Tunnel engine
WireGuard with the Noise_IK handshake, Curve25519 key exchange, ChaCha20-Poly1305 authenticated encryption, and BLAKE2s hashing for high-throughput secure transport.
Your IP: ... ·Your ISP: ... ·Your Status: Detecting
Technology
QAL VPN combines a high-speed tunneling design with a secure control plane, account-based access, and optional post-quantum cryptographic enhancement.
WireGuard with the Noise_IK handshake, Curve25519 key exchange, ChaCha20-Poly1305 authenticated encryption, and BLAKE2s hashing for high-throughput secure transport.
Cloud API coordinates region discovery, entitlement checks, provisioning metadata, and secure tunnel bootstrap through signed, user-authenticated API requests.
Firebase Authentication issues identity tokens and refresh tokens. QAL clients refresh tokens automatically to keep entitlement checks and provisioning reliable.
Stripe Checkout + Customer Portal manage trial and billing lifecycle. Webhooks normalize plan status into entitlements used by app and website.
QAL VPN uses an optional hybrid model: classical X25519 plus ML-KEM-768. When enabled, the client derives additional shared material, sends a PQ payload during provisioning, and installs a WireGuard preshared key derived from the hybrid exchange.
Standard mode remains available by default for compatibility and speed. Hybrid mode is user-controlled, so teams can progressively adopt post-quantum protections without forcing a one-size-fits-all rollout.