Slipgate
⏺ SlipGate — Unified tunnel manager for Linux servers. Deploys and manages DNS tunnels (DNSTT, NoizDNS, Slipstream) and HTTPS proxies (NaiveProxy) with systemd integration, multi-tunnel DNS routing, user management, and one-tap client sharing via slipnet:// URIs.
Install / Use
/learn @anonvector/SlipgateREADME
SlipGate
Unified tunnel manager for Linux servers. Manages DNS tunnels (DNSTT, NoizDNS, Slipstream, VayDNS) and HTTPS proxies (NaiveProxy) with systemd services, multi-tunnel DNS routing, and user management. Designed for use with the SlipNet Android VPN app.
Features
- Multi-transport: DNSTT/NoizDNS (DNS tunnels with Curve25519 encryption), Slipstream (QUIC-based DNS), VayDNS (KCP-based DNS with Curve25519), NaiveProxy (HTTPS with Caddy)
- Dual backend: Built-in SOCKS5 proxy or SSH forwarding
- DNS routing: Single-tunnel or multi-tunnel mode with domain-based dispatch
- WARP integration: Optional Cloudflare WARP outbound routing (see dnstun-ezpz for an alternative approach)
- User management: Managed SSH + SOCKS credentials per user
- Live dashboard: Real-time TUI with CPU, RAM, traffic sparklines, per-protocol connection stats, and tunnel status
- Diagnostics: Built-in health checks for services, ports, keys, DNS resolution, and boot persistence
- Interactive TUI + CLI: Menu-driven setup or scriptable subcommands
- Systemd integration: Service creation, lifecycle, and logs
- Auto-TLS: Let's Encrypt via Caddy for NaiveProxy tunnels
- Self-update: Version checking and binary replacement from GitHub releases
- Client sharing: Generates
slipnet://URIs for one-tap app import
Requirements
- OS: Linux (Ubuntu 20.04+, Debian 11+, or similar)
- Domain: DNS A record pointed at your server (required for DNS tunnels and NaiveProxy)
- Ports: 53/udp (DNS tunnels), 443/tcp (NaiveProxy)
Quick Start
One-liner install:
curl -fsSL https://raw.githubusercontent.com/anonvector/slipgate/main/install.sh | sudo bash
Or build from source:
git clone https://github.com/anonvector/slipgate.git
cd slipgate
make build
sudo ./slipgate install
Offline install (SCP to server):
Download the binaries you need from the latest release:
# On your local machine — download binaries
mkdir slipgate-bundle && cd slipgate-bundle
curl -LO https://github.com/anonvector/slipgate/releases/latest/download/slipgate-linux-amd64
curl -LO https://github.com/anonvector/slipgate/releases/latest/download/dnstt-server-linux-amd64
curl -LO https://github.com/anonvector/slipgate/releases/latest/download/slipstream-server-linux-amd64
curl -LO https://github.com/anonvector/slipgate/releases/latest/download/caddy-naive-linux-amd64
# SCP to server
scp * user@server:/tmp/slipgate/
# On the server
chmod +x /tmp/slipgate/*
sudo cp /tmp/slipgate/slipgate-linux-amd64 /usr/local/bin/slipgate
sudo slipgate install --bin-dir /tmp/slipgate
Then launch the interactive menu:
sudo slipgate
CLI Usage
slipgate # Interactive TUI menu
slipgate install # Install dependencies and configure server
slipgate uninstall # Remove all services, configs, and binaries
slipgate update # Self-update and restart all services
slipgate restart # Restart all services (DNS router, tunnels, SOCKS)
slipgate users # Manage SSH/SOCKS users and view configs
slipgate stats # Live dashboard (CPU, RAM, traffic, connections, tunnels)
slipgate diag # Run diagnostics (services, ports, keys, DNS, boot status)
# Tunnel management
slipgate tunnel add # Add tunnel(s) — supports multi-select and "both" backend
slipgate tunnel edit [tag] # Edit tunnel settings (tag, MTU, keys)
slipgate tunnel remove [tag] # Remove a tunnel
slipgate tunnel remove --all # Remove all tunnels at once
slipgate tunnel start [tag] # Start a tunnel
slipgate tunnel stop [tag] # Stop a tunnel
slipgate tunnel status # Show all tunnel statuses
slipgate tunnel status [tag] # Show tunnel details (keys, MTU, port)
slipgate tunnel share [tag] # Generate slipnet:// URI for clients
slipgate tunnel logs [tag] # View tunnel logs
# DNS routing
slipgate router status # Show DNS routing config
slipgate router mode # Switch between single/multi mode
slipgate router switch # Change active tunnel (single mode)
# Configuration
slipgate config export # Export configuration
slipgate config import # Import configuration
# Internal (used by systemd services)
slipgate dnsrouter serve # Start DNS router
slipgate socks serve # Start built-in SOCKS5 proxy
Non-Interactive Examples
All commands support flags for scripting and automation. If any required flag is omitted, slipgate falls back to an interactive prompt.
