VoxSim: Simulating Society to Understand the Impact of Policy Before It Lands
Apr 20, 2026 · 6 min read
Accessio is a VPN subscription service built on SoftEther VPN — an open-source VPN server developed at the University of Tsukuba that supports multiple protocols simultaneously (OpenVPN, L2TP/IPsec, SSTP, and its own SoftEther protocol) and runs on commodity Linux hardware. The platform manages the full subscription lifecycle: signup, payment, server provisioning, credential management, and client configuration file generation.
Why SoftEther
Most commercial VPN services run proprietary server software or modified builds of WireGuard/OpenVPN that don't expose how the infrastructure works. SoftEther is fully open-source, auditable, and flexible in a way that proprietary alternatives are not. For a product being offered to users who care enough about privacy to pay for a VPN, the ability to point to the server software's source code matters.
SoftEther's protocol flexibility is also operationally useful. In environments where specific protocols are blocked — corporate firewalls that disallow OpenVPN, or national firewalls that throttle WireGuard — SoftEther can often find a working path. The platform generates OpenVPN configuration files for clients that want them, while keeping the SoftEther protocol available as a fallback.
The Provisioning Worker
Account provisioning is handled by a separate PHP worker service that communicates with the SoftEther server through vpncmd — SoftEther's command-line management tool. The worker processes a Redis queue of provisioning jobs: CREATE_USER, DELETE_USER, SET_PASSWORD, and GENERATE_OVPN.
This separation is intentional. The main Laravel application handles HTTP requests, payment processing, and subscription state. It never talks directly to the VPN server. Instead, it places jobs on the queue and trusts the worker to execute them. If the VPN server is temporarily unreachable, jobs queue up and process when connectivity is restored. The main application remains responsive during VPN server maintenance.
Command injection is a real concern when building software that constructs shell commands from user-provided input. All arguments passed to vpncmd go through escapeshellarg(). The worker service has no other exposure surface — it reads from the queue, executes provisioning commands, and writes results back.
Real-Time Admin Monitoring
The admin panel receives live server status updates via Laravel Reverb — the first-party WebSocket server for Laravel. When a user connects or disconnects, when a provisioning job completes or fails, when server metrics change, the admin panel updates without polling. This gives operations staff a real-time view of VPN server state rather than a dashboard that's always a few minutes stale.
The Flutter App
The Accessio mobile application is built in Flutter with Riverpod for state management. It covers the user-facing side of the service: account creation, plan selection, server region selection, connection instructions, and credential management. The app connects to the Laravel API via Dio and handles the full subscription lifecycle within the mobile experience.
TOTP-based two-factor authentication is available for account security. The role system has three levels — User, Admin, and SuperAdmin — with the admin and superadmin interfaces accessible only from the web panel, not the mobile app.
Multi-Region Infrastructure
Accessio operates VPN server nodes across multiple regions: EU, US, and Turkey. Users choose their preferred region during setup; the provisioning worker creates their account on the appropriate regional server. The routing between regions is handled at the application level — different queue channels per region, different vpncmd connection targets.
Accessio is live at accessio.talivio.com. It's one of the more operationally complex products in the portfolio because it spans the boundary between the SaaS control plane and physical server infrastructure — the kind of coordination challenge that's straightforward in design and genuinely difficult in production.