github XTLS/Xray-core v26.1.18
Xray-core v26.1.18
on GitHub

latest release: v1.260118.0
14 hours ago

Proxy: Add TUN inbound for Windows & Linux, including Android #5464 #5509 & Proxy: Add Hysteria outbound & transport (version 2, udphop) and Salamander udpmask #5508

新年好!2026 第一版 Xray-core 重点更新内容:

  1. 新增 TUN 入站(Windows、Linux、Android、macOS)#5464 ,默认 UDP FullCone 与 XUDP UoT Migration #5509
  2. 新增 process 路由规则(Windows、Linux),匹配进程名/绝对路径/文件夹,支持任何入站 #5496
  3. 新增 Hysteria 2 出站、Hysteria 2 传输层(支持端口跳跃)、Salamander 伪装层,完整配置示例详见 #5508
  4. 新增“最终伪装层”概念 https://t.me/projectXtls/1354 ,比 TLS/QUIC 更底层,下一步计划 #5508 (comment)
  5. TLS 客户端使用 pinnedPeerCertSha256 取代原有两项参数 #5154 #5532 760223a ,分享链接标准 #716 已更新 pcs
  6. REALITY 客户端收到目标网站的真证书时打印出更加明确的警报(potential MITM or redirection)#5427
  7. 为废弃特性/过时协议提醒迁移 5836f36 ,创建了 SECURITY.md 1cf5662 以明确安全漏洞/协议识别问题提交途径

为了使用 TUN,配置文件需要以下修改,以 Windows 为例:

  1. 配置文件加一个 "tun" 入站,无需 settings,加一个 "direct" 作为默认出站
  2. 为所有出站设置 sockopt "interface": "WLAN" 或 "以太网" 防止出站回流 Xray-core
  3. 设置 routing 比如 "process": ["NatTypeTester.exe"] 导向代理协议出站
  4. 浏览器会有 QUIC,注意设置路由 block UDP/443,或为 sniffing 启用 "quic"

TUN 尚未支持“自动修改系统路由表”,目前需要手动设置:

  1. 以管理员权限启动 Xray-core,静置数秒等 Windows 自动为 TUN 分配 IP
  2. 执行 ipconfigroute print 查看 Xray TUN 的 IPv4 地址与 interface ID
  3. 以管理员权限执行 route add 0.0.0.0 mask 0.0.0.0 *.*.*.* if ** 新增系统路由

感谢 @Owersun @yuhan6665 @Fangliding @KobeArthurScofield @RPRX @osypai 为支持 TUN 所作出的贡献!

@Meo597https://xtls.github.io/ 升级至了 VitePress,本次更新内容也会陆续更新至文档中

由于伊朗目前完全断网,致力于内存优化的贡献者 @hossinasaadi 已有十天没有活动,盼望他早日回归!

Sponsors

Remnawave

Happ

Sponsor Xray-core

Donation & NFTs

Collect a Project X NFT to support the development of Project X!

