Building a VPN from Scratch: Inside CicadaVPN's Game-Changing Architecture!

Kia ora, everyone! Today, I’m giving you a high-level overview of what it takes to build a VPN service like CicadaVPN. From cutting-edge tech stacks to backend infrastructure, it’s a complex operation that requires expertise across a wide range of areas. Let’s break down the key components involved.

The Core Components of a VPN Service

1. Networking (WireGuard Relays) At the foundation of CicadaVPN is WireGuard, a highly efficient protocol developed by Jason A. Donenfeld. Managing these relays requires expert-level networking skills in:

   • IPv4 & IPv6 subnetting

   • BGP (Border Gateway Protocol)

   • Tunneling, routing, and switching

   • NAT/PAT (Network Address Translation/Port Address Translation)

   • Virtual Machines (VMs) running in RAM

   • High-speed interfaces for low Mean Time Between Failures (MTBF) and optimal performance

   We’re maintaining 99.999% uptime, even as we prepare to scale up to hundreds or thousands of gateways.

2. Web Infrastructure: Next.js, Express.js, React, and Tailwind The web technology powering the CicadaVPN website, customer portal, and provisioning system includes:

   • Next.js for server-side rendering and static site generation.

   • Express.js for handling backend logic and APIs.

   • React for building dynamic user interfaces.

   • Tailwind CSS for sleek, responsive design and fast front-end development.

   • Supabase as our backend-as-a-service solution for managing databases and authentication. We ❤️ Supabase.

   These tools allow us to build fast, user-friendly interfaces that provide smooth account management, gateway provisioning, and service updates.

3. AI Integration AI plays a key role in improving the user experience:

   • AI-Powered Gateway Selection: AI helps users choose the best server for their needs.

   • Whack-a-Mole Monitoring: Our OpenAI agent, paired with Puppeteer, simulates human interaction to verify whether platforms like Netflix and BBC iPlayer are accessible from our gateways.

4. DNS Configuration and Record Keeping Custom DNS configurations ensure privacy and routing efficiency. We also offer family-friendly DNS filters that let parents control the internet environment for their households.

5. Payments, Subscriptions, and Business Layer

   • Payment integration supports multiple gateways, ensuring secure transactions.

   • Business functions such as expense management, approvals, payroll, and webhooks help automate processes and maintain seamless operations behind the scenes.

6. Cloud Infrastructure: GCP, AWS, Azure To handle the backend, we rely on Google Cloud Platform (GCP), Amazon AWS, and Microsoft Azure for reliability and scalability. These cloud services enable us to maintain redundancy and ensure the service is always available.

7. API Management and Backend APIs manage key functions such as VPN connections, user authentication, and data handling. We also use Vercel to deploy and manage the scalability of our infrastructure.

8. Email Communication: Google Workspace We manage emails through Google Workspace, ensuring secure communication with our customers and avoiding spam filters. Email is essential for everything from account notifications to support.

9. Home Router Support WireGuard home router support allows users to protect their entire home network with one setup. This adds another layer of complexity, requiring compatibility across various router hardware and firmware.

10. Load Balancing & Reverse Proxy To ensure traffic is distributed efficiently across our network, we use load balancing and reverse proxies. This helps avoid bottlenecks and ensures smooth performance for all users.

Scaling and the Critical Mass Needed

As we grow, it’s important to note the kind of resources needed for large-scale operations. Nord Security, for example, employs over 2,000 people across various departments to manage products like NordVPN and NordPass. Reaching that scale takes critical mass and significant resources, which is why we’re starting small with a B2C (Business-to-Consumer) focus. However, we plan to expand into B2B (Business-to-Business) in the future.

Why CicadaVPN is Different

CicadaVPN is more than just a VPN—it’s built on transparency, privacy, and customer-first principles. We’re using cutting-edge tools like AI, custom DNS filters, and a solid tech stack to provide a secure, reliable service. Unlike many VPN providers, we’re a family-run business, and we’re proud to put our faces on our brand.

Stay tuned as we dive deeper into each of these components in future posts.

Ngā mihi,
David Awatere
Founder of CicadaVPN