G

Gao VPN

Gao VPN

Gao VPN

Gao VPN is a decentralized, pay-per-use privacy network built on Gao Internet infrastructure. It routes user traffic through DePIN bandwidth nodes, paid per-megabyte via Gao Payment (x402), with no central operator and no user data stored.

What Gao VPN Is Not

Not investment instruments

  • Not a yield-generating protocol

  • Not a passive income mechanism for node operators

  • Not a revenue-sharing agreement

Not financial services

  • Not a custodial payment system

  • Not an escrow service

Not a guarantee

  • Not a complete anonymity solution (see Privacy Model)

  • Not a Tor replacement (different threat model)

  • Not protection against device-level surveillance

Gao VPN is: a protocol-defined privacy network, a pay-per-use bandwidth marketplace, and a DePIN-powered routing layer.

Architecture

User Device  
    ↓ WireGuard tunnel (ChaCha20-Poly1305)  
Entry Node (DePIN bandwidth node)  
    ↓ Inner encrypted packet (AES-256-GCM)  
Exit Node (DePIN bandwidth node)  
    ↓  
Public Internet

Two-hop routing by default. Entry node knows the user’s IP but not the destination. Exit node knows the destination but not the user’s IP. Neither node knows the full path.

Node Types

Node

Role

Min Stake

Entry Node

Accepts user connections, first hop

2,000 $GAO

Exit Node

Connects to internet, last hop

5,000 $GAO

Bridge Node

Entry + obfuscated protocol for censored regions

2,000 $GAO

Nodes compete on latency, throughput, reliability, and price. Node selection is automatic — client picks the optimal Entry + Exit pair.

Payment Model

Pay-Per-Use (x402)

Every 10 MB of traffic, the client sends a micropayment proof via x402:

const proof = await sdk.settlement.x402.createProof(  
  '0.001',         // USDC per 10MB  
  'USDC',  
  'node-us-east-1.gao'  
)  
// Proof attached to tunnel packet — node verifies before forwarding

Prepaid Bundles

Bundle

Data

Price

Starter

1 GB

$0.50 USDC

Standard

10 GB

$3.00 USDC

Pro

100 GB

$20.00 USDC

Unlimited

$8.00/month

Bundles are anonymous vouchers — a cryptographic token with no user identity attached. No account, no email required.

Free Tier

5 GB/month free for users with an active Gao Domain (.gao). Subsidized by protocol treasury during bootstrap phase.

Fee Split

65%  Exit Node operator  
25%  Entry Node operator  
 8%  Gao Protocol Treasury  
 2%  Burned ($GAO deflationary)

---

### Privacy Model

#### What Nodes Know

Node

Knows

Does NOT Know

Entry Node

User IP, bytes transferred

Destination, user identity

Exit Node

Destination IP / URL

User IP, user identity

Both combined



Full path (entry + exit)

#### Identity Separation

Gao VPN deliberately separates payment from routing:

Payment: Anonymous voucher — no Gao Domain, no wallet address in payment
Routing: Ephemeral WireGuard key — no wallet address in tunnel
Logs: Byte counters only — no URLs, no user IDs, no destinations


This is different from Meshii  Meshii uses Gao Domain identity because messaging requires identity. VPN requires anonymity. Two different designs for two different threat models.

#### Entry Node Logging Policy

Entry nodes **MAY** log: session timestamps, total bytes per session, source IP (purged after 24 hours for abuse prevention).

Entry nodes **MUST NOT** log: destination URLs, packet content, user Gao Domain, individual request paths.

Protocol enforces via spot-check audits. Violations trigger slashing.

#### Limitations

Gao VPN protects against: ISP traffic inspection, geo-restrictions, public WiFi snooping, website IP tracking.

Gao VPN does NOT protect against: browser fingerprinting, cookie tracking, device malware, timing correlation attacks, Exit Node legal compliance in their jurisdiction.

---

### Client SDK

pnpm add @gao/vpn-sdk


import { GaoVPN } from '@gao/vpn-sdk'  
  
const vpn = new GaoVPN({  
  environment: 'production',  
  voucher: storedVoucher,        // anonymous bundle voucher  
})

// Connect

await vpn.connect({  
  region: 'auto',                // 'us' | 'eu' | 'ap' | 'auto'  
  protocol: 'wireguard',         // or 'obfuscated' for bridge mode  
})

// Status
vpn.status // 'connected' | 'connecting' | 'disconnected'
vpn.serverRegion // 'us-east'
vpn.latencyMs // 23
vpn.dataUsed // '1.2 GB'
vpn.dataRemaining // '8.8 GB'

// Safety features
vpn.setKillSwitch(true) // block internet if VPN drops
vpn.excludeApps(['Chrome']) // split tunneling

// Disconnect

await vpn.disconnect()

Client Apps

Platform

Status

macOS

Phase 1

iOS

Phase 1

Android

Phase 1

Windows

Phase 2

Linux

Phase 2

Browser extension (SOCKS5)

Phase 3

Running a VPN Node

Entry Node Setup

git clone https://github.com/toii-labs/gao-vpn  
cd packages/entry-node  
  
cp .env.example .env  
# Set: GAO_DOMAIN, OPERATOR_PRIVATE_KEY, ENDPOINT, REGION  
  
# Stake 2,000 $GAO and register  
pnpm run register-node  
  
# Start  
docker-compose up -d

Exit Node Setup

cd packages/exit-node  
  
cp .env.example .env  
# Set: GAO_DOMAIN, OPERATOR_PRIVATE_KEY, ENDPOINT, REGION  
# Important: read DMCA handling guide before operating  
  
# Stake 5,000 $GAO and register (higher — exit nodes carry more responsibility)  
pnpm run register-node  
  
docker-compose up -d

Slashing Conditions

Violation

Penalty

Not deleting logs after 24h

5% stake

Logging destinations

15% stake

Downtime > 5% in 30 days

2% stake

Forwarding traffic without payment

5% stake

DMCA non-compliance (repeat)

20% stake + removal

Acceptable Use

Gao VPN nodes block at the protocol level:

  • Traffic to OFAC-sanctioned IP ranges

  • Known CSAM domains (DNS blocklist, updated weekly)

  • DDoS amplification patterns

Node operators are responsible for DMCA compliance in their jurisdiction. See the Node Operator Legal FAQ for guidance.

How Gao VPN Fits the Stack

L7 DePIN:    Bandwidth nodes provide hardware and stake  
L6 Network:  Routing algorithm, node selection, VPN protocol   here  
L4 Settlement: x402 micropayments, prepaid vouchers  
L5 Identity: Optional free tier check (not used in routing)  
L3 SDK:      @gao/vpn-sdk

Gao VPN is the first cross-layer DePIN application on Gao Internet — connecting Transport Layer routing with DePIN infrastructure and Settlement Layer payments.

Roadmap

Phase 1 — Bootstrap (Toii-operated nodes) WireGuard protocol, x402 payments, prepaid bundles, macOS + iOS + Android, 2-hop routing, free tier

Phase 2 — Permissionless nodes External operators, on-chain NodeRegistry, slashing live, Windows + Linux, bridge nodes

Phase 3 — Full decentralization 3-hop routing, browser extension, ZK anonymous payments, decentralized coordinator