diff --git a/.clang-tidy b/.clang-tidy
index b9b50e74b..dbcf69f4b 100644
--- a/.clang-tidy
+++ b/.clang-tidy
@@ -1,2 +1,8 @@
 HeaderFilterRegex: 'llarp/.*'
-Checks: 'readability-else-after-return,clang-analyzer-core-*,modernize-*,-modernize-use-trailing-return-type,-modernize-use-nodiscard,bugprone-*,-bugprone-easily-swappable-parameters'
+Checks: 
+'readability-else-after-return,
+clang-analyzer-core-*,modernize-*,
+-modernize-use-trailing-return-type,
+-modernize-use-nodiscard,
+bugprone-*,
+-bugprone-easily-swappable-parameters'
diff --git a/.gitmodules b/.gitmodules
index 1a28d576d..38524f3db 100644
--- a/.gitmodules
+++ b/.gitmodules
@@ -27,12 +27,6 @@
 	path = external/ngtcp2
 	url = https://github.com/ngtcp2/ngtcp2.git
 	branch = v0.1.0
-[submodule "external/oxen-encoding"]
-	path = external/oxen-encoding
-	url = https://github.com/oxen-io/oxen-encoding.git
-[submodule "external/oxen-logging"]
-	path = external/oxen-logging
-	url = https://github.com/oxen-io/oxen-logging.git
 [submodule "gui"]
 	path = gui
 	url = https://github.com/oxen-io/lokinet-gui.git
diff --git a/CMakeLists.txt b/CMakeLists.txt
index 039262a2b..c775c1626 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -130,7 +130,7 @@ set(CMAKE_POSITION_INDEPENDENT_CODE ON)
 
 include(cmake/unix.cmake)
 include(cmake/check_for_std_optional.cmake)
-include(cmake/check_for_std_filesystem.cmake)
+#include(cmake/check_for_std_filesystem.cmake)
 
 if(NOT WIN32)
   if(IOS OR ANDROID)
diff --git a/external/CMakeLists.txt b/external/CMakeLists.txt
index 70ae34619..364a4d0f7 100644
--- a/external/CMakeLists.txt
+++ b/external/CMakeLists.txt
@@ -25,12 +25,11 @@ if(SUBMODULE_CHECK)
 
     message(STATUS "Checking submodules")
     check_submodule(nlohmann)
-    check_submodule(ghc-filesystem)
-    check_submodule(oxen-logging fmt spdlog)
+#    check_submodule(ghc-filesystem)
+#    check_submodule(oxen-logging fmt spdlog)
     check_submodule(pybind11)
     check_submodule(sqlite_orm)
     check_submodule(oxen-mq)
-    check_submodule(oxen-encoding)
     check_submodule(uvw)
     check_submodule(cpr)
     check_submodule(oxen-libquic)
@@ -60,18 +59,17 @@ macro(system_or_submodule BIGNAME smallname pkgconf subdir)
   endif()
 endmacro()
 
-system_or_submodule(OXENC oxenc liboxenc>=1.0.4 oxen-encoding)
 system_or_submodule(OXENMQ oxenmq liboxenmq>=1.2.14 oxen-mq)
 
 set(JSON_BuildTests OFF CACHE INTERNAL "")
 set(JSON_Install OFF CACHE INTERNAL "")
 system_or_submodule(NLOHMANN nlohmann_json nlohmann_json>=3.7.0 nlohmann)
 
