Skip to content

Releases: anonvector/slipgate

SlipGate v1.6.3-dev

24 Apr 19:53
@anonvector anonvector
v1.6.3-dev
17e740e

Choose a tag to compare

View all tags
SlipGate v1.6.3-dev Pre-release
Pre-release

Dev pre-release for v1.6.3.

Fixes

  • NaiveProxy backend=both crash-loopslipgate install / quick wizard with backend=both no longer creates two Caddy instances fighting for :443. One server-side naive tunnel now serves both SOCKS and SSH clients; the install summary still emits both naive-socks and naive-ssh slipnet:// URIs.
  • DNS-records summary — no longer prints garbage A record: ns. → your server IP lines for stuntls / direct-ssh / direct-socks5 tunnels that have no domain.
  • WARP live rule syncip rule add/del failures are now logged with full stderr, and a summary line tells you if any users may not be routing through WARP.
  • DNS router pending TXID exhaustion — logs the exhaustion case instead of silently dropping the query.
  • bulk_add / createUserInteractive save order — config now saved before SOCKS setup so a save failure aborts cleanly.
  • Makefile dev build — `make build-dev` now correctly sets ReleaseTag=dev- in the binary (was silently dropped by a parse-time vs. recipe-time evaluation bug).
  • install.sh dev channel — dev branch install.sh restored to CHANNEL="dev" (was accidentally flipped to stable during an earlier fast-forward).

New

  • users bulk_add --count=N --prefix=P creates up to 500 users in one call with random passwords, single SOCKS reload + single WARP rule sync for the whole batch.
  • SOCKS credentials hot-reload via file + SIGHUP — user add/remove no longer drops live client connections.
  • WARP routing refresh on user change uses live `ip rule` sync instead of restarting the WireGuard interface (which dropped every in-flight stream).
  • DNS router TXID multiplexing — server-allocated TXIDs prevent client-TXID collisions on shared backend sockets.
  • Quick wizard user reuse — re-running the wizard on a box with users offers to reuse one instead of silently resetting credentials.
  • tunnel add post-hook — offers to create a user after adding SSH/SOCKS-backed tunnels.
  • Password validation — rejects `:` and control characters at all input sites.

Install: `curl -fsSL https://raw.githubusercontent.com/anonvector/slipgate/dev/install.sh | sudo bash`

Loading

v1.6.2

12 Apr 12:49
@anonvector anonvector
v1.6.2
866335b

Choose a tag to compare

View all tags
v1.6.2 Latest
Latest

What's Changed

Tunnel Management

  • Show numbered tunnel list in tunnel edit instead of manual tag entry
  • Skip interactive tag prompt for tunnel edit, show select menu directly

WARP & Networking

  • Fix SOCKS5 user mismatch after WARP disable, optimize restart
  • Flush stale routing rules on WARP disable, fix direct SOCKS listen addr
  • Remove unreliable WARP outbound IP check from diagnostics

Build & Updates

  • Fix dev build auto-update: match *-dev suffix, set ReleaseTag in builds
  • install.sh: auto-detect latest dev release on dev branch

Stats & Diagnostics

  • Wire stats CLI, enhance WARP diagnostics, update VayDNS
Assets 12
Loading

SlipGate v1.6.2-dev

11 Apr 15:05
@anonvector anonvector
v1.6.2-dev
73f4a45

Choose a tag to compare

View all tags
SlipGate v1.6.2-dev Pre-release
Pre-release

What's new

  • slipgate stats CLI command — the live dashboard was only reachable from the TUI menu; now works as a direct CLI subcommand
  • Comprehensive WARP diagnosticsslipgate diag now verifies the full WARP routing pipeline:
    • WireGuard interface (wg0) up
    • WireGuard handshake recency (detects unreachable endpoints)
    • Routing table 200 default route
    • ip rule entries for every managed UID (SSH users, slipgate-socks, slipgate-naive)
    • SOCKS5 / NaiveProxy service user correctness
    • Outbound IP comparison (default vs WARP-routed via ipify.org)
  • VayDNS v0.2.8 — bump binary, add null and caa DNS record types

Notes

Pre-release for testing. If slipgate diag shows all WARP checks passing but traffic still bypasses WARP, please share the full diag output.

