LogoLogo
DiscordPanelPricing
  • TCPShield
  • FAQ
  • Commonly asked questions
  • Features
  • Contact
  • Billing
  • Premium Features
    • Asia Network
    • Geyser
    • Panel Features
  • Vxlan
    • Sentry Tunnel Features
    • Sentry Tunnel General Setup
    • Sentry Tunnel for rAthena/Ragnarok
    • Sentry Tunnel for Bedrock/Geyser
    • Sentry Tunnel for FiveM/GTA Online
    • Common issues and Debugging
  • Panel
    • Setup Process
    • Panel Configuration
    • DNS Setup
    • TCPShield Plugin
  • Troubleshooting
    • Setup Checklist
    • Invalid Hostname
    • Disconnected on Login
    • High Latency and General Lag
    • How to Read a Traceroute
    • Connection Complaint Policy
  • Miscellaneous
    • TCPShield API
    • Protect a website
    • Wildcard DNS
    • Protect a home hosted server
    • Account sharing
    • Transfer Packets
  • Useful Links
  • TCPShield Panel
Powered by GitBook
LogoLogo

Useful links

  • Pricing
  • Twitter
  • Contact

Need help?

  • Discord
  • Network Status

Panel

  • Sign Up
  • Login
On this page
  • What is the Sentry Tunnel?
  • 1. Optimized for Anycast and Scrubbing Efficiency
  • 2. Higher cost efficiency
  • 3. Minimal Overhead, Maximum Performance
  • 4. Protocol-Agnostic – Beyond Just Minecraft
  • 5. Better than GRE: A Refined Solution for Modern Needs
  • What This Means for TCPShield Users
  • Ready to Deploy

Was this helpful?

  1. Vxlan

Sentry Tunnel Features

PreviousPanel FeaturesNextSentry Tunnel General Setup

Last updated 1 day ago

Was this helpful?

As TCPShield expands its infrastructure beyond Minecraft, we’re proud to introduce Sentry Tunnel – the next evolution in clean traffic delivery, launching from April 2025.

Sentry Tunnel is our high-performance, tunneling solution built for modern cloud-scale networking. It allows us to protect and forward any TCP or UDP traffic with unmatched flexibility, speed, and compatibility. Whether you're running multiplayer game servers, real-time applications, or custom services, Sentry Tunnel delivers clean traffic with minimal latency and maximum reliability.

What is the Sentry Tunnel?

Sentry Tunnel leverages VXLAN (Virtual Extensible LAN) technology under the hood, but brings modern branding and engineering practices to offer you a refined and production-grade clean traffic solution.

1. Optimized for Anycast and Scrubbing Efficiency

Sentry Tunnel is stateless and UDP-based, making it a perfect match for our Anycast infrastructure:

  • Always connects to the nearest scrubbing center, minimizing latency and packet loss.

  • Instant failover between locations — no reconnections or handshakes required.\.

  • Supports multi-point tunnel topologies: multiple TCPShield nodes forward clean traffic to your origin without needing to manage dozens of individual tunnels.

2. Higher cost efficiency

Compared to traditional game-specific proxies (like our Minecraft protection), Sentry Tunnel supports many tenants on a single IP:

  • Protect diverse services and ports on the same machine — even if they’re using different protocols.

  • Example: protect Minecraft servers on ports 25565–25577, and FiveM servers on 30120–30127 — all behind one protected IP.

  • Define Layer 7 protocol filters per port range using our intuitive firewall panel, or automate the setup via API.

3. Minimal Overhead, Maximum Performance

Sentry Tunnel introduces only ~50 bytes of overhead per packet, while delivering major performance benefits:

  • Hardware offload support ensures packets are processed at line rate with minimal CPU load.

  • UDP encapsulation unlocks networking features like Large Receive Offload (LRO) and Generic Segmentation Offload (GSO).

  • Delivers multi-gigabit throughput with low operational cost.

4. Protocol-Agnostic – Beyond Just Minecraft

Sentry Tunnel is not limited to any single protocol or application. Thanks to VXLAN’s Ethernet-over-IP design, it supports:

  • IPv4, IPv6, ARP, multicast, and even broadcast-based protocols.

  • Exotic or legacy game engines, real-time UDP apps, or custom multiplayer protocols.

  • Works seamlessly behind NAT, supporting cloud platforms like AWS, GCP, and Azure, or home-hosted setups.

If your application uses TCP or UDP, Sentry Tunnel can protect it — no sweat.

5. Better than GRE: A Refined Solution for Modern Needs

GRE has long been used in clean traffic tunneling — but it’s showing its age. Sentry Tunnel improves on every front:

Feature
GRE
Sentry Tunnel (VXLAN-based)

NAT Traversal

❌ Poor

✅ Excellent (UDP)

Multi-Tenant Isolation

❌ Limited

✅ Up to 16M VNIs

Hardware Offload

❌ Rare

✅ Widely Supported

Performance on Multi-core

❌ Poor

✅ Optimized

Segmentation Support

❌ None

✅ Built-in

Sentry Tunnel delivers all the benefits of GRE — and far more.


What This Means for TCPShield Users

  1. Expanded Game & App Support: Protect any TCP/UDP-based service, not just Minecraft.

  2. Lower Latency: Our Anycast tunnel endpoints ensure traffic always routes through the nearest scrubbing node.

  3. Scalable Protection: Clean traffic is delivered efficiently across global tenants with flexible routing and isolation.


Ready to Deploy

Our Sentry Tunnel solution is now available for public access. If you're interested in enabling VXLAN-based clean traffic delivery for your service, contact us over at our support Discord or head to the to get started.

VXLAN-based
setup page