v1.8.6
New Features
- Global Remote DNS Setting — New setting in Settings to control which DNS servers are used on the remote side of all tunnels. Supports primary + fallback DNS with custom IP input.
- Default remote DNS changed to Google (8.8.8.8) primary, Cloudflare (1.1.1.1) fallback
Bug Fixes
- Fix DNSTT log spam after disconnect — DNSTT Go library no longer retries sending on closed connections for 10+ seconds after VPN is turned off. Transport is now closed immediately in Stop().
- Fix "Delete All Profiles" not deleting connected profile — Now properly disconnects first, then deletes all profiles including the active one.
Improvements
- Authoritative mode warning — Warning text is now red and bold for both DNSTT and Slipstream profiles
- DNS Scanner animation — Smoother panel switching between Country and Custom resolver list options (no more card height jump)
- Remote DNS preference is now passed through all tunnel bridges (SSH, Slipstream, DNSTT)
New Features
- Global Remote DNS Setting — New setting in Settings to control which DNS servers are used on the remote side of all tunnels. Supports primary + fallback DNS with custom IP input.
- Default remote DNS changed to Google (8.8.8.8) primary, Cloudflare (1.1.1.1) fallback
Bug Fixes
- Fix DNSTT log spam after disconnect — DNSTT Go library no longer retries sending on closed connections for 10+ seconds after VPN is turned off. Transport is now closed immediately in Stop().
- Fix "Delete All Profiles" not deleting connected profile — Now properly disconnects first, then deletes all profiles including the active one.
Improvements
- Authoritative mode warning — Warning text is now red and bold for both DNSTT and Slipstream profiles
- DNS Scanner animation — Smoother panel switching between Country and Custom resolver list options (no more card height jump)
- Remote DNS preference is now passed through all tunnel bridges (SSH, Slipstream, DNSTT)
❤8😢1
Bug Fixes
- Fixed crash on app update when upgrading caused by orphaned use_server_dns database column. The migration now properly removes the column via table recreation (compatible with Android 7+).
Improvements
- DoH DNS Scanner precision: Latency measurements are now significantly more stable and accurate. Uses a single reused socket,
pre-resolved addresses, nanosecond timing, and reports the median of 4 samples after a warm-up query.
- Config import forward-compatibility: Configs exported from future app versions are now imported gracefully instead of being rejected. A warning is shown if some settings may be missing.
New DoH Servers
Added 13 new DNS-over-HTTPS providers:
- AdGuard DNS & AdGuard Unfiltered
- Cloudflare Security & Cloudflare Family
- CleanBrowsing Family
- DNS4EU Protective
- Cisco Umbrella
- Mozilla DNS
- Mullvad (alternate URL)
- AliDNS
- Control D
- UncensoredDNS
- ComSS
- Fixed crash on app update when upgrading caused by orphaned use_server_dns database column. The migration now properly removes the column via table recreation (compatible with Android 7+).
Improvements
- DoH DNS Scanner precision: Latency measurements are now significantly more stable and accurate. Uses a single reused socket,
pre-resolved addresses, nanosecond timing, and reports the median of 4 samples after a warm-up query.
- Config import forward-compatibility: Configs exported from future app versions are now imported gracefully instead of being rejected. A warning is shown if some settings may be missing.
New DoH Servers
Added 13 new DNS-over-HTTPS providers:
- AdGuard DNS & AdGuard Unfiltered
- Cloudflare Security & Cloudflare Family
- CleanBrowsing Family
- DNS4EU Protective
- Cisco Umbrella
- Mozilla DNS
- Mullvad (alternate URL)
- AliDNS
- Control D
- UncensoredDNS
- ComSS
❤9👍5🙏1
New: SlipGate (NaiveProxy + SSH)
- New tunnel type: SlipGate — chains NaiveProxy (Chromium-based HTTPS tunnel) with SSH for a fully encrypted, censorship-resistant connection: https://github.com/anonvector/slipgate
- NaiveProxy mimics Chrome's TLS fingerprint, making tunnel traffic indistinguishable from normal HTTPS browsing
- NaiveBridge: manages NaiveProxy process lifecycle with SOCKS5 local proxy
- NaiveSocksProxy: bridges hev-socks5-tunnel to NaiveProxy with CONNECT and FWD_UDP support
- Pre-resolves server IP before connecting to prevent ISP DNS poisoning
Network Resilience
- SlipGate survives network changes (wifi ↔️ cellular) — full two-phase reconnection (NaiveProxy restart, then SSH re-establishment)
- Auto-tune SSH max channels per tunnel type for better performance
Reachability Test
- "Test Server Reachability" now works for all tunnel types (DNSTT, Slipstream, DoH, SlipGate) — only Snowflake/Tor is skipped
- Smart ping target selection per tunnel type (resolver host, DoH server, SSH host, etc.)
