Project Overview
We are developing production-grade desktop VPN clients and are seeking an experienced contractor or agency.
Target platforms:
- Windows
- macOS
- Linux
This is a fixed-price, fixed-scope engagement.
Delivery is required ASAP.
Priority will be given to proposals that offer faster delivery with realistic and structured milestone planning.
We provide:
- Complete design assets
- API documentation
- Existing Flutter mobile codebase (Android/iOS) that may be reused
Architecture Context
This is not a basic static VPN client.
The client must:
- Use public-key–based authentication
- Operate in a dynamically scaling backend environment
- Interact with backend services via both HTTPS API and WebSocket
- Handle backend availability changes gracefully
- Support secure connection establishment after backend coordination
- The client must be robust under partial failures and network interruptions.
Required Architecture Characteristics:
- Clear separation between application layer and privileged networking service
- Reliable connection lifecycle management
- Backend failover handling
- WebSocket reconnection handling
- Crash-safe recovery behavior
- Kill-switch implementation per OS
- DNS handling and IPv6 support
- Network change detection (Wi-Fi, sleep/wake, etc.)
- Signed packaging and proper OS integration
- Modular protocol support (WireGuard, OpenVPN, and future protocol extensibility)
- Architecture that balances code reuse across platforms with platform-specific stability and reliability
- Architectures relying solely on unmanaged CLI process invocation will not be accepted.
Deliverables
Phase 0 — Architecture Approval
- High-level architecture document
- Connection lifecycle design
- Security considerations
- Packaging approach
- Detailed milestone plan
Development begins only after approval.
Core Development
- WireGuard integration
- OpenVPN integration
- Backend API integration
- WebSocket integration
- Connection lifecycle implementation
- Backend failover handling
Production Hardening
- Kill-switch implementation
- DNS handling
- Crash recovery
- Signed installers (MSI / PKG / DEB/RPM)
- macOS notarization
- Logging and diagnostic export
- Stability validation
- Client–server compatibility safeguards
Acceptance Criteria
- Project completion requires:
- Proper backend failover handling
- Stable WebSocket reconnection behavior
- Robust behavior under backend changes
- Kill-switch verified under forced disconnect
- DNS leak tests passing
- Crash recovery validated
- WireGuard and OpenVPN fully functional
- Signed builds delivered
- Source code and build scripts provided
Final 30% payment released after acceptance tests pass.
Required Experience
Applicants must demonstrate experience building production desktop software that:
- Programmatically manages VPN tunnels (WireGuard and/or OpenVPN)
- Implements background services or privileged components
- Handles DNS, routing, and network lifecycle management
- Uses macOS Network Extension framework
- Implements Windows services for networking applications
- Maintains persistent WebSocket connections
- Ships signed installers across platforms
Proposal Requirements
Proposals must include:
- Architecture overview
- Fixed total cost
- Fixed delivery timeline (ASAP)
- Milestone breakdown
- Risk assessment
- Team composition
Generic proposals will not be considered.
Contract duration of 1 to 3 months.
Mandatory skills: VPN, OpenVPN, API, Desktop Application, macOS