-if (STATIC OR FORCE_SPDLOG_SUBMODULE OR FORCE_FMT_SUBMODULE)
-    set(OXEN_LOGGING_FORCE_SUBMODULES ON CACHE INTERNAL "")
-endif()
-set(OXEN_LOGGING_SOURCE_ROOT "${PROJECT_SOURCE_DIR}" CACHE INTERNAL "")
-add_subdirectory(oxen-logging)
+#if (STATIC OR FORCE_SPDLOG_SUBMODULE OR FORCE_FMT_SUBMODULE)
+#    set(OXEN_LOGGING_FORCE_SUBMODULES ON CACHE INTERNAL "")
+#endif()
+#set(OXEN_LOGGING_SOURCE_ROOT "${PROJECT_SOURCE_DIR}" CACHE INTERNAL "")
+#add_subdirectory(oxen-logging)
 
 if(WITH_HIVE)
   add_subdirectory(pybind11 EXCLUDE_FROM_ALL)
@@ -98,6 +96,8 @@ target_link_libraries(uvw INTERFACE libuv)
 #include(ngtcp2_lib)
 #add_ngtcp2_lib()
 
+add_subdirectory(oxen-libquic)
+
 # cpr configuration.  Ideally we'd just do this via add_subdirectory, but cpr's cmake requires
 # 3.15+, and we target lower than that (and this is fairly simple to build).
 if(WITH_BOOTSTRAP)
diff --git a/external/oxen-encoding b/external/oxen-encoding
deleted file mode 160000
index a869ae2b0..000000000
--- a/external/oxen-encoding
+++ /dev/null
@@ -1 +0,0 @@
-Subproject commit a869ae2b0152ad70855e3774a425c39a25ae1ca6
diff --git a/external/oxen-logging b/external/oxen-logging
deleted file mode 160000
index b6e70ad3a..000000000
--- a/external/oxen-logging
+++ /dev/null
@@ -1 +0,0 @@
-Subproject commit b6e70ad3aa3b2d718f8607599864cd50a951166a
diff --git a/llarp/CMakeLists.txt b/llarp/CMakeLists.txt
index 6653a5f08..a6e2e59f1 100644
--- a/llarp/CMakeLists.txt
+++ b/llarp/CMakeLists.txt
@@ -509,12 +509,13 @@ target_link_libraries(lokinet-platform PUBLIC
 
 target_link_libraries(lokinet-util PUBLIC
   nlohmann_json::nlohmann_json
-  filesystem
+#  filesystem
   oxenc::oxenc
 )
 
 target_link_libraries(lokinet-plainquic PUBLIC
-  ngtcp2_static
+  ngtcp2_crypto
+  libquic
   uvw
 )
 
diff --git a/llarp/link/connection.hpp b/llarp/link/connection.hpp
index 8b0f749fd..9d1759f19 100644
--- a/llarp/link/connection.hpp
+++ b/llarp/link/connection.hpp
@@ -3,7 +3,7 @@
 #include <llarp/router_id.hpp>
 #include <llarp/router_contact.hpp>
 
-#include <oxen-libquic/include/quic.hpp>
+#include <external/oxen-libquic/include/quic.hpp>
 
 namespace llarp::link
 {
diff --git a/llarp/link/endpoint.hpp b/llarp/link/endpoint.hpp
index 1686052dc..6240a1788 100644
--- a/llarp/link/endpoint.hpp
+++ b/llarp/link/endpoint.hpp
@@ -1,8 +1,11 @@
 #pragma once
 
+#include "connection.hpp"
+
+#include <llarp/router/abstractrouter.hpp>
 #include <llarp/router_id.hpp>
 
-#include <oxen-libquic/include/quic.hpp>
+#include <external/oxen-libquic/include/quic.hpp>
 
 namespace llarp::link
 {
diff --git a/llarp/net/ip_address.hpp b/llarp/net/ip_address.hpp
index 5be44071e..51fbb050c 100644
--- a/llarp/net/ip_address.hpp
+++ b/llarp/net/ip_address.hpp
@@ -19,7 +19,7 @@ namespace llarp
   /// As a convenience, it can produce a SockAddr for dealing with network libraries which depend
   /// sockaddr structs. However, it does not keep this as a member variable and isn't responsible
   /// for its lifetime/memory/etc.
-  struct [[deprecated("use llarp::SockAddr instead")]] IpAddress
+  struct /* [[deprecated("use llarp::SockAddr instead")]] */ IpAddress
   {
     /// Empty constructor.
     IpAddress() = default;
diff --git a/llarp/net/net_int.hpp b/llarp/net/net_int.hpp
index e34f9b23b..173a764bd 100644
--- a/llarp/net/net_int.hpp
+++ b/llarp/net/net_int.hpp
@@ -256,25 +256,25 @@ namespace llarp
   template <>
   inline constexpr bool IsToStringFormattable<net::port_t> = true;
 
