diff --git a/README.md b/README.md
index 351afc5..a4816b3 100644
--- a/README.md
+++ b/README.md
@@ -12,6 +12,7 @@ A simple vpn.
 ```
 Usage of ./vtun:
   -S    server mode
+  -t    enable tls
   -c string
         tun interface CIDR (default "172.16.0.1/24")
   -k string
diff --git a/common/config/config.go b/common/config/config.go
index 4f23e5a..b6d88a8 100644
--- a/common/config/config.go
+++ b/common/config/config.go
@@ -9,6 +9,7 @@ type Config struct {
 	Key        string
 	Protocol   string
 	ServerMode bool
+	TLS        bool
 }
 
 func (config *Config) Init() {
diff --git a/common/netutil/netutil.go b/common/netutil/netutil.go
index 1dcff1f..5da78d6 100644
--- a/common/netutil/netutil.go
+++ b/common/netutil/netutil.go
@@ -40,7 +40,11 @@ func DstAddr(b []byte) (addr string) {
 }
 
 func ConnectWS(config config.Config) *websocket.Conn {
-	u := url.URL{Scheme: "wss", Host: config.ServerAddr, Path: "/way-to-freedom"}
+	scheme := "ws"
+	if config.TLS {
+		scheme = "wss"
+	}
+	u := url.URL{Scheme: scheme, Host: config.ServerAddr, Path: "/way-to-freedom"}
 	header := make(http.Header)
 	header.Set("user-agent", "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4324.182 Safari/537.36")
 	c, _, err := websocket.DefaultDialer.Dial(u.String(), header)
diff --git a/main.go b/main.go
index 08e6906..e36854f 100644
--- a/main.go
+++ b/main.go
@@ -16,6 +16,7 @@ func main() {
 	flag.StringVar(&config.Key, "k", "6w9z$C&F)J@NcRfWjXn3r4u7x!A%D*G-", "encryption key")
 	flag.StringVar(&config.Protocol, "p", "udp", "protocol udp/ws")
 	flag.BoolVar(&config.ServerMode, "S", false, "server mode")
+	flag.BoolVar(&config.TLS, "t", false, "enable tls")
 	flag.Parse()
 
 	switch config.Protocol {