跳至主要内容

Announcing GotaTun, the future of WireGuard at Mullvad VPN

Features App 

GotaTun is a WireGuard® implementation written in Rust aimed at being fast, efficient and reliable.

GotaTun is a fork of the BoringTun project from Cloudflare. This is not a new protocol or connection method, just WireGuard® written in Rust. The name GotaTun is a combination of the original project, BoringTun, and Götatunneln, a physical tunnel located in Gothenburg. We have integrated privacy enhancing features like DAITA & Multihop, added first-class support for Android and used Rust to achieve great performance by using safe multi-threading and zero-copy memory strategies.

Last month we rolled it out to all our Android users, and we aim to ship it to the remaining platforms next year.

Why GotaTun?

Our mobile apps have relied on wireguard-go for several years, a cross-platform userspace implementation of WireGuard® in Go. wireguard-go has been the de-facto userspace implementation of WireGuard® to this date, and many VPN providers besides Mullvad use it. Since mid-2024 we have been maintaining a fork of
wireguard-go to support features like DAITA & Multihop. While wireguard-go has served its purpose for many years it has not been without its challenges.

For Android apps distributed via the Google Play Store, Google collects crash reports and makes them available to developers. In the developer console we have seen that more than 85% of all crashes reported have stemmed from the wireguard-go. We have managed to solve some of the obscure issues over the years (#6727 and #7728 to name two examples), but many still remain. For these reasons we chose Android as the first platform to release GotaTun on, allowing us to see the impact right away.

Another challenge we have faced is interoperating Rust and Go. Currently, most of the service components of the Mullvad VPN app are written in Rust with the exception of wireguard-go. Crossing the boundary between Rust and Go is done using a foreign function interface (FFI), which is inherently unsafe and complex. Since Go is a managed language with its own separate runtime, how it executes is opaque to the Rust code. If wireguard-go were to hang or crash, recovering stacktraces is not always possible which makes debugging the code cumbersome. Limited visibility insight into crashes stemming from Go has made troubleshooting and long-term maintenance tedious.

Outcome

The impact has been immediate. So far not a single crash has stemmed from GotaTun, meaning that all our old crashes from wireguard-go are now gone. Since rolling out GotaTun on Android with version 2025.10 in the end of November we’ve seen a big drop in the metric user-perceived crash rate, from 0.40% to 0.01%, when comparing to previous releases. The feedback from users' have also been positive, with reports of better speeds and lower battery usage.

User-perceived crash rate

Looking ahead

We’ve reached the first major milestone with the release of GotaTun on Android, but we have a lot more exciting things in store for 2026.

  • A third-party security audit will take place early next year.
  • We will replace wireguard-go with GotaTun across all platforms, including desktop and iOS.
  • More effort will be put into improving performance.

We hope you are as excited as we are for 2026!