v2.5.0 (Stable)
VayDNS Support
- New tunnel type: VayDNS and VayDNS + SSH
- Full VayDNS configuration: record type, QNAME length, RPS limit, DNSTT compat mode, idle timeout, keepalive, UDP timeout, max labels, client ID size
- VayDNS support in CLI with all options as flags
SSH Transport Enhancements
- SSH over TLS: wrap SSH connections in TLS for firewall bypass and domain fronting
- SSH over WebSocket: tunnel SSH through WebSocket connections (for CDN facades, xray, etc.)
- SSH over HTTP CONNECT proxy: route SSH through HTTP proxies
- SSH raw payload injection for DPI bypass
- Custom SNI hostname for TLS and WebSocket connections
DNS Scanner
- Dedicated E2E (end-to-end) scanner: test real tunnel connectivity through each resolver
- Run up to 10 E2E scans simultaneously for faster results
- CLI: --e2e-only mode and --e2e-concurrency flag
Multi-Resolver Mode
- New resolver modes: Fast (round-robin) and Reliable (fanout)
- Round-robin spread count: control how many resolvers each query is sent to (1–5)
- CLI: --resolver-mode fast|reliable and --spread-count N
Proxy Authentication
- New local proxy authentication setting for securing the SOCKS5 proxy
- Username/password protection prevents other apps from using the proxy without credentials
- Disabled by default
CLI Improvements
- Native SSH tunneling with TLS wrapping, WebSocket, HTTP CONNECT proxy, and raw payload support
- VayDNS tunnel support with all advanced options
- --spread-count flag for round-robin spread count override
- Locked config support: domain hidden, username shown
- Interactive mode respects locked config redaction
Other Changes
- Fix scanner race conditions
- Notification traffic speed toggle
- Friendly error messages for VayDNS UI
- Increase tunnel timeouts and filter IPv4-only DNS resolvers
- Fix traffic speed mismatch
- SSH retry improvements
- DPI tuning for NoizDNS