Deep Links
- Added slipnet:// URI deep link support — tap a link to import profiles directly
- New tunnel type: SlipGate — chains NaiveProxy (Chromium-based HTTPS tunnel) with SSH for a fully encrypted, censorship-resistant connection: https://github.com/anonvector/slipgate
- NaiveProxy mimics Chrome's TLS fingerprint, making tunnel traffic indistinguishable from normal HTTPS browsing
- NaiveBridge: manages NaiveProxy process lifecycle with SOCKS5 local proxy
- NaiveSocksProxy: bridges hev-socks5-tunnel to NaiveProxy with CONNECT and FWD_UDP support
- Pre-resolves server IP before connecting to prevent ISP DNS poisoning
Network Resilience
- SlipGate survives network changes (wifi ↔️ cellular) — full two-phase reconnection (NaiveProxy restart, then SSH re-establishment)
- Auto-tune SSH max channels per tunnel type for better performance
Reachability Test
- "Test Server Reachability" now works for all tunnel types (DNSTT, Slipstream, DoH, SlipGate) — only Snowflake/Tor is skipped
- Smart ping target selection per tunnel type (resolver host, DoH server, SSH host, etc.)
Deep Links
- Added slipnet:// URI deep link support — tap a link to import profiles directly
GitHub
GitHub - anonvector/slipgate: ⏺ SlipGate — Unified tunnel manager for Linux servers. Deploys and manages DNS tunnels (DNSTT, NoizDNS…
⏺ SlipGate — Unified tunnel manager for Linux servers. Deploys and manages DNS tunnels (DNSTT, NoizDNS, Slipstream) and HTTPS proxies (NaiveProxy) with systemd integration, multi-tunnel DNS routing...
❤16👍1🙏1
v1.9.2 Changelog
New Features
- Standalone NaiveProxy tunnel type — Direct NaiveProxy connection without SSH chaining, simpler setup with fewer credentials needed
- DoH server list import — Import DoH server URLs from text files for bulk scanning/testing
- Direct / + SSH toggle — NaiveProxy edit screen shows "Direct" and "+ SSH" labels
Bug Fixes
- SSH curve25519 key exchange — Fixed Algorithm negotiation fail when server only offers curve25519-sha256 by bundling BouncyCastle for X25519 support on Android
- Profile deletion while disconnected — Fixed bug where profiles couldn't be deleted after VPN stopped externally (stale connected
profile state)
Improvements
- Battery optimizations — Reduced DNS worker pool (10→5), increased keepalive interval (20s→40s), reduced DoH senders (32→12)
- Dynamic DNS pool in authoritative mode — Worker pool scales to 10 when using your own DNSTT servers for maximum throughput
- Added adaptive icon support
New Features
- Standalone NaiveProxy tunnel type — Direct NaiveProxy connection without SSH chaining, simpler setup with fewer credentials needed
- DoH server list import — Import DoH server URLs from text files for bulk scanning/testing
- Direct / + SSH toggle — NaiveProxy edit screen shows "Direct" and "+ SSH" labels
Bug Fixes
- SSH curve25519 key exchange — Fixed Algorithm negotiation fail when server only offers curve25519-sha256 by bundling BouncyCastle for X25519 support on Android
- Profile deletion while disconnected — Fixed bug where profiles couldn't be deleted after VPN stopped externally (stale connected
profile state)
Improvements
- Battery optimizations — Reduced DNS worker pool (10→5), increased keepalive interval (20s→40s), reduced DoH senders (32→12)
- Dynamic DNS pool in authoritative mode — Worker pool scales to 10 when using your own DNSTT servers for maximum throughput
- Added adaptive icon support
❤13❤🔥2👍2😭2
v2.0.1 Changelog
New Features
- Locked Profiles — Admins can now export profiles with a lock password for distribution. Locked
profiles hide all server details from end users while allowing connect/disconnect and delete.
Enter the admin password to permanently unlock.
- Auto-Reconnect — Automatically reconnects when the VPN drops or the network changes, with up
to 5 retries at 3-second intervals.
- DNS Scanner Selection Limit — Prevents selecting too many resolvers from the DNS scanner.
- Adaptive Icon — New adaptive launcher icon for modern Android home screens.
Bug Fixes
- DNSTT+SSH DNS Resolution — Fixed websites not loading on DNSTT+SSH by defaulting to the
server's local resolver (127.0.0.53) instead of external DNS (8.8.8.8), which often closes
long-lived TCP connections through SSH tunnels.
