v2.2.1

v2.2.1

New: NoizDNS Protocol

• New tunnel type: NoizDNS — a DPI-evasion layer on top of DNSTT
• Optional stealth mode for environments with aggressive DPI (slower speed, harder to detect)
• Works with both standalone and SSH tunnel modes

Build Variants

• Full: All tunnel types including Tor (Snowflake/obfs4/Meek) and NaiveProxy. Supports arm64 and
  armeabi-v7a.
• Lite: All tunnel types except Tor and NaiveProxy. arm64-only for smaller APK size (10mb only).
• Both variants include DNSTT, NoizDNS, Slipstream, SSH, and DoH.

DNS Scanner Improvements

• Focus range: when a working resolver is found during country/range scans, automatically scans the /24
  subnet to discover nearby resolvers
• EDNS payload size probing — tests 512, 900, and 1232 byte support individually
• NXDOMAIN hijacking detection — identifies resolvers that return fake answers
• Scanner score now 6-point (was 5): added EDNS size and NXDOMAIN tests
• E2E test on DNSTT configs now verifies actual server reachability
• E2E progress: currently-tested IP is highlighted in the results list with phase indicator
• E2E results shown as colored chips (green/red) with latency on each resolver
• Export and copy found DNS IPs directly from the scan results screen
• Memory optimization: only working results kept in memory, enabling larger scans without crashes
• Easier export of found DNS IPs directly from the scan results screen
• Country-based IP range scanning — select specific IP ranges per country for targeted DNS discovery
• Removed 90 duplicate IPs from built-in resolver list
• Added score filter options up to 5+

Profile Sharing & Locking

• Set expiration date on shared configs — access automatically revoked after the date
• Bind configs to a specific device ID — prevents use on other devices
• Control whether recipients can re-share the config

Build & Performance

• Lite build is now arm64-only — smaller APK size
• Full build still supports both arm64 and armeabi-v7a
• Improved CI caching for faster builds

Other

• Debug log screen improvements
• Various stability and tunnel reliability fixes

v2.1.1

Full Changelog: v2.1.0...v2.1.1

• Show all resolvers that respond (not just 4/4), with color-coded score
  indicator
• Add score filter chips (All, 3+, 4/4) and Score sort option
• Collapsible sort/filter bar with persisted state
• Horizontal scroll on sort/filter rows for small screens
• Default E2E timeout changed to 7000ms

v2.1.0

Full Changelog: v2.0.1...v2.1.0

What's New in v2.1.0

Encrypted Config Export

• Locked profiles now export as slipnet-enc:// links using AES-256-GCM encryption
• Ensures server credentials stay protected when sharing configs

End-to-End Tunnel Testing

• DNS scanner now supports E2E testing: verify resolvers work through actual DNSTT/Slipstream tunnels
• Transparent proxy detection to identify resolvers that interfere with tunnel traffic
• Default E2E timeout set to 7000ms

Faster TCP Fallback

• All non-DNS UDP is now rejected with ICMP Port Unreachable at the native level
• Apps like WhatsApp and browsers fall back to TCP instantly instead of waiting for timeouts

Battery Optimization

• New prompt on first connect to disable battery optimization for reliable background VPN
• Battery optimization setting added to Settings screen with current status

Locked Profile Privacy

• Locked profiles show "Locked" instead of the server domain in the profile list
• Tunnel type always visible below locked profiles
• DNS scanner uses google.com instead of the real domain for locked profiles

Other Changes

• Added Telegram channel link (t.me/SlipNet_app) to About and Welcome dialogs
• Shared About dialog content between Settings and Welcome screens
• Locked DNSTT/Slipstream profiles can now edit DNS transport and resolvers
• Updated Tor to 0.4.9.5
• Dropped x86/x86_64 ABI support (ARM only)

v2.0.1

Full Changelog: v2.0...v2.0.1

• Fix NaiveProxy crash "Not a numeric address" when server hostname resolves to an IPv6 (AAAA)
  address. DNS resolution now prefers IPv4, and IPv6 addresses are properly bracketed for
  Chromium's host-resolver-rules parser.

v2.0

New Features

• Locked Profiles — Admins can now export profiles with a lock password for distribution. Locked
  profiles hide all server details from end users while allowing connect/disconnect and delete.
  Enter the admin password to permanently unlock.
• Auto-Reconnect — Automatically reconnects when the VPN drops or the network changes, with up
  to 5 retries at 3-second intervals.
• DNS Scanner Selection Limit — Prevents selecting too many resolvers from the DNS scanner.
• Adaptive Icon — New adaptive launcher icon for modern Android home screens.

