Hey everyone. This is my first post on the platform, so I'm not sure how to properly break into the feed here. But the latest news about the internet in Russia has pushed my patience past its breaking point, so I decided to share my story: "how I got tired of constant connection drops and wrote my own system that I'm actually proud of."
If you follow the news, you know: they're tightening the screws not with pliers anymore, but with a pneumatic drill. TSPU (technical means of countering threats) are being updated, there's constant talk about implementing "white lists," and not only classic OpenVPN and WireGuard are dropping off en masse, but popular obfuscation protocols too. Buying subscriptions to public services right now is just playing roulette with your own money. Today everything flies, tomorrow the subnet is banned, and support just feeds you empty promises.
It became obvious that the most reliable tool is the one you build yourself.
My own config: happiness loves silence
At first, like many others, I simply rented a server and deployed basic Xray via Remnawave Panel. But in the current reality, standard settings only survive until the first serious wave of blocks from the RKN.
I had to dive into the documentation, experiment with routing, and traffic masking. In the end, I put together my own custom config. I won't reveal all my cards and publish the technical details right now—in our line of work, happiness loves silence. I'll just say that at the moment, this configuration bypasses all current restrictions, and I predict it will run without any intervention for a very long time. Maybe someday I'll open-source it or write a separate technical breakdown, but for now, let it run as is.
The problem was solved. I had perfect, stable, and fast internet. But then trouble came from an unexpected direction.
The "Help a brother out" trap
When you have something that works while everyone else's is broken, you quickly become the most popular person in your circle.
— "Oh, your Insta is loading? Give me access?" First it was my wife, then a friend, then my brother, then colleagues.
Handing out access through the Remnawave browser panel is hell. When a friend messages you on a Saturday night asking for settings for their new phone, you have to log into the panel from your mobile, copy a kilometer-long key string, and explain where to paste it.
And when you have 15 people sitting on your server, the question of paying for hosting arises. DMing everyone "toss me 150 rubles, it's time to renew the server" is awkward. Keeping track in your head of who paid and who forgot is impossible.
I realized I had become a free sysadmin and accountant rolled into one. I urgently needed to move the access distribution interface to where people already hang out—Telegram—and fully automate the billing.
Developing GhostWire VPN
I decided not to slap together a band-aid solution from ready-made scripts, but to write a proper architecture.
Backend: I chose NestJS + PostgreSQL with Prisma. So the database wouldn't crash from frequent clicks in the bot, I added a Redis layer with a 5-minute cache. I set up server integration via API—the bot itself goes to Remnawave, creates users, generates keys, and blocks traffic if the subscription expires. My involvement was reduced to zero.
Bot: Written in grammY (TypeScript) in polling mode, works at lightning speed.
Infrastructure: Everything is packed into 5 Docker Compose containers and runs behind Caddy (reverse proxy + auto-SSL).
UX in Telegram: I can't stand it when VPN bots look like a dry console. So, I added a bit of a product approach. I made a dynamic menu: subscription active — green card, expired — red. I drew 15 contextual illustrations for different sections and attached custom animated emojis to the buttons. The bot feels like a mini-app.
Payments: Telegram Stars and the classics: To avoid running after friends with an outstretched hand, I hooked up two payment methods. The first is an external Platega gateway (SBP, cards, crypto). The second is Telegram Stars. Payment goes through right in the messenger interface via Invoice. One tap, FaceID—and access is granted, the conversion rate is simply cosmic.
My own admin panel, which isn't embarrassing to show off
The basic server panel manages protocols perfectly, but it knows nothing about people, money, and Telegram avatars. If a user writes, "I paid, but it's not working," all you see in the server panel is an abstract UUID.
I had to write my own business admin panel. Regular internal dashboards are usually thrown together hastily, but I went the extra mile with the visuals. I built the frontend on React 18 + Mantine 7 + React Query.
I completely moved away from boring tables: I created a sleek dark theme with Glassmorphism effects. I scattered all the analytics across a modern Bento Grid and wrapped the navigation in floating pill-shaped elements. I put a hard focus on mobile-first—now I can look at revenue graphs (separately in rubles and Stars), see live online stats, and manage mass mailings right from my phone.
The Bottom Line
Right now, GhostWire operates fully autonomously. A cron job checks subscription terms every day at 16:00 and sends gentle reminders. I've gotten my peaceful weekends back.
Initially, this was a project just for my inner circle. But the architecture was built with a good margin of safety, server capacity is sitting idle, and my "custom config" takes the hit of current blocks perfectly.
That's why I decided to open the bot to everyone. I'm interested in letting real traffic in and seeing how the billing and server handle the load.
Jump in, test it out: @gwire_vpn_bot. A free trial period is set up by default for all new users, so you can evaluate the stability and connection speed yourself before paying for a subscription.
FREE TRIAL - 125 DAYS 🔥🔥🔥
I'd be happy to answer questions in the comments about the NestJS and grammY stack, discuss experiences, or just read how you're surviving in the current realities of the Runet.
If you have any questions or suggestions, you can always write to me: @eiodev
Top comments (0)