designed to address the most common use case for using a VPN:

[client device] ---- (untrusted/restricted network) ---- [vpn server] ---- [the Internet]

Features:

• Runs on TCP. Works pretty much everywhere, including on public WiFi where only TCP/443 is open or reliable.
• Uses only modern cryptography, with formally verified implementations.
• Small and constant memory footprint. Doesn't perform any heap memory allocations.
• Small (~25 KB), with an equally small and readable code base. No external dependencies.
• Works out of the box. No lousy documentation to read. No configuration file. No post-configuration. Run a single-line command on the server, a similar one on the client and you're done. No firewall and routing rules to manually mess with.
• Works on Linux (kernel >= 3.17), macOS and OpenBSD, as well as DragonFly BSD, FreeBSD and NetBSD in client and point-to-point modes. Adding support for other operating systems is trivial.
• Doesn't leak between reconnects if the network doesn't change. Blocks IPv6 on the client to prevent IPv6 leaks.