RustTauriReactTypeScriptSecurity

IP Check

An open-source Windows desktop app that stops VPN users from getting IP-banned — detects a dropped tunnel in under a second and auto-blocks traffic before the real IP leaks.

The Problem

VPN-reliant developers and freelancers — especially outside markets where AI tools and other services are fully available — depend on a VPN staying up every second they're online. When a tunnel silently drops, the real IP leaks immediately, and by the time anyone notices, the account is already flagged or banned. A user can't watch their connection status all day, and a naive fix (polling a public IP-check API every few hundred milliseconds) would generate roughly 170,000 requests per day per provider — enough to get the checker itself rate-limited or banned.

The Solution

IP Check is an open-source Windows desktop app built around one core decision: detection has to be event-driven, not polled.

  • Instant detection — hooks into the Windows IP Helper API (NotifyIpInterfaceChange) for push-based network-change events, backed by a 500ms local route/gateway check that never touches the network, so the monitor itself can't be the thing that gets rate-limited.
  • Consensus, not a single source of truth — the public IP is only re-verified on a real change or a slow heartbeat, checked against 2+ independent providers. One geo-blocked or lying provider can't trigger a false alarm or a false all-clear.
  • A real kill switch — once armed, a dropped tunnel fires a Windows Advanced Firewall block, with an option to disable the network adapter or close whitelisted apps, before any traffic can leave on the real IP.
  • Active leak scanning — DNS, IPv6, and WebRTC leak checks, including a hand-rolled STUN (RFC 5389) client for the WebRTC path.

Under the hood it's clean/hexagonal architecture across four crates — a pure ipcheck-core (entities and port traits, zero I/O), ipcheck-app (use-cases, depending only on core's traits), ipcheck-infra (the real Windows/network/DB adapters), and the Tauri shell as the composition root. That separation means the entire detection and decision logic has full unit-test coverage without ever touching a real network interface or the OS firewall. Rust domain types generate their TypeScript bindings directly (ts-rs), so the Rust backend and the React UI can't drift out of sync on shape.

The Outcome

Sub-second detection of a dropped VPN tunnel, verified end-to-end against real adapter changes.

Zero false alarms from a single bad data point — multi-provider consensus absorbs one provider misbehaving.

Fully open source (MIT), with a complete documentation set — PRD, architecture, a STRIDE threat model, DB schema, API contract, security policy, and test strategy — plus CI enforcing fmt/clippy/tests on every push.

Repo: github.com/Nikosonz/ip-check

This sits alongside my AI & automation work — or see what I do for clients directly, or get in touch.

Tech Stack

  • App shell: Tauri v2, Rust
  • Frontend: React 18, TypeScript, Zustand
  • Data: SQLite via sqlx
  • Windows integration: IP Helper API, Advanced Firewall (netsh advfirewall), unsafe Win32 FFI
  • Type safety: ts-rs for Rust → TypeScript binding generation
  • CI: GitHub Actions (fmt, clippy, test gates)