github anonvector/SlipNet v2.5.3
on GitHub

10 hours ago

SlipNet v2.5.3 — Changelog

DNS Scanner: TCP + Both-Transport Mode

The resolver scanner can now scan over plain TCP DNS as well as UDP, and a new Both mode probes each resolver on UDP and TCP in parallel:

  • Per-resolver result tells you which transports actually work — many ISPs poison UDP/53 but leave TCP/53 alone (or vice versa).
  • After a Both-mode scan, the result list emits a recommended transport hint (UDP, TCP, or MIXED) for the resolvers you select. Picking "Apply" auto-flips the profile's dnsTransport field; a MIXED selection surfaces a snackbar asking you to pick one explicitly.
  • Profile editor surfaces the recommended transport so you don't have to remember which scan produced it.

Resolver TCP Pre-flight (Android)

Before the native bridge starts, the app now probes each TCP / DoT resolver in parallel with a TCP-connect (8 s budget per resolver — tuned for Iran cellular, where SYN retransmit + DPI + lossy 4G can stack to several seconds even on a healthy resolver) and drops the unresponsive ones. If every probe fails the original list is passed through unchanged so the bridge can surface the real error.

This eliminates the case where a single dead resolver in the list stalled connection setup while the native side waited on its timeout.

VLESS: Single SNI Field

The VLESS profile editor used to conflate "real SNI" and "DPI-evasion SNI override" into one fakeSni field, which made the editor confusing — particularly when the CDN cert hostname differed from the WebSocket Host header.

  • A new vlessSni field replaces fakeSni for VLESS. Empty falls back to the WS Host (the [domain]); set explicitly when the cert hostname is different, or — against a server you control — to any decoy string for DPI evasion.
  • Matches V2Ray / Xray's streamSettings.tlsSettings.serverName semantics 1-to-1.
  • An automatic schema migration (DB v39, config v28) moves the value out of the legacy column on first launch — existing profiles keep working without re-import.

Tunnel Chaining Plumbing

SnowflakeBridge and DohBridge accept an optional upstream SOCKS5 address so layers can stack — e.g. DoH-over-Tor, where the Snowflake/Tor layer below provides a local SOCKS5 endpoint and the DoH bridge above tunnels its HTTPS through it.

  • All DoH HTTPS connections and TCP CONNECT passthroughs route through the upstream SOCKS5 when set.
  • For Snowflake: chaining works with obfs4 / meek_lite / webtunnel bridge lines (lyrebird honors TOR_PT_PROXY); the built-in Snowflake PT cannot proxy itself, so it skips the upstream.

Smaller Tor Binary

libtor.so rebuilt with a tighter feature flag set:

  • arm64 — 9.26 MB → 8.65 MB (~7% smaller)
  • armv7 — 7.61 MB → 5.40 MB (~29% smaller)

Reproducible via the new tools/build-tor.sh.

User Guide

EN and FA user guides ship with the repo (docs/SlipNet_User_Guide_EN.pdf, docs/SlipNet_User_Guide_FA.pdf, plus the markdown source docs/USER_GUIDE.md).

Other Changes

  • Per-profile Real Ping — each profile's overflow menu now has a Real Ping action that runs the full tunnel handshake against just that profile, instead of having to ping the whole list. While a per-profile ping is in flight, the row's spinner reflects it.
  • VLESS profile rows now show a dedicated VLESS icon in the profile list.
  • dnsPayloadSize default changed from 100 → 0 (full KCP capacity). Profiles created before v2.5.3 keep their stored value; only newly created profiles see the new default.

Fixes

  • CLI _ssh profiles no longer fail silently when SSH credentials are missing — surfaces a clear error instead of crashing during the SSH handshake.
  • Reconnect loop in the CLI no longer leaks the previous SSH layer when the tunnel restarts.
Check out latest releases or
releases around anonvector/SlipNet v2.5.3

Don't miss a new SlipNet release

NewReleases is sending notifications on new releases.

Get notifications