-  using nuint16_t [[deprecated("use llarp::net::port_t instead")]] = llarp::net::port_t;
-  using nuint32_t [[deprecated("use llarp::net::ipv4addr_t instead")]] = llarp::net::ipv4addr_t;
-  using nuint128_t [[deprecated("use llarp::net::ipv6addr_t instead")]] = llarp::net::ipv6addr_t;
+  using nuint16_t /* [[deprecated("use llarp::net::port_t instead")]] */ = llarp::net::port_t;
+  using nuint32_t /* [[deprecated("use llarp::net::ipv4addr_t instead")]] */ = llarp::net::ipv4addr_t;
+  using nuint128_t /* [[deprecated("use llarp::net::ipv6addr_t instead")]] */ = llarp::net::ipv6addr_t;
 
   template <typename UInt_t>
-  [[deprecated("use llarp::net::ToNet instead")]] inline llarp::nuint_t<UInt_t>
+/*   [[deprecated("use llarp::net::ToNet instead")]] */ inline llarp::nuint_t<UInt_t>
   ToNet(llarp::huint_t<UInt_t> x)
   {
     return llarp::net::ToNet(x);
   }
 
   template <typename UInt_t>
-  [[deprecated("use llarp::net::ToHost instead")]] inline llarp::huint_t<UInt_t>
+/*   [[deprecated("use llarp::net::ToHost instead")]] */ inline llarp::huint_t<UInt_t>
   ToHost(llarp::nuint_t<UInt_t> x)
   {
     return llarp::net::ToHost(x);
   }
 
-  [[deprecated("use llarp::net::ToHost instead")]] inline net::ipv4addr_t
+/*   [[deprecated("use llarp::net::ToHost instead")]] */ inline net::ipv4addr_t
   xhtonl(huint32_t x)
   {
     return ToNet(x);
diff --git a/llarp/quic/connection.cpp b/llarp/quic/connection.cpp
index 389828c78..741f932d9 100644
--- a/llarp/quic/connection.cpp
+++ b/llarp/quic/connection.cpp
@@ -83,7 +83,7 @@ namespace llarp::quic
     int
     recv_crypto_data(
         ngtcp2_conn* conn_,
-        ngtcp2_crypto_level crypto_level,
+        ngtcp2_encryption_level crypto_level,
         uint64_t offset,
         const uint8_t* rawdata,
         size_t rawdatalen,
@@ -95,12 +95,12 @@ namespace llarp::quic
       auto& conn = *static_cast<Connection*>(user_data);
       switch (crypto_level)
       {
-        case NGTCP2_CRYPTO_LEVEL_EARLY:
-          // We don't currently use or support 0rtt
-          LogWarn("Invalid EARLY crypto level");
-          return FAIL;
+        // case NGTCP2_CRYPTO_LEVEL_EARLY:
+        //   // We don't currently use or support 0rtt
+        //   LogWarn("Invalid EARLY crypto level");
+        //   return FAIL;
 
