Quick Start · How It Works · Benchmark · Docs · Contributing

---

Why PeerLink?

You're working from home. You need to SSH into a dev server behind the corporate firewall. Traditional options all have trade-offs: VPN is complex to deploy, FRP needs open ports, Tailscale depends on third-party DERP servers.

PeerLink gives you a better option: self-hosted, zero third-party dependency, P2P direct connection with 99%+ success rate.

Important

穿透企业防火墙，让设备像在同一局域网一样互联 — 三层 NAT 穿透降级策略，无需公网 IP、无需开放端口、无需第三方账号。

🚀 Quick Start

1. Deploy Server (needs a public VPS)

$ git clone https://github.com/hbliu007/peerlink.git
$ cd peerlink/p2p-cpp && cmake -B build -DCMAKE_BUILD_TYPE=Release && cmake --build build -j$(nproc)

$ ./build/src/servers/signaling/p2p-signaling-server
✓ Signaling server listening on :9443

2. Office Machine (behind firewall)

$ ./build/tools/p2p-tunnel/relay-tunnel server \
    --did office-pc \
    --relay your-server.com:9443 \
    --forward 127.0.0.1:22
✓ Registered as office-pc
✓ Forwarding to 127.0.0.1:22

3. Your Laptop (at home)

$ ./build/tools/p2p-tunnel/relay-tunnel client \
    --did home-laptop \
    --target office-pc \
    --relay your-server.com:9443 \
    --listen 9022
✓ Connected to office-pc via UDP direct (12ms latency)
✓ Listening on localhost:9022

$ ssh -p 9022 user@localhost
user@office-pc:~$

Tip

详细教程: SSH 隧道 · 阿里云部署 · 手机连接

⚡ Features

3-Layer NAT Traversal	Zero-Trust Security	High Performance
UDP → TCP → TLS Relay fallback	DID decentralized identity	C++20 native, no GC pauses
99%+ connection success rate	Ed25519 + TLS 1.3 E2EE	500+ Mbps direct throughput
Cone & Symmetric NAT support	Relay cannot decrypt payload	< 50MB memory, < 2s setup

Platform Support

Platform	SDK	Status
Linux (x86_64 / ARM64)	C++ Core	✅ Stable
macOS (Intel / Apple Silicon)	C++ Core	✅ Stable
Android (ARM64)	JNI Bindings	✅ Stable
Python 3.8+	py-peerlink	✅ Stable
iOS	Swift Bindings	🔄 Planned

Protocol Support

Category	Protocols
Transport	TCP · UDP · QUIC · WebRTC · WebTransport
Security	TLS 1.3 · Noise Protocol · Ed25519 · DID
Multiplexing	mplex · yamux
NAT Traversal	STUN · TURN · ICE · UDP/TCP Hole Punching
Discovery	Kademlia DHT · Bootstrap Nodes · mDNS
PubSub	GossipSub v1.1

🔍 How It Works

Three-Layer NAT Traversal Strategy

Layer 1: UDP Hole Punching      ████████████████████░░░░  ~80% Cone NAT
Layer 2: TCP Simultaneous Open  ████████████░░░░░░░░░░░░  +15% Strict NAT
Layer 3: TLS 1.3 Relay          ████████████████████████  100% Guaranteed

Architecture

📖 Detailed Layer Description

Layer	Module	Responsibilities
1	Core	Event Loop · Memory Pool · Thread Pool · spdlog Logger
2	Protocol	Signaling Protocol · P2P Protocol · Relay Protocol · Protobuf
3	Transport	UDP Socket · TCP Socket · TLS Transport · Async I/O (Boost.Asio)
4	NAT	STUN Detection · UDP Hole Punching · TCP Simultaneous Open · Relay Fallback
5	Security	DID Identity · Ed25519 Signing · TLS 1.3 · Noise Protocol · Signed Envelope
6	Platform	CLI · Daemon · Library/SDK · Python Bindings

📊 Benchmark

Metric	Value	Notes
P2P Direct Throughput	> 500 Mbps	Gigabit network
Relay Throughput	> 50 Mbps	Server bandwidth limited
Connection Setup	< 2 sec	Including NAT traversal
Memory Usage	< 50 MB	Daemon process
Concurrent Connections	10,000+	Single machine
Test Coverage	80.1%	86.7% function coverage

Throughput by Protocol

Protocol	Throughput	Latency
TCP Direct	~500 Mbps	~20ms
QUIC	~450 Mbps	~15ms
WebRTC	~400 Mbps	~25ms
Relay (TURN)	~50 Mbps	~100ms

🆚 Comparison

P2P Connectivity & Remote Access

Feature	PeerLink	FRP	Tailscale	ZeroTier
P2P Direct	✅	⚠️ xtcp only	✅	✅
Self-Hosted	✅ Full	✅ Full	⚠️ via Headscale	⚠️ Controller non-free
Zero 3rd-Party Dep	✅	✅	❌ DERP relay	❌ Root servers
NAT Traversal	3 layers	Relay default	Multi-strategy	Custom protocol
E2E Encryption	✅ TLS 1.3	⚠️ TLS to relay	✅ WireGuard	✅
Decentralized Identity	✅ DID	❌	❌	❌
License	MIT	Apache 2.0	BSD-3 (client)	MPL-2.0 (core)
Language	C++20	Go	Go	C++

