GotaTun<\/a> is a WireGuard\u00ae implementation written in Rust aimed at being fast, efficient and reliable.<\/p>\n\n\n\n GotaTun is a fork of the BoringTun<\/a> project from Cloudflare. This is not a new protocol or connection method, just WireGuard\u00ae written in Rust<\/a>. The name GotaTun is a combination of the original project, BoringTun, and G\u00f6tatunneln<\/a>, a physical tunnel located in Gothenburg. We have integrated privacy enhancing features like DAITA<\/a> & Multihop<\/a>, added first-class support for Android and used Rust to achieve great performance by using safe multi-threading and zero-copy<\/a> memory strategies.<\/p>\n\n\n\n Last month we rolled it out to all our Android users, and we aim to ship it to the remaining platforms next year.<\/p>\n\n\n\n Our mobile apps have relied on wireguard-go for several years, a cross-platform userspace implementation of WireGuard\u00ae in Go. wireguard-go has been the de-facto userspace implementation of WireGuard\u00ae to this date, and many VPN providers besides Mullvad use it. Since mid-2024 we have been maintaining a fork of wireguard-go to support features like DAITA & Multihop. While wireguard-go has served its purpose for many years it has not been without its challenges.<\/p>\n\n\n\n For Android apps distributed via the Google Play Store, Google collects crash reports and makes them available to developers. In the developer console we have seen that more than 85% of all crashes reported have stemmed from the wireguard-go. We have managed to solve some of the obscure issues over the years (#6727<\/a> and #7728<\/a> to name two examples), but many still remain. For these reasons we chose Android as the first platform to release GotaTun on, allowing us to see the impact right away.<\/p>\n\n\n\n Another challenge we have faced is interoperating Rust and Go. Currently, most of the service components of the Mullvad VPN app are written in Rust with the exception of wireguard-go. Crossing the boundary between Rust and Go is done using a foreign function interface<\/a> (FFI), which is inherently unsafe and complex. Since Go is a managed language with its own separate runtime, how it executes is opaque to the Rust code. If wireguard-go were to hang or crash, recovering stacktraces is not always possible which makes debugging the code cumbersome. Limited visibility insight into crashes stemming from Go has made troubleshooting and long-term maintenance tedious.<\/p>\n\n\n\n![\"\"](\"https:\/\/jasonsblog.ddns.net\/wp-content\/uploads\/2025\/12\/image-34-1024x494.png\")
<\/figure>\n\n\n\nWhy GotaTun?<\/h2>\n\n\n\n
Outcome<\/h3>\n\n\n\n
![\"\"\/](\"https:\/\/mullvad.net\/media\/uploads\/2025\/gotatun.png\")