Loading

v1.6.1

10 Apr 10:12
@anonvector anonvector
v1.6.1
81d5fd3

Choose a tag to compare

View all tags
v1.6.1

Fixes

  • SSH port: Read SSH backend address from config instead of hardcoding port 22 — StunTLS, client URI generation, and firewall handlers now respect custom SSH ports
  • WARP on Debian: Install wireguard meta-package instead of wireguard-tools to include the kernel module on older Debian/Ubuntu systems
  • External tunnel --port flag: slipgate tunnel add --transport external now accepts --port for fully non-interactive usage
Loading

SlipGate v1.6.0

09 Apr 18:14
@anonvector anonvector
v1.6.0
7f9a40c

Choose a tag to compare

View all tags
SlipGate v1.6.0

SlipGate v1.6.0

New Features

  • Multi-user SOCKS5 auth — all configured users now authenticate simultaneously. Previously only the last-added user could connect.
  • StunTLS transport — SSH over TLS + WebSocket proxy. Auto-detects WebSocket, HTTP CONNECT, raw TLS, and payload (DPI bypass) modes. Self-signed TLS cert, no domain required. Available in install wizard and tunnel add.
  • External transport — route DNS queries for a domain to a user-specified UDP port for custom/private protocol testing. No managed service — slipgate only handles the DNS routing.
  • Config v22 — URI format updated with SSH payload field for DPI bypass support.

Improvements

  • StunTLS in install/wizard — available during initial setup; defaults to port 8443 when NaiveProxy is also selected to avoid port conflicts.
  • Diagnostics — external tunnels show as informational (yellow) instead of errors for missing service/port.
  • Interactive menu — batch tunnel add properly handles StunTLS and External (implicit backends, correct prompts).

Bug Fixes

  • Fix update on Debian 13 — self-update no longer fails with "text file busy" (ETXTBSY) when /tmp and /usr/local/bin are on different filesystems.
  • Fix duplicate usersAddUser now updates existing user instead of appending a duplicate.
  • Fix VayDNS record type — correct field position in exported config URIs.

Binaries

  • slipgate-linux-amd64 — x86_64
  • slipgate-linux-arm64 — ARM64
  • Transport binaries (dnstt-server, slipstream-server, caddy-naive) carried forward from v1.5.1
Loading

SlipGate v1.6.0-dev

09 Apr 17:27
@anonvector anonvector
v1.6.0-dev
a31ebd0

Choose a tag to compare

View all tags
SlipGate v1.6.0-dev Pre-release
Pre-release

Dev Release

What's New

  • Multi-user SOCKS5 auth — all configured users authenticate simultaneously
  • StunTLS transport — SSH over TLS + WebSocket proxy with auto-detection of WebSocket, HTTP CONNECT, raw TLS, and payload (DPI bypass) modes
  • StunTLS in install/wizard — available during initial setup with auto cert generation; defaults to port 8443 when NaiveProxy is also selected
  • External transport — route DNS queries for a domain to a user-specified UDP port for custom/private protocol testing
  • Fix update on Debian 13 — self-update no longer fails with "text file busy"
  • Debug logging — SOCKS5 auth logs credential count on startup and failed auth attempts
  • Config URI version bumped to v22 with SSH payload field

Usage

# StunTLS tunnel
sudo slipgate tunnel add --transport stuntls --tag mytls

# External DNS routing
sudo slipgate tunnel add --transport external --tag my-proto --domain j.example.com
# → prompts for target UDP port

Binaries

  • slipgate-linux-amd64 — x86_64
  • slipgate-linux-arm64 — ARM64
Loading

SlipGate v1.5.1

05 Apr 10:01
@anonvector anonvector
v1.5.1
92d8cba

Choose a tag to compare

View all tags
SlipGate v1.5.1

Changes

  • Remove DNS resolution section from diagnostics screen
  • Fix VayDNS record type not exported in client config URI
  • Show defaults in brackets for all interactive tunnel add prompts (MTU, idle timeout, keep alive, client ID size, queue size, port)
  • Mark default record type in VayDNS select menus across all wizards
  • Skip WARP prompt on re-run when already enabled
Loading