-        case NGTCP2_CRYPTO_LEVEL_INITIAL:
+        case NGTCP2_ENCRYPTION_LEVEL_INITIAL:
           log::trace(log_cat, "Receiving initial crypto...");
           // "Initial" level means we are still handshaking; if we are server then we receive
           // the client's transport params (sent in client_initial, above) and blast ours
@@ -112,15 +112,15 @@ namespace llarp::quic
 
           if (ngtcp2_conn_is_server(conn))
           {
-            if (auto rv = conn.send_magic(NGTCP2_CRYPTO_LEVEL_INITIAL); rv != 0)
+            if (auto rv = conn.send_magic(NGTCP2_ENCRYPTION_LEVEL_INITIAL); rv != 0)
               return rv;
-            if (auto rv = conn.send_transport_params(NGTCP2_CRYPTO_LEVEL_HANDSHAKE); rv != 0)
+            if (auto rv = conn.send_transport_params(NGTCP2_ENCRYPTION_LEVEL_HANDSHAKE); rv != 0)
               return rv;
           }
 
           break;
 
-        case NGTCP2_CRYPTO_LEVEL_HANDSHAKE:
+        case NGTCP2_ENCRYPTION_LEVEL_HANDSHAKE:
           log::trace(log_cat, "Receiving handshake crypto...");
           if (!ngtcp2_conn_is_server(conn))
           {
@@ -130,7 +130,7 @@ namespace llarp::quic
             // the server can install our rx key; we have to send *something* back to invoke
             // the server's HANDSHAKE callback (so that it knows handshake is complete) so
             // send the magic again.
-            if (auto rv = conn.send_magic(NGTCP2_CRYPTO_LEVEL_HANDSHAKE); rv != 0)
+            if (auto rv = conn.send_magic(NGTCP2_ENCRYPTION_LEVEL_HANDSHAKE); rv != 0)
               return rv;
           }
           else
@@ -398,7 +398,7 @@ namespace llarp::quic
 
     settings.initial_ts = get_timestamp();
     // FIXME: IPv6
-    settings.max_udp_payload_size = Endpoint::max_pkt_size_v4;
+    settings.max_tx_udp_payload_size = Endpoint::max_pkt_size_v4;
     settings.cc_algo = NGTCP2_CC_ALGO_CUBIC;
     // settings.initial_rtt = ???; # NGTCP2's default is 333ms
 
@@ -719,9 +719,6 @@ namespace llarp::quic
       if (nwrite == 0)
       {
         LogTrace("Nothing else to write for non-stream data for now (or we are congested)");
-        ngtcp2_conn_stat cstat;
-        ngtcp2_conn_get_conn_stat(*this, &cstat);
-        LogTrace("Current unacked bytes in flight: ", cstat.bytes_in_flight);
         break;
       }
 
@@ -773,7 +770,7 @@ namespace llarp::quic
     if (!good)
     {
       LogDebug("stream_open_callback returned failure, dropping stream ", id);
-      ngtcp2_conn_shutdown_stream(*this, id.id, 1);
+      ngtcp2_conn_shutdown_stream(*this, 0, id.id, 1);
       io_ready();
       return NGTCP2_ERR_CALLBACK_FAILURE;
     }
@@ -944,9 +941,9 @@ namespace llarp::quic
   {
     endpoint.null_crypto.client_initial(*this);
 
-    if (int rv = send_magic(NGTCP2_CRYPTO_LEVEL_INITIAL); rv != 0)
+    if (int rv = send_magic(NGTCP2_ENCRYPTION_LEVEL_INITIAL); rv != 0)
       return rv;
-    if (int rv = send_transport_params(NGTCP2_CRYPTO_LEVEL_INITIAL); rv != 0)
+    if (int rv = send_transport_params(NGTCP2_ENCRYPTION_LEVEL_INITIAL); rv != 0)
       return rv;
 
     io_ready();
@@ -997,7 +994,7 @@ namespace llarp::quic
     endpoint.null_crypto.install_rx_key(*this);
     if (!ngtcp2_conn_is_server(*this))
       endpoint.null_crypto.install_tx_key(*this);
-    ngtcp2_conn_handshake_completed(*this);
+    ngtcp2_conn_tls_handshake_completed(*this);
 
     if (on_handshake_complete)
     {
@@ -1125,21 +1122,22 @@ namespace llarp::quic
       }
     }
 
