2GC Team Updated: 6/18/2025

CloudBridge Relay: Technologies and Prospects

A cloud API-oriented platform for secure TCP traffic tunneling in the Zero Trust paradigm, based on SoftEther VPN principles.

2GC CloudBridge Relay tunneling Zero Trust API security

CloudBridge Relay: Technologies and Prospects

CloudBridge Relay is conceived as a cloud-based, API-oriented platform for secure TCP traffic tunneling in the Zero Trust paradigm. While based on SoftEther VPN principles, its reimagining allows us to go far beyond the classic “virtual private channel” and approach a next-generation flexible access infrastructure.

1. What We Take from SoftEther - and Where We’re Heading

SoftEther PrincipleHow It Works TodayWhat’s Planned in CloudBridge Relay
Ethernet Frame Encapsulation over TLS/HTTPSSingle TLS tunnel, up to 32 parallel TCP streams, DPI/NAT bypassAsynchronous TLS sessions, zero-copy buffering, dynamic stream routing - higher performance, lower latency
ICMP/DNS FallbackSwitching when TCP/UDP is blocked”Light” auto-fallback in strict filter mode, extended coverage area
VNet via Virtual Ethernet Bridge + L3 RoutingRequires manual configurationIntegrated IP router: each agent assigned an IP, network and ACL management - via UI/API
TLS 1.3, PFS SecurityChaCha20-Poly1305, perfect forward secrecyOptional mTLS and JWT authorization for fine-grained RBAC
JSON-RPC APIConsole-oriented managementFull REST / JSON-RPC / WebSocket stack, tailored for CI/CD and IaC
Horizontal ScalingManual node deploymentClusters with load balancing and geo-distribution, Go/Rust implementation with multicore-TLS

2. Intelligent Security of the Future

CloudBridge Relay evolves not just as a transport, but as a traffic guardian:

  • ML Engine UEBA Builds profiles based on geolocation, User-Agent, time patterns. Anomalies are flagged and sent for automated response.
  • Keycloak IAM + MFA Centralized identification and administrative zone segmentation.
  • Real-time Threat Monitoring Clusters, hubs, and key metrics collected in “single pane of glass” mode.

3. MVP Architecture

┌─────────────┐
│ Client /    │  TLS over
│Relay Agent ─┼─────────┐
└─────────────┘          │
      TCP-multiplex      │
                          ▼
                 ┌────────────────┐
                 │  Relay Server  │
                 │ • TLS Termination
                 │ • IP Routing (VNet)
                 │ • JSON-RPC API
                 │ • ML Engine & ACL
                 └────────────────┘
                          │
        Internal cluster  │    Heartbeat / Syslog
         communication    ▼
                 ┌────────────────┐
                 │  Dashboard UI  │
                 │ • Tunnel Mgmt  │
                 │ • VNet View    │
                 │ • Threat Alerts│
                 └────────────────┘
                          │
             REST / WebSocket API
                          │
                       Backend
                          ▼
                 ┌────────────────┐
                 │  Django + DB   │
                 │ • Users        │
                 │ • Servers      │
                 │ • VNet, ACL    │
                 └────────────────┘
  • Agents (Go/Rust) - establish TLS channel, multiplex streams, transmit heartbeat.
  • Relay Server - terminates TLS, routes packets within VNet, stores logs and ML features.
  • Dashboard - React-SPA, displays real-time statistics.
  • Backend (Django) - stores entities, issues JWT, serves REST/WebSocket.

4. API Examples

Create Tunnel

POST /api/v1/tunnels
Content-Type: application/json

{
  "server_id": "5f2a-…-c431",
  "ports": [22, 3389],
  "vnet_id": "a17d-…-1b22"
}

Response:

{
  "tunnel_id": "6b3d-…-e9af",
  "endpoint": "relay.example.com:443",
  "agent_token": "eyJhbGciOiJIUzI1NiIs..."
}

Tunnel Status

GET /api/v1/tunnels/{tunnel_id}/status

{
  "status": "active",
  "bytes_in": 102400,
  "bytes_out": 204800,
  "uptime": 3600
}

Agent Heartbeat

{
  "type": "heartbeat",
  "tunnel_id": "6b3d-…-e9af",
  "stats": {
    "bytes_in": 102400,
    "bytes_out": 204800,
    "client_ip": "10.12.0.2",
    "timestamp": "2025-06-18T12:00:00Z"
  }
}

VNet Management

POST /api/v1/vnets
{ "name": "office-net", "cidr": "10.12.0.0/24" }

POST /api/v1/vnets/{vnet_id}/members
{ "server_id": "5f2a-…-c431", "ip": "10.12.0.4" }

5. MVP Roadmap

PhaseTimelineKey Milestones
MVP ReleaseQ3 2025TLS tunnels, JSON-RPC, basic UI, JWT, heartbeat
VNet & ACLQ4 2025Virtual subnets, ACL, RDP/SSH tunneling
Firewall-fallbackQ1 2026HTTPS/ICMP/DNS tunnel under blocking conditions
ML ModulesQ2 2026Behavioral feature collection, anomaly classification
IAM IntegrationQ3 2026Keycloak, MFA, RBAC UI
Geo-clustersQ4 2026Distributed clusters, SLA tools

6. Key Advantages

  1. Adaptive Tunnel - resilient to NAT, DPI, and strict filters.
  2. Centralized IP Router with manageable ACLs.
  3. ML Behavior Analytics in real-time.
  4. Cloud Zero Trust Infrastructure with “click-to-scale” capability.

Conclusion

CloudBridge Relay is forming as an ecosystem for companies that value:

  • simplicity in deploying secure tunnels without VPN clients;
  • transparent access management through API and UI;
  • built-in threat analysis with instant response.

Ready to share detailed technical schematics, extended API examples, and discuss the MVP architecture - just let us know!