# DNSTT tunnel
sudo slipgate tunnel add \
--transport dnstt \
--backend socks \
--tag mydnstt \
--domain t.example.com
# DNSTT tunnel with custom Curve25519 keys
sudo slipgate tunnel add \
--transport dnstt \
--backend socks \
--tag mytunnel \
--domain t.example.com \
--private-key <64-char-hex> \
--public-key <64-char-hex> # optional, validated if provided
# DNSTT with both backends (creates mydnstt-socks + mydnstt-ssh)
sudo slipgate tunnel add \
--transport dnstt \
--backend both \
--tag mydnstt \
--domain t.example.com
# VayDNS tunnel (KCP + Curve25519)
sudo slipgate tunnel add \
--transport vaydns \
--backend socks \
--tag myvaydns \
--domain v.example.com
# VayDNS with all tuning parameters
sudo slipgate tunnel add \
--transport vaydns \
--backend both \
--tag myvaydns \
--domain v.example.com \
--record-type txt \
--idle-timeout 10s \
--keep-alive 2s \
--clientid-size 2 \
--queue-size 512
# Slipstream tunnel
sudo slipgate tunnel add \
--transport slipstream \
--backend ssh \
--tag myslip \
--domain s.example.com
# NaiveProxy tunnel
sudo slipgate tunnel add \
--transport naive \
--backend socks \
--tag myproxy \
--domain example.com \
--email admin@example.com \
--decoy-url https://www.wikipedia.org
# Direct SSH / SOCKS5 transports
sudo slipgate tunnel add --transport direct-ssh --tag myssh
sudo slipgate tunnel add --transport direct-socks5 --tag mysocks
# Rename a tunnel
sudo slipgate tunnel edit --tag mydnstt --new-tag my-tunnel
# Change MTU on a DNSTT tunnel
sudo slipgate tunnel edit --tag mydnstt --mtu 1232
# Tune VayDNS parameters
sudo slipgate tunnel edit --tag myvaydns \
--mtu 1232 \
--record-type txt \
--idle-timeout 10s \
--keep-alive 2s \
--clientid-size 2 \
--queue-size 512
# View tunnel details (keys, MTU, port, status)
sudo slipgate tunnel status --tag mydnstt
# Share tunnel config as slipnet:// URI
sudo slipgate tunnel share mydnstt
Architecture
┌──────────────────┐
│ SlipNet Client │
│ │
└────────┬─────────┘
│
DNS :53/udp ──────┼────── HTTPS :443/tcp
│ │ │
┌───────────────────┼───────────┼───────────┼──────────────────┐
│ SERVER v │ v │
│ │ │
│ ┌────────────────────────┐ │ ┌───────────────────────┐ │
│ │ DNS Router │ │ │ NaiveProxy │ │
│ │ domain-based dispatch │ │ │ Caddy + Auto-TLS │ │
│ │ single / multi mode │ │ │ + decoy website │ │
│ └──┬────────┬────────┬───┘ │ └───────────┬───────────┘ │
│ │ │ │ │ │ │
│ v v v │ │ │
│ ┌──────┐┌────────┐┌──────┐ │ │ │
│ │DNSTT ││Slip- ││VayDNS│ │ │ │
│ │NoizDN││stream ││ │ │ │ │
│ │──────││────────││──────│ │ │ │
│ │DNS ││QUIC ││KCP │ │ │ │
│ │Curve ││TLS cert││Curve │ │ │ │
│ │25519 ││ ││25519 │ │ │ │
│ └──┬───┘└───┬────┘└──┬───┘ │ │ │
│ └────────┼────────┘ │ │ │
│ │ │ │ │
│ v v v │
│ ┌──────────────────────────────────────────────────────┐ │
│ │ Backend Layer │ │
│ │ │ │
│ │ ┌──────────────────┐ ┌──────────────────────┐ │ │
│ │ │ SOCKS5 Proxy │ │ SSH Forwarding │ │ │
│ │ │ built-in Go │ │ port forwarding │ │ │
│ │ │ :1080 │ │ :22 │ │ │
│ │ └────────┬─────────┘ └──────────┬───────────┘ │ │
│ │ └─────────┬───────────────┘ │ │
│ └──────────────────────┼───────────────────────────────┘ │
│ v │
│ ┌──────────────────────┐ │
│ │ WARP (optional) │ │
│ │ Cloudflare outbound │ │
│ └──────────┬───────────┘ │
│ v │
│ Internet │
└──────────────────────────────────────────────────────────────┘
systemd: slipgate-dnsrouter, slipgate-socks5, slipgate-{tag}
Transport Types
| Transport | Protocol | Port | Description | |-----------|----------|------|-------------| | DNSTT/NoizDNS | DNS | 53/udp | Curve25519 encrypted DNS tunnel. A single server serves both DNSTT and NoizDNS clients. NoizDNS adds DPI evasion with base36