🌐 P2P Ecosystem Overview

Project	Category	Language	License	Self-Hosted	NAT Traversal	Encryption
PeerLink	P2P Connectivity	C++20	MIT	✅ Full	3-layer fallback	TLS 1.3 + DID
libp2p	P2P Network Stack	Multi-lang	MIT	✅	AutoNAT + DCUtR + Relay	Noise / TLS 1.3
WebTorrent	Browser File Sharing	JavaScript	MIT	✅	WebRTC ICE (STUN/TURN)	DTLS
IPFS	Distributed Storage	Go	Apache 2.0 / MIT	✅	via libp2p	Transport only
Syncthing	File Sync	Go	MPL-2.0	✅	UPnP + Discovery + Relay	TLS 1.3
FRP	Reverse Proxy	Go	Apache 2.0	✅	STUN (xtcp only)	TLS to relay
Tailscale	Mesh VPN	Go	BSD-3 (client)	⚠️ Headscale	UDP + DERP relay	WireGuard
ZeroTier	SDN Overlay	C++	MPL-2.0 (core)	⚠️ Controller non-free	Custom	Salsa20

Notable users: libp2p powers IPFS, Filecoin, Ethereum 2.0. WebTorrent is used by Brave browser. IPFS serves NFT storage and decentralized web. Syncthing is the leading open-source file sync tool.

Each project targets different use cases. PeerLink focuses on general-purpose P2P secure access with zero third-party dependency.

🏭 vs Commercial IoT P2P Platforms

Commercial IoT P2P solutions focus on camera/vertical domains with massive device deployments. For general-purpose P2P connectivity, data sovereignty, and security transparency, open-source solutions offer better control and auditability.

Feature	PeerLink	Typical Commercial IoT P2P
Open Source	✅ MIT	Typically closed source
Fully Self-Hosted	✅ Zero Dep	Typically cloud-dependent
Security Auditable	✅ Fully open	Not publicly auditable
Zero Vendor Lock-in	✅	Typically vendor-bound
Python SDK	✅	Typically not available
Throughput	>500 Mbps	IoT-tier bandwidth

💻 API Usage

#include <p2p/engine.hpp>

int main() {
    p2p::Config config;
    config.listen_addresses = {"/ip4/0.0.0.0/tcp/0"};
    config.enable_webrtc = true;

    auto engine = p2p::Engine::Create(config);
    engine->Start();

    auto conn = engine->Connect(p2p::PeerId::FromString("QmPeer..."));
    conn->Send("Hello, P2P!");

    engine->Stop();
    return 0;
}

🔧 Build

# Prerequisites: CMake 3.20+, C++20 compiler (GCC 11+ / Clang 14+ / MSVC 2022+), OpenSSL 3.0+
git clone https://github.com/hbliu007/peerlink.git
cd peerlink/p2p-cpp

cmake -B build -DCMAKE_BUILD_TYPE=Release
cmake --build build -j$(nproc)

# Run tests
cd build && ctest -V

# Build options
cmake -B build -DBUILD_TESTS=ON          # Enable tests
cmake -B build -DBUILD_SERVERS=ON        # Enable server components
cmake -B build -DBUILD_BINDINGS_PYTHON=ON # Python bindings

Docker

docker run -it hbliu007/peerlink:latest

📚 Documentation

Category	Content
Tutorials	Quick Start · SSH Tunnel · Mobile Connect · Python SDK
How-to	Aliyun Deploy · TLS Config · Monitoring
Concepts	How It Works · Architecture · Security Model
Reference	C API · Python API · Config · CLI

📂 Project Structure

peerlink/
├── p2p-cpp/                  # C++ Core Library
│   ├── include/              # Public headers
│   │   └── p2p/              # Core API
│   │       ├── core/         # Engine, connection, session
│   │       ├── crypto/       # TLS, Noise, Ed25519
│   │       ├── multiaddr/    # Multiaddr implementation
│   │       ├── net/          # Async I/O (Asio)
│   │       ├── protocol/     # libp2p protocols
│   │       └── transport/    # TCP, QUIC, WebRTC
│   ├── src/                  # Implementation
│   │   ├── servers/          # STUN, TURN, Signaling, DID
│   │   └── tests/            # Unit & integration tests
│   └── examples/             # Usage examples
├── signaling-server-cpp/      # WebSocket signaling server
└── docs/                      # Architecture & API docs

🌐 Preview docs locally

cd p2p-cpp
pip install -r requirements.txt
mkdocs serve    # http://localhost:8000

🤝 Contributing

Contributions welcome! See Contributing Guide.

1. Fork this repo
2. Create feature branch (git checkout -b feat/amazing-feature)
3. Commit changes (git commit -m 'feat: add amazing feature')
4. Push branch (git push origin feat/amazing-feature)
5. Open a Pull Request

👥 Contributors

⭐ Star History

📄 License

MIT License — Free for commercial use.

---

GitHub · Issues · Discussions