User Experience
Protocol
|
|
| VPN Protocol |
WireGuard (primary) |
| Config Delivery |
Download .conf file from dashboard, import into any WireGuard client |
| Endpoint |
MikroTik CHR router in AWS |
| Encryption |
Curve25519 (key exchange), ChaCha20 (symmetric), Poly1305 (authentication) |
IPsec and PPP options are in development
IP Addressing by Tier
| Tier |
Private IP Range |
Public IP |
Internet Access |
| Torus Basic |
10.254.16.128/25 |
None |
No — mesh only |
| Torus Plus |
10.254.16.128/25 |
Shared NAT |
Yes — outbound only |
| Torus Pro |
10.254.16.64/28 |
Dedicated 1:1 NAT |
Yes — inbound & outbound |
User Dashboard
VPN Management
- View active VPN connections and status
- Download WireGuard config files
- Request new VPN connections
- See assigned IP addresses
Firewall & Access Controls (Pro only)
| Control |
Description |
| Full Mesh |
Allow/deny traffic to/from other Torus members |
| Public Inbound |
Allow/deny inbound connections from the internet to your public IP |
| Bandwidth Limit |
Configurable rate limit (default 512 Kbps, adjustable) |
DNS Hostnames
- All Torus users have access to create
yourname.ring.nekopia.io
- Pro Accounts can AWS Route53 FQDNs as
yourname.torus.nekotopia.io)
- A record points to your Torus private or public IP
- PTR (reverse DNS) records are created automatically for Pro DNS
- Add/remove hostnames from the dashboard
Profile
- Update name and email
- Change password
Network Configuration
| Setting |
Value |
| DNS Server |
10.254.16.1 (pushed via VPN) |
| Default Route |
0.0.0.0/0 through VPN (Plus/Pro) |
| Split Tunnel |
Possible by modifying AllowedIPs in config |
| Keepalive |
25 seconds (standard for NAT traversal) |
What You Can Host (Pro tier)
With a dedicated public IP and inbound access enabled, you can run publicly-accessible services on any port:
- Web servers (HTTP/HTTPS)
- Game servers
- SSH access
- Anything else that listens on a TCP port
What You Cannot Host (Pro tier)
The hub provides access to and from the internet. However, living within the AWS platform does offer some functional safety.
- Outbound Email is not allowed (without using the AWS SES service)
- Forwarding of traffic is not allowed (without permissible filters in and out of the VPC).