-    ngtcp2_transport_params params;
+    // ngtcp2_transport_params params;
 
-    auto exttype = is_server ? NGTCP2_TRANSPORT_PARAMS_TYPE_CLIENT_HELLO
-                             : NGTCP2_TRANSPORT_PARAMS_TYPE_ENCRYPTED_EXTENSIONS;
+    // auto exttype = is_server ? NGTCP2_TRANSPORT_PARAMS_TYPE_CLIENT_HELLO
+    //                          : NGTCP2_TRANSPORT_PARAMS_TYPE_ENCRYPTED_EXTENSIONS;
 
-    auto rv = ngtcp2_decode_transport_params(&params, exttype, data.data(), data.size());
-    LogDebug("Decode transport params ", rv == 0 ? "success" : "fail: "s + ngtcp2_strerror(rv));
-    LogTrace("params orig dcid = ", ConnectionID(params.original_dcid));
-    LogTrace("params init scid = ", ConnectionID(params.initial_scid));
-    if (rv == 0)
-    {
-      rv = ngtcp2_conn_set_remote_transport_params(*this, &params);
-      LogDebug(
-          "Set remote transport params ", rv == 0 ? "success" : "fail: "s + ngtcp2_strerror(rv));
-    }
+    auto rv = ngtcp2_conn_decode_and_set_remote_transport_params(*this, data.data(), data.size());
+    // auto rv = ngtcp2_decode_transport_params(&params, exttype, data.data(), data.size());
+    // LogDebug("Decode transport params ", rv == 0 ? "success" : "fail: "s + ngtcp2_strerror(rv));
+    // LogTrace("params orig dcid = ", ConnectionID(params.original_dcid));
+    // LogTrace("params init scid = ", ConnectionID(params.initial_scid));
+    // if (rv == 0)
+    // {
+    //   rv = ngtcp2_conn_set_remote_transport_params(*this, &params);
+    //   LogDebug(
+    //       "Set remote transport params ", rv == 0 ? "success" : "fail: "s + ngtcp2_strerror(rv));
+    // }
 
     if (rv != 0)
     {
@@ -1153,7 +1151,7 @@ namespace llarp::quic
   // Sends our magic string at the given level.  This fixed magic string is taking the place of TLS
   // parameters in full QUIC.
   int
-  Connection::send_magic(ngtcp2_crypto_level level)
+  Connection::send_magic(ngtcp2_encryption_level level)
   {
     return ngtcp2_conn_submit_crypto_data(
         *this, level, handshake_magic.data(), handshake_magic.size());
@@ -1171,10 +1169,9 @@ namespace llarp::quic
   // Sends transport parameters.  `level` is expected to be INITIAL for clients (which send the
   // transport parameters in the initial packet), or HANDSHAKE for servers.
   int
-  Connection::send_transport_params(ngtcp2_crypto_level level)
+  Connection::send_transport_params(ngtcp2_encryption_level level)
   {
-    ngtcp2_transport_params tparams;
-    ngtcp2_conn_get_local_transport_params(*this, &tparams);
+    ngtcp2_transport_params tparams = *ngtcp2_conn_get_local_transport_params(*this);
 
     assert(conn_buffer.empty());
     conn_buffer.resize(Endpoint::max_pkt_size_v4);
@@ -1196,12 +1193,11 @@ namespace llarp::quic
       assert(buf < bufend);
     }
 
-    const bool is_server = ngtcp2_conn_is_server(*this);
-    auto exttype = is_server ? NGTCP2_TRANSPORT_PARAMS_TYPE_ENCRYPTED_EXTENSIONS
-                             : NGTCP2_TRANSPORT_PARAMS_TYPE_CLIENT_HELLO;
+    // const bool is_server = ngtcp2_conn_is_server(*this);
+    // auto exttype = is_server ? NGTCP2_TRANSPORT_PARAMS_TYPE_ENCRYPTED_EXTENSIONS
+    //                          : NGTCP2_TRANSPORT_PARAMS_TYPE_CLIENT_HELLO;
 
