SlipNet

⚠️ NOTICE: This project is protected under the SlipNet Source-Available License. You may not copy, redistribute, or publish this app — in source or binary form — on any app store, website, or platform. You may not use the SlipNet name, logo, or any part of the code in your own projects. Violations will result in a DMCA takedown and may lead to the permanent suspension of your account.

SlipNet is NOT available on any app store. Any version you find on Google Play, the Apple App Store, or any other marketplace is not published by us and may be outdated, modified, or unsafe. The only official sources are this GitHub repository and our Telegram channel.

<p align="center"> <img src="imgs/icon.png" alt="SlipNet Logo" width="200"> </p>

A fast, modern VPN client featuring DNS tunneling with support for multiple protocols. Available as an Android app (Jetpack Compose + Kotlin) and a cross-platform CLI client (Go).

This is a legitimate source-available anti-censorship tool designed to help users in countries with internet censorship access the free internet. It is comparable to Tor, Psiphon, Outline VPN (Google Jigsaw), and dnstt. This project does not target, exploit, or attack any systems — it is a client-side privacy tool used voluntarily by end users.

Donate

If you want to support development:

• BEP-20 / ERC-20 / Arbitrum: 0xd4140058389572D50dC8716e768e687C050Dd5C9
• Monero (XMR): 48wa9asF4AdZCq8KvPqBmqN3s98XFQ2MG7pL8MY6hAc6ZXBd8D61LArebdmAwCk5jBBbR2BuiHkSraEYFhx5AdDqLxDB4GU

Community

Join our Telegram channel for updates, support, and discussions:

Tunnel Types

SlipNet supports multiple tunnel types with optional SSH chaining:

| Tunnel Type | Protocol | Description | |-------------|----------|-------------| | DNSTT | KCP + Noise | Stable and reliable DNS tunneling | | DNSTT + SSH | KCP + Noise + SSH | DNSTT with SSH chaining for zero DNS leaks | | NoizDNS | KCP + Noise | DPI-resistant DNS tunneling | | NoizDNS + SSH | KCP + Noise + SSH | NoizDNS with SSH chaining | | Slipstream | QUIC | High-performance QUIC tunneling | | Slipstream + SSH | QUIC + SSH | Slipstream with SSH chaining | | SSH | SSH | Standalone SSH tunnel (no DNS tunneling) | | NaiveProxy | HTTPS (Chromium) | HTTPS tunnel with authentic Chrome TLS fingerprinting | | NaiveProxy + SSH | HTTPS + SSH | NaiveProxy with SSH chaining for extra encryption | | DOH | DNS over HTTPS | DNS-only encryption via HTTPS (RFC 8484) | | Tor | Tor Network | Connect via Tor with Snowflake, obfs4, Meek, or custom bridges |

Note: DNSTT is the default and recommended tunnel type for most users. NoizDNS adds DPI resistance on top of DNSTT for censored networks. SSH variants add an extra layer of encryption and can prevent DNS leaks.

Features

• Modern UI: Built entirely with Jetpack Compose and Material 3 design
• Multiple Tunnel Types: DNSTT, NoizDNS, Slipstream, SSH, NaiveProxy, DOH, and Tor with optional SSH chaining
• NoizDNS: DPI-resistant DNS tunneling with optional stealth mode
• SSH Tunneling: Chain SSH through DNSTT, NoizDNS, Slipstream, or NaiveProxy, or use standalone SSH
• NaiveProxy: Chromium-based HTTPS tunnel with authentic TLS fingerprinting to evade DPI
• DNS over HTTPS: Encrypt DNS queries via HTTPS without tunneling other traffic
• DNS Transport Selection: Choose UDP, DoT, or DoH for DNSTT DNS resolution
• SSH Cipher Selection: Choose between AES-128-GCM, ChaCha20, and AES-128-CTR
• DNS Server Scanning: Automatically discover and test compatible DNS servers with EDNS probing, NXDOMAIN hijacking detection, and country-based IP range scanning
• Multiple Profiles: Create and manage multiple server configurations
• Configurable Proxy: Set custom listen address and port
• Quick Settings Tile: Toggle VPN connection directly from the notification shade
• Auto-connect on Boot: Optionally reconnect VPN when device starts
• APK Sharing: Share the app via Bluetooth or other methods in case of internet shutdowns
• Debug Logging: Toggle detailed traffic logs for troubleshooting
• Dark Mode: Full support for system-wide dark theme

Server Setup

To use this client, you must have a compatible server. Please configure your server using one of the following deployment scripts:

NoizDNS (recommended for censored networks): noizdns-deploy — One-click NoizDNS server with interactive management menu. Auto-detects both DNSTT and NoizDNS clients.

