# Hysteria — QUIC-Based Network Tunnel for High-Speed Unreliable Networks > Hysteria is a feature-rich network proxy and tunneling tool built on a modified QUIC protocol. It is designed for users on lossy or throttled networks, delivering high throughput through aggressive congestion control optimized for challenging network conditions. ## Install Save in your project root: # Hysteria — QUIC-Based Network Tunnel for High-Speed Unreliable Networks ## Quick Use ```bash # Install on Linux bash <(curl -fsSL https://get.hy2.sh/) # Generate a self-signed certificate for testing openssl req -x509 -nodes -newkey ec:<(openssl ecparam -name prime256v1) -keyout server.key -out server.crt -subj "/CN=example.com" -days 36500 # Start server hysteria server -c server.yaml ``` ## Introduction Hysteria is a proxy and tunneling tool powered by a custom QUIC transport layer called Brutal. It targets environments where traditional TCP-based proxies suffer from packet loss and throttling, making it popular for bypassing network restrictions on congested links. ## What Hysteria Does - Tunnels TCP and UDP traffic over a custom QUIC-based protocol with aggressive send rates - Operates as a SOCKS5, HTTP, or transparent proxy on the client side - Supports port forwarding for exposing local services through the tunnel - Provides traffic masquerading to make connections appear as standard HTTPS - Handles user authentication and bandwidth control per client ## Architecture Overview Hysteria consists of a server binary and a client binary, both written in Go. The server listens on a UDP port and negotiates QUIC connections with clients. The custom Brutal congestion control algorithm ignores traditional TCP-fair bandwidth sharing and instead sends at a user-specified rate, recovering from packet loss without backing off. The client multiplexes proxied connections over a single QUIC session, reducing handshake overhead. ## Self-Hosting & Configuration - Deploy the server on any VPS with a public IP and open UDP port - Obtain a TLS certificate via ACME (built-in Let's Encrypt support) or provide your own - Configure bandwidth limits in the server YAML to prevent abuse - Use the client on desktops, phones (via third-party apps), or routers - Integrate with authentication backends via HTTP-based user verification ## Key Features - Brutal congestion control delivers high throughput even on heavily congested links - Built-in ACME for automatic TLS certificate provisioning - Traffic obfuscation makes Hysteria traffic resemble regular HTTPS connections - Multi-user support with per-user bandwidth limits and traffic statistics - Zero-round-trip connection resumption via QUIC 0-RTT ## Comparison with Similar Tools - **WireGuard** — efficient VPN but uses fixed-rate UDP; Hysteria adapts to lossy networks with aggressive retransmission - **V2Ray/Xray** — multi-protocol proxy suites; Hysteria focuses on QUIC-native performance - **TUIC** — another QUIC-based proxy; Hysteria's Brutal CC is more aggressive on bad links - **SSH tunneling** — simple but TCP-over-TCP causes head-of-line blocking; Hysteria avoids this via QUIC ## FAQ **Q: Is Hysteria safe to use on shared servers?** A: Set bandwidth limits in the server config to prevent individual clients from saturating the link. **Q: Does it support mobile devices?** A: Yes. Third-party clients like NekoBox and Shadowrocket integrate Hysteria on iOS and Android. **Q: How does the Brutal congestion control work?** A: Instead of probing available bandwidth like Cubic or BBR, Brutal sends at a user-defined target rate and retransmits lost packets without reducing speed. **Q: Can I use it with a CDN?** A: Hysteria requires raw UDP connectivity, so it cannot be proxied through typical HTTP-only CDNs. Some providers offer UDP relay capabilities. ## Sources - https://github.com/apernet/hysteria - https://hysteria.network/ --- Source: https://tokrepo.com/en/workflows/asset-22a6db2d Author: AI Open Source