-    if (ngtcp2_ssize nwrite = ngtcp2_encode_transport_params(buf, bufend - buf, exttype, &tparams);
-        nwrite >= 0)
+    if (ngtcp2_ssize nwrite = ngtcp2_conn_encode_local_transport_params(*this, buf, bufend-buf); nwrite >= 0)
     {
       assert(nwrite > 0);
       conn_buffer.resize(buf - u8data(conn_buffer) + nwrite);
@@ -1211,6 +1207,7 @@ namespace llarp::quic
       conn_buffer.clear();
       return nwrite;
     }
+
     LogDebug("encoded transport params: ", buffer_printer{conn_buffer});
     return ngtcp2_conn_submit_crypto_data(*this, level, u8data(conn_buffer), conn_buffer.size());
   }
diff --git a/llarp/quic/connection.hpp b/llarp/quic/connection.hpp
index b3e19989f..d483ee819 100644
--- a/llarp/quic/connection.hpp
+++ b/llarp/quic/connection.hpp
@@ -324,9 +324,9 @@ namespace llarp::quic
     int
     recv_transport_params(std::basic_string_view<uint8_t> data);
     int
-    send_magic(ngtcp2_crypto_level level);
+    send_magic(ngtcp2_encryption_level level);
     int
-    send_transport_params(ngtcp2_crypto_level level);
+    send_transport_params(ngtcp2_encryption_level level);
     void
     complete_handshake();
   };
diff --git a/llarp/quic/endpoint.cpp b/llarp/quic/endpoint.cpp
index 55fc9262c..a8459b5ec 100644
--- a/llarp/quic/endpoint.cpp
+++ b/llarp/quic/endpoint.cpp
@@ -130,7 +130,7 @@ namespace llarp::quic
   void
   Endpoint::handle_conn_packet(Connection& conn, const Packet& p)
   {
-    if (ngtcp2_conn_is_in_closing_period(conn))
+    if (ngtcp2_conn_in_closing_period(conn))
     {
       LogDebug("Connection is in closing period, dropping");
       close_connection(conn);
diff --git a/llarp/router/router.hpp b/llarp/router/router.hpp
index 16efb1fcc..007ff9c7b 100644
--- a/llarp/router/router.hpp
+++ b/llarp/router/router.hpp
@@ -47,6 +47,8 @@
 
 #include <oxenmq/address.h>
 
+#include <external/oxen-libquic/include/quic.hpp>
+
 namespace llarp
 {
   struct Router : public AbstractRouter
@@ -233,6 +235,7 @@ namespace llarp
     std::shared_ptr<NodeDB> _nodedb;
     llarp_time_t _startedAt;
     const oxenmq::TaggedThreadID m_DiskThread;
+    oxen::quic::Network _net;
 
     llarp_time_t
     Uptime() const override;
diff --git a/llarp/util/buffer.hpp b/llarp/util/buffer.hpp
index abb0cffa0..c77df8a31 100644
--- a/llarp/util/buffer.hpp
+++ b/llarp/util/buffer.hpp
@@ -27,7 +27,7 @@ struct ManagedBuffer;
 /// TODO: replace usage of these with std::span (via a backport until we move to C++20).  That's a
 /// fairly big job, though, as llarp_buffer_t is currently used a bit differently (i.e. maintains
 /// both start and current position, plus has some value reading/writing methods).
-struct [[deprecated("this type is stupid, use something else")]] llarp_buffer_t
+struct /* [[deprecated("this type is stupid, use something else")]] */ llarp_buffer_t
 {
   /// starting memory address
   byte_t* base{nullptr};