Bug Fixes

• DNSTT+SSH DNS Resolution — Fixed websites not loading on DNSTT+SSH by defaulting to the
  server's local resolver (127.0.0.53) instead of external DNS (8.8.8.8), which often closes
  long-lived TCP connections through SSH tunnels.
• SSH Session Liveness Detection — Active SSH keepalive probe every 30 seconds detects dead
  sessions that passive checks miss (NAT timeout, server crash), triggering auto-reconnect
  immediately.

Full Changelog: v1.9.2...v2.0

v1.9.2

Full Changelog: v1.9.1...v1.9.2

v1.9.2 Changelog

• Small fixes

v1.9.1

v1.9.1 Changelog

New Features

• Standalone NaiveProxy tunnel type — Direct NaiveProxy connection without SSH chaining, simpler setup with fewer credentials needed
• DoH server list import — Import DoH server URLs from text files for bulk scanning/testing
• Direct / + SSH toggle — NaiveProxy edit screen shows "Direct" and "+ SSH" labels

Bug Fixes

• SSH curve25519 key exchange — Fixed Algorithm negotiation fail when server only offers curve25519-sha256 by bundling BouncyCastle for X25519 support on Android
• Profile deletion while disconnected — Fixed bug where profiles couldn't be deleted after VPN stopped externally (stale connected
  profile state)

Improvements

• Battery optimizations — Reduced DNS worker pool (10→5), increased keepalive interval (20s→40s), reduced DoH senders (32→12)
• Dynamic DNS pool in authoritative mode — Worker pool scales to 10 when using your own DNSTT servers for maximum throughput
• ✨ Added adaptive icon support (#26) — contributed by @senya5544

v1.9.0

New: SlipGate (NaiveProxy + SSH)

• New tunnel type: SlipGate — chains NaiveProxy (Chromium-based HTTPS tunnel) with SSH for a fully encrypted, censorship-resistant connection: https://github.com/anonvector/slipgate
• NaiveProxy mimics Chrome's TLS fingerprint, making tunnel traffic indistinguishable from normal HTTPS browsing
• NaiveBridge: manages NaiveProxy process lifecycle with SOCKS5 local proxy
• NaiveSocksProxy: bridges hev-socks5-tunnel to NaiveProxy with CONNECT and FWD_UDP support
• Pre-resolves server IP before connecting to prevent ISP DNS poisoning

Network Resilience

• SlipGate survives network changes (wifi ↔ cellular) — full two-phase reconnection (NaiveProxy restart, then SSH re-establishment)
• Auto-tune SSH max channels per tunnel type for better performance

Reachability Test

• "Test Server Reachability" now works for all tunnel types (DNSTT, Slipstream, DoH, SlipGate) — only Snowflake/Tor is skipped
• Smart ping target selection per tunnel type (resolver host, DoH server, SSH host, etc.)

Deep Links

• Added slipnet:// URI deep link support — tap a link to import profiles directly

v1.8.7

Bug Fixes

• Fixed crash on app update when upgrading caused by orphaned use_server_dns database column. The migration now properly removes the column via table recreation (compatible with Android 7+).

Improvements

• DoH DNS Scanner precision: Latency measurements are now significantly more stable and accurate. Uses a single reused socket,
  pre-resolved addresses, nanosecond timing, and reports the median of 4 samples after a warm-up query.
• Config import forward-compatibility: Configs exported from future app versions are now imported gracefully instead of being rejected. A warning is shown if some settings may be missing.

New DoH Servers

Added 13 new DNS-over-HTTPS providers:

• AdGuard DNS & AdGuard Unfiltered
• Cloudflare Security & Cloudflare Family
• CleanBrowsing Family
• DNS4EU Protective
• Cisco Umbrella
• Mozilla DNS
• Mullvad (alternate URL)
• AliDNS
• Control D
• UncensoredDNS
• ComSS

v1.8.6

v1.8.6

New Features

• Global Remote DNS Setting — New setting in Settings to control which DNS servers are used on the remote side of all
  tunnels. Supports primary + fallback DNS with custom IP input.
• Default remote DNS changed to Google (8.8.8.8) primary, Cloudflare (1.1.1.1) fallback

Bug Fixes

• Fix DNSTT log spam after disconnect — DNSTT Go library no longer retries sending on closed connections for 10+
  seconds after VPN is turned off. Transport is now closed immediately in Stop().
• Fix "Delete All Profiles" not deleting connected profile — Now properly disconnects first, then deletes all profiles
  including the active one.

Improvements

• Authoritative mode warning — Warning text is now red and bold for both DNSTT and Slipstream profiles
• DNS Scanner animation — Smoother panel switching between Country and Custom resolver list options (no more card
  height jump)
• Remote DNS preference is now passed through all tunnel bridges (SSH, Slipstream, DNSTT)