SlipGate v1.5.0

04 Apr 11:22
@anonvector anonvector
v1.5.0
94de447

Choose a tag to compare

View all tags
SlipGate v1.5.0

SlipGate v1.5.0

New Features

  • slipgate diag — Built-in diagnostics command that checks services, ports, keys, DNS resolution, boot persistence, systemd-resolved stub, and orphaned services. Shows last 10 journal lines for any failing service.
  • slipgate tunnel remove --all — Remove all tunnels at once with a single confirmation prompt.
  • Auto-download transport binaries on tunnel add — No longer requires running install first; tunnel add downloads the binary if missing and sets up DNS infrastructure (port 53, systemd-resolved).

Bug Fixes

  • Fix wizard key-sharing across transportssharedDNSTTKey leaked across transport groups in quick wizard, causing "failed to copy private key" errors when mixing DNS and non-DNS transports with "both" backends (e.g. VayDNS + Slipstream).
  • Fix DNS router not starting after reboot — Added After=systemd-resolved.service ordering so the DNS router waits for resolved to release port 53. Moved StartLimitBurst=0 to [Unit] section for wider systemd compatibility.
  • Fix tunnel add missing DNS setuptunnel add for DNS transports now opens port 53 in the firewall and disables systemd-resolved stub listener, matching the behavior of install and quick wizard.
  • Fix diag false positives — Direct transports (SSH, SOCKS5) no longer flagged as missing services; WARP service no longer flagged as orphaned.
Loading

SlipGate v1.4.1

03 Apr 11:07
@anonvector anonvector
v1.4.1
6f7e871

Choose a tag to compare

View all tags
SlipGate v1.4.1

SlipGate v1.4.1

Bug Fixes

  • Fix install wiping existing configslipgate install no longer overwrites existing tunnels, users, and route settings
  • Fix DNS router not starting on boot — service was never systemctl enabled, now persists across reboots
  • Fix update binary loss — transport binaries are backed up before re-download; restored on failure instead of being deleted
  • Fix restart order — tunnels restart before DNS router/SOCKS5, so tunnels are ready when the router comes back up

Features

  • Tunnel tag renamingslipgate tunnel edit --tag old --new-tag new renames tunnel directory, service, config, and route references
  • Auto-deduplicate tags — wizard and install auto-suffix tags (-2, -3, etc.) when duplicates exist
  • Shared keypair for "both" backendtunnel add --backend both now shares the Curve25519 keypair across socks/ssh tunnels, matching wizard behavior
  • VayDNS public key in install summary — shown alongside DNSTT keys at the end of install
  • VayDNS tuning flags in tunnel add CLI--idle-timeout, --keep-alive, --clientid-size, --queue-size
Loading

v1.4.0

03 Apr 00:03
@anonvector anonvector
v1.4.0
24cee79

Choose a tag to compare

View all tags
v1.4.0

SlipGate v1.4.0

New

  • VayDNS transport — KCP-based DNS tunnel with Curve25519 encryption, configurable record type, idle timeout, keepalive, client ID size, and queue size
  • Redesigned stats dashboard — 256-color palette, load average, uptime, peak/avg sparkline annotations, service status section, domain column in tunnel table
  • WARP integration — optional Cloudflare WARP outbound routing

Improved

  • All VayDNS parameters available on both tunnel add and tunnel edit CLI flags
  • Select prompts default to first option on Enter, showing default in brackets
  • VayDNS HMAC verification registered in DNS router
  • Dev builds prefer dev releases for updates, fall back to stable
  • Update command prints download URL for debugging
  • Improved architecture diagram in README

Fixed

  • TCPKeepAlive moved from sshd Match block to global settings (was causing sshd validation failure)
  • system_install missing VayDNS transport case (caused "vaydns config is nil" on install)
  • vaydns-server added to uninstall and update binary lists
Loading