V2Ray) | Trojan | RelyVPN | |
|---|---|---|---|---|
| Transport | TCP | TCP / WebSocket / gRPC | TCP + TLS | QUIC (UDP) + TCP H2 fallback |
| Congestion control | OS default (CUBIC) | OS default (CUBIC) | OS default (CUBIC) | BBR Max (custom, loss-tolerant) |
| Head-of-line blocking | Yes (single TCP stream) | Yes (TCP multiplexing) | Yes (single TCP stream) | No (QUIC independent streams) |
| Bad network performance | 1 lost packet blocks all traffic; CUBIC halves window, slow recovery | Same TCP limitations | Same TCP limitations | Lost packets only affect their own stream; BBR Max maintains throughput |
| DPI resistance | Moderate, identifiable | Good with obfuscation plugins | Good, mimics HTTPS | Excellent (real HTTPS/H2 + QUIC padding) |
| Protocol fingerprint | Open-source, studied by censors | Open-source, actively blocked | Open-source, signature detectable | Proprietary, no public specification |
| Multi-node cluster | Not supported | Not supported | Not supported | Up to 5 nodes (bandwidth ×3–5) |
| Auto best server | Manual | Manual | Manual | Real-time QUIC probing |
| UDP blocked fallback | Works (TCP native) | Works (TCP native) | Works (TCP native) | Works (auto H2 fallback) |
| Ease of use | Manual URI, 3rd-party client | Complex JSON, 3rd-party client | Manual URI, 3rd-party client | Zero config, native app |
The fundamental limitation of all TCP-based protocols: when packets are lost on a cross-border link (which happens constantly), TCP's CUBIC algorithm slashes its sending rate and takes a long time to recover. This is why Shadowsocks, V2Ray, and Trojan often feel fast for a few seconds and then stall — the classic "speed rollercoaster" experience.
vs. Hysteria 2 (QUIC-based)
Hysteria 2 deserves its own section because it is the only other major circumvention protocol built on QUIC. It solved the TCP problem that plagues Shadowsocks/V2Ray/Trojan. However, its approach to speed and its architecture create different trade-offs.
| Hysteria 2 | RelyVPN | |
|---|---|---|
| Transport | QUIC (UDP only) | QUIC (UDP) + TCP H2 auto-fallback |
| Congestion control | Brutal (fixed-rate, manual bps setting) | BBR Max (bandwidth-based, fully adaptive) |
| Bandwidth discovery | None; user must set target rate manually | Automatic; probes real bandwidth in <1s |
| Loss handling | Compensates up to 20% loss (ackRate floor 0.8), sends up to 1.25× target | Speed floor protection + adaptive rate; maintains throughput without bufferbloat |
| UDP blocked fallback | Unusable (UDP only) | Auto TCP H2 fallback, mimics browser HTTPS |
| Multi-node cluster | Single server | Up to 5 nodes (bandwidth ×3–5) |
| Auto best server | Manual selection | Real-time QUIC probing + auto switch |
| Server failure | Disconnected, manual reconnect | Cluster continues, auto-replaces node |
| DPI resistance | Good (QUIC padding) | Excellent (QUIC padding + real HTTPS/H2 fallback) |
| Protocol fingerprint | Open-source, public specification | Proprietary, no public specification |
| Ease of use | Manual URI + speed config, 3rd-party client | Zero config, native app on all platforms |
Core Technology: Hysteria 2 Brutal vs. RelyVPN BBR Max
Hysteria 2's "Brutal" congestion control works like this: you manually set a target speed (say 100 Mbps), and Brutal sends at that rate. It is loss-aware — it monitors the ack/loss ratio over the last 5 seconds and compensates for packet loss by sending extra data (up to 25% more, capped at 20% loss). When the setting matches your actual bandwidth, Brutal delivers excellent speed. But the fundamental problem is: you have to guess your bandwidth in advance, and the network is never constant.
Scenario 1: You set Brutal too low. You are not sure of your bandwidth, so you conservatively set it to 50 Mbps. Your link can actually handle 100 Mbps, but Brutal will never discover that — it has no bandwidth probing mechanism. You permanently leave half your speed unused. BBR Max discovers 100 Mbps on its own within a second, no configuration needed.
Scenario 2: You set Brutal too high. You set it to 200 Mbps but your link can only handle 80 Mbps. Brutal's loss compensation kicks in — it detects the high loss rate and caps the ack rate at 0.8, so it sends at about 250 Mbps to try to push 200 Mbps of goodput through an 80 Mbps pipe. The excess packets flood the bottleneck buffer, causing queue buildup. The result: latency spikes from bufferbloat, video calls stutter, and interactive responsiveness drops significantly. BBR Max would have measured the real 80 Mbps ceiling and settled right there — maximum throughput with minimal latency.
Scenario 3: Your bandwidth changes mid-session. You start on fast WiFi (200 Mbps) and walk to a cafe with slower WiFi (30 Mbps). Brutal has no way to know the link changed — it keeps targeting the same fixed rate. With 200 Mbps being pushed into a 30 Mbps link, the loss compensation maxes out but cannot bridge such a large gap. You need to manually reconfigure. BBR Max detects the bandwidth change instantly and adjusts down to 30 Mbps, keeping your stream smooth without you touching anything.
Scenario 4: Bad network with high packet loss. This is where it gets interesting. Standard BBR (Google's original) backs off too cautiously on a lossy link and loses speed. Brutal's fixed-rate approach powers through moderate loss effectively via its compensation mechanism. BBR Max combines the best of both: it probes your real bandwidth ceiling like BBR — no manual guessing needed — but it also enforces a speed floor, refusing to drop below a usable rate even when the network is terrible. The result: on a lossy cross-border link, BBR Max maintains stable, usable speed while keeping latency low.
In short: Brutal is a powerful tool for users who know their exact bandwidth and have a stable link — but it requires manual tuning and cannot adapt when conditions change. BBR Max is fully automatic: it discovers the optimal speed on its own, adapts in real time, and combines aggressive throughput with low latency.
Beyond congestion control, Hysteria 2 is a single-server proxy that requires manual setup. RelyVPN adds cluster mode (3–5× bandwidth), automatic node selection, TCP fallback when UDP is blocked, and a native one-tap app experience. These are not minor differences — they determine whether you actually use the VPN every day or give up because it is too much hassle.
Experience the Difference
Protocol differences are best understood through experience. Download RelyVPN and connect. You will notice the speed on the first connection. Try switching networks — the connection migrates without interruption. Try it in a restricted environment — the dual transport finds a way through. Try streaming or downloading — cluster mode maximizes your throughput.
No sign-up is required — RelyVPN uses a license-based system with no accounts, no email, and no passwords. The free plan lets you test the full protocol stack. When you are ready for unlimited speed, paid plans start at $4.99/month — or just $2.92/month with the yearly plan. We also accept cryptocurrency (USDT) if you prefer anonymous payment.
Want to know how RelyVPN works in heavily censored countries? Read our guides for China, Iran, and Russia.
Try RelyVPN's Proprietary Protocol
Download now. No sign-up, no email needed. Connect in seconds.
Download Free →