DNSTT + Slipstream (combined): dnstm — DNS Tunnel Manager supporting both Slipstream and DNSTT with SOCKS5, SSH, and Shadowsocks backends

DNSTT: dnstt-deploy

Slipstream: slipstream-rust-deploy

NaiveProxy: slipgate

Screenshots

<p align="center"> <img src="imgs/screenshot_1.jpg" alt="Home Screen" width="250"> &nbsp;&nbsp; <img src="imgs/screenshot_2.jpg" alt="Tunnel Types" width="250"> &nbsp;&nbsp; <img src="imgs/screenshot_3.jpg" alt="Settings" width="250"> </p>

Requirements

Android App

• Android 7.0 (API 24) or higher
• Android Studio Hedgehog (2023.1.1) or later
• JDK 17
• Rust toolchain (for building the native library)
• Android NDK 29

CLI Client

• Go 1.24+ (auto-downloaded via GOTOOLCHAIN if needed)
• No other dependencies (statically linked binaries)

Building (Android)

Prerequisites

1. Install Rust

   curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh
   

2. Add Android targets

   rustup target add aarch64-linux-android armv7-linux-androideabi i686-linux-android x86_64-linux-android
   

3. Set up OpenSSL for Android

   OpenSSL will be automatically downloaded when you build for the first time. You can also set it up manually:

   ./gradlew setupOpenSsl
   

   This will download pre-built OpenSSL libraries or build from source if the download fails. OpenSSL files will be installed to ~/android-openssl/android-ssl/.

   To verify your OpenSSL setup:

   ./gradlew verifyOpenSsl
   

Build Steps

1. Clone the repository

   git clone https://github.com/anonvector/SlipNet.git
   cd SlipNet
   

2. Initialize submodules

   git submodule update --init --recursive
   

3. Build the project

   ./gradlew assembleDebug
   

   Or open the project in Android Studio and build from there.

CLI Client

SlipNet includes a cross-platform CLI client for macOS, Linux, and Windows. It connects using a slipnet:// config URI and starts a local SOCKS5 proxy. For a GUI alternative, see SlipStreamGUI.

Download

Pre-built binaries are available on the Releases page:

| Platform | Binary | |----------|--------| | macOS (Apple Silicon) | slipnet-darwin-arm64 | | macOS (Intel) | slipnet-darwin-amd64 | | Linux (x64) | slipnet-linux-amd64 | | Linux (ARM64) | slipnet-linux-arm64 | | Windows (x64) | slipnet-windows-amd64.exe |

CLI Usage

# Basic usage — auto-detects server if DNS delegation isn't set up
./slipnet 'slipnet://BASE64...'

# Specify a custom DNS resolver
./slipnet --dns 1.1.1.1 'slipnet://BASE64...'

# Use a custom local proxy port
./slipnet --port 9050 'slipnet://BASE64...'

# Limit DNS query size (smaller = stealthier, slower)
# Presets: 100 (large), 80 (medium), 60 (small), 50 (minimum)
./slipnet --query-size 80 'slipnet://BASE64...'

# Randomize query size with padding (e.g. 50–70 byte queries)
./slipnet --query-size 50 --query-padding 20 'slipnet://BASE64...'

# Show version
./slipnet --version

Once connected, configure your apps to use the SOCKS5 proxy:

# Test with curl
curl --socks5-hostname 127.0.0.1:1080 https://ifconfig.me

# If the server requires SOCKS5 authentication (username:password)
curl --socks5-hostname user:pass@127.0.0.1:1080 https://ifconfig.me

# Firefox: Settings → Network → SOCKS5 proxy: 127.0.0.1:1080
#          Check "Proxy DNS when using SOCKS v5"

# Chrome (launch with proxy flag):
google-chrome --proxy-server="socks5://127.0.0.1:1080"

The CLI auto-detects when DNS delegation isn't available and falls back to connecting directly to the server via its NS record.

Scanner

The CLI includes a built-in DNS scanner with multiple scan modes:

DNS Scan

Tests resolvers for DNS tunnel compatibility using EDNS probing, NXDOMAIN hijacking detection, and latency measurement. Each resolver gets a score from 0–6.

# Scan with a file of resolver IPs
./slipnet scan --domain t.example.com --ips resolvers.txt

# Scan a single IP
./slipnet scan --domain t.example.com --ip 8.8.8.8

# Use the built-in resolver list
./slipnet scan --domain t.example.com

DNS Scan + E2E

Runs DNS scanning and automatically feeds resolvers meeting the score threshold into end-to-end tunnel tests. Each E2E test starts a real tunnel through the resolver and makes an HTTP request.

# Using a slipnet:// config (auto-extracts domain, pubkey, and mode)
./slipnet scan --config 'slipnet://BASE64...' --ips resolvers.txt

# Manual domain + pubkey
./slipnet scan --domain t.example.com --ips resolvers.txt --e2e --pubkey HEXKEY

# With NoizDNS mode
./slipnet scan --domain t.example.com --ips resolvers.txt --e2e --pubkey HEXKEY --noizdns

E2E Test Only

Skips the DNS scan entirely and runs E2E tunn