Project X NFT

该版本升级了一些依赖,并使用 Go 1.25.6 拉满 inline 编译,已 tag v1.260118.0,感谢所有贡献者,详见下方 change log

What's Changed

  • Chore: Remove all double gonet import by @Fangliding in #5402
  • Wireguard: Decouple server endpoint DNS from address option by @Meo597 in #5417
  • VLESS inbound: Print invalid UUID string by @xtlsee @RPRX in #5426
  • REALITY client: Clearer log when receiving real certificate by @ari-ahm @RPRX in #5427
  • TLS ECH: Increase DOH timeout by @patterniha @Fangliding in #5455
  • Tunnel/Dokodemo: Fix stats conn unwrap by @Fangliding in #5440
  • DomainMatcher: Prevent illegal rules from causing core startup failures by @Meo597 in #5430
  • common/uuid: fix panic when parsing 32-len invalid UUID string. by @ari-ahm in #5468
  • API: Add GetAllOnlineUsers RPC to StatsService for retrieving online users by @mr1cloud in #5080
  • Geofiles: Implement mmap in filesystem to reduce ram usage by @hossinasaadi in #5480
  • Remove redundant stats in mux and bridge dispatcher by @yuhan6665 in #5466
  • XHTTP server: Fix ScStreamUpServerSecs' non-default value by @fanymagnet in #5486
  • Routing config: Add processName by @Fangliding in #5489
  • README.md: Re-add 3X-UI to Web Panels by @RPRX in b38a412
  • Routing: Reduce peak memory usage by @hossinasaadi in #5488
  • DNS: Fix parse domain and geoip by @hossinasaadi in #5499
  • README.md: Add TX-UI to Web Panels by @Incognito-Coder in #4981
  • transport/pipe/impl.go: Remove runtime.Gosched() in WriteMultiBuffer() by @Fangliding in #5467
  • Routing config: Replace processName with process (full-name/abs-path/abs-folder) by @Fangliding in #5496
  • GitHub Actions: Add wintun.dll into Windows zips; Workflow refinement by @KobeArthurScofield in #5501
  • Proxy: Add TUN inbound for Windows & Linux, including Android by @Owersun @yuhan6665 in #5464
  • Tests: Improve geosite & geoip tests by @hossinasaadi in #5502
  • TLS config: Add pinnedPeerCertSha256; Remove pinnedPeerCertificateChainSha256 and pinnedPeerCertificatePublicKeySha256 by @Fangliding @RPRX in #5154
  • DNS: Check err for UDP dns.PackMessage(req.msg) by @Fangliding in #5512
  • TUN inbound: Implement UDP FullCone NAT by @RPRX @Fangliding @Owersun in #5509
  • TUN inbound: Fix log, CanSpliceCopy, tag, sniffing, and port config issues by @RPRX in #5522
  • TUN inbound: Make udp_fullcone pure side effect free udp connection by @Owersun @RPRX in #5526
  • Upgrade gVisor to latest version v0.0.0-20260109181451-4be7c433dae2 by @Owersun in #5527
  • Proxy: Add Hysteria outbound & transport (version 2, udphop) and Salamander udpmask by @LjhAUMEM in #5508
  • TUN inbound: Close connection when handling is done by @Owersun in #5531
  • TLS client: Verify leaf cert (name, time) when pinning self-signed CA by @Fangliding in #5532
  • Hysteria: Fix transport's "udphop without salamander" dialing issue; Require "version": 2 in outbound's settings as well by @LjhAUMEM in #5537
  • SS2022 outbound: Fix UDP leak by @Fangliding in #5544
  • README.md: Add Happ RU to iOS & macOS Clients by @mangustyura in #5551
  • Commands: "xray run -dump" supports reading JSON from STDIN by @vrnobody in #5550
  • TLS client: Skip TLS' built-in verification when using pinnedPeerCertSha256; Fixes by @RPRX in 760223a
  • TLS client: Add pin_test.go for leaf and CA by @Fangliding in #5553
  • Geofiles: Revert related changes for now, waiting for better changes by @Fangliding in #5557
  • Hysteria transport: Add congestion config (""/"reno"/"bbr"/"brutal"/"force-brutal") by @LjhAUMEM in #5549
  • TUN inbound: Add macOS support by @osypai in #5559
  • Config: Add Warning for deprecated features (allowInsecure, Shadowsocks, VMess, Trojan, VLESS without flow) by @RPRX in 5836f36
  • Hysteria outbound: Fix ContextWithRequireDatagram() by @LjhAUMEM in #5558
  • Create SECURITY.md by @RPRX in 1cf5662

New Contributors

Full Changelog: v25.12.8...v26.1.18

Check out latest releases or
releases around XTLS/Xray-core v26.1.18

Don't miss a new Xray-core release

NewReleases is sending notifications on new releases.

Get notifications