- SSH Session Liveness Detection — Active SSH keepalive probe every 30 seconds detects dead
sessions that passive checks miss (NAT timeout, server crash), triggering auto-reconnect
immediately.
- Fix NaiveProxy crash "Not a numeric address" when server hostname resolves to an IPv6 (AAAA)
address. DNS resolution now prefers IPv4, and IPv6 addresses are properly bracketed for
Chromium's host-resolver-rules parser.
New Features
- Locked Profiles — Admins can now export profiles with a lock password for distribution. Locked
profiles hide all server details from end users while allowing connect/disconnect and delete.
Enter the admin password to permanently unlock.
- Auto-Reconnect — Automatically reconnects when the VPN drops or the network changes, with up
to 5 retries at 3-second intervals.
- DNS Scanner Selection Limit — Prevents selecting too many resolvers from the DNS scanner.
- Adaptive Icon — New adaptive launcher icon for modern Android home screens.
Bug Fixes
- DNSTT+SSH DNS Resolution — Fixed websites not loading on DNSTT+SSH by defaulting to the
server's local resolver (127.0.0.53) instead of external DNS (8.8.8.8), which often closes
long-lived TCP connections through SSH tunnels.
- SSH Session Liveness Detection — Active SSH keepalive probe every 30 seconds detects dead
sessions that passive checks miss (NAT timeout, server crash), triggering auto-reconnect
immediately.
- Fix NaiveProxy crash "Not a numeric address" when server hostname resolves to an IPv6 (AAAA)
address. DNS resolution now prefers IPv4, and IPv6 addresses are properly bracketed for
Chromium's host-resolver-rules parser.
❤7👍5
What's New in v2.1.1
Encrypted Config Export
- Locked profiles now export as slipnet-enc:// links using AES-256-GCM encryption
- Ensures server credentials stay protected when sharing configs
End-to-End Tunnel Testing
- DNS scanner now supports E2E testing: verify resolvers work through actual DNSTT/Slipstream tunnels
- Transparent proxy detection to identify resolvers that interfere with tunnel traffic
- Default E2E timeout set to 7000ms
Faster TCP Fallback
- All non-DNS UDP is now rejected with ICMP Port Unreachable at the native level
- Apps like WhatsApp and browsers fall back to TCP instantly instead of waiting for timeouts
Battery Optimization
- New prompt on first connect to disable battery optimization for reliable background VPN
- Battery optimization setting added to Settings screen with current status
Locked Profile Privacy
- Locked profiles show "Locked" instead of the server domain in the profile list
- Tunnel type always visible below locked profiles
- DNS scanner uses google.com instead of the real domain for locked profiles
Other Changes
- Show all resolvers that respond (not just 4/4), with color-coded score
indicator
- Add score filter chips (All, 3+, 4/4) and Score sort option
- Added Telegram channel link (t.me/SlipNet_app) to About and Welcome dialogs
- Shared About dialog content between Settings and Welcome screens
- Locked DNSTT/Slipstream profiles can now edit DNS transport and resolvers
- Updated Tor to 0.4.9.5
- Dropped x86/x86_64 ABI support (ARM only)
Encrypted Config Export
- Locked profiles now export as slipnet-enc:// links using AES-256-GCM encryption
- Ensures server credentials stay protected when sharing configs
End-to-End Tunnel Testing
- DNS scanner now supports E2E testing: verify resolvers work through actual DNSTT/Slipstream tunnels
- Transparent proxy detection to identify resolvers that interfere with tunnel traffic
- Default E2E timeout set to 7000ms
Faster TCP Fallback
- All non-DNS UDP is now rejected with ICMP Port Unreachable at the native level
- Apps like WhatsApp and browsers fall back to TCP instantly instead of waiting for timeouts
Battery Optimization
- New prompt on first connect to disable battery optimization for reliable background VPN
- Battery optimization setting added to Settings screen with current status
Locked Profile Privacy
- Locked profiles show "Locked" instead of the server domain in the profile list
- Tunnel type always visible below locked profiles
- DNS scanner uses google.com instead of the real domain for locked profiles
Other Changes
- Show all resolvers that respond (not just 4/4), with color-coded score
indicator
- Add score filter chips (All, 3+, 4/4) and Score sort option
- Added Telegram channel link (t.me/SlipNet_app) to About and Welcome dialogs
- Shared About dialog content between Settings and Welcome screens
- Locked DNSTT/Slipstream profiles can now edit DNS transport and resolvers
- Updated Tor to 0.4.9.5
- Dropped x86/x86_64 ABI support (ARM only)
Telegram
SlipNet
https://github.com/anonvector/SlipNet
❤34