A Virtual Private Network (VPN) is software that adds security and privacy to your network. VPNs can either be used by companies to give remote employees access to their internal private networks, or to protect users’ connections to the Internet. VPNs protect your privacy by encrypting all of your traffic so it cannot be spied on, and also by changing your IP address to that of the VPN server to make you harder to trace.

Traditional VPNs, like IPSEC or OpenVPN, all work on the same principle: they first create an AES encrypted socket to a VPN server and then take all Internet traffic from the client, and encapsulate the packets to put them inside of that single secure socket. When the packets get to the server, they are decrypted, unencapsulated, and put out on the Internet by the VPN server. Anyone trying to “listen in” on the connection only sees encrypted packets on their way to the VPN server. They cannot see the end destination, or what servers are being visited.

But this single socket design has big downsides. First of all, there’s no failover. If the internet connection that the socket was created on stops working, the client gets disconnected – even if there is another working connection available to the device. There is also no bonding, so even if you are connected to the internet via Wi-Fi and Cellular, the software picks just one and you’re stuck on that connection. There’s no way to harness the speed of both.

Nearly all VPNs use AES encryption to protect their data. This is a tried and true, standards based encryption mechanism. But on *many mobile processors it’s both slow, and a big battery drain.

*Some newer mobile processors are including AES hardware instructions that can help AES perform much better, but the majority of existing mobile devices do not have AES hardware support.