v1.6.2

What's Changed

Tunnel Management

• Show numbered tunnel list in tunnel edit instead of manual tag entry
• Skip interactive tag prompt for tunnel edit, show select menu directly

WARP & Networking

• Fix SOCKS5 user mismatch after WARP disable, optimize restart
• Flush stale routing rules on WARP disable, fix direct SOCKS listen addr
• Remove unreliable WARP outbound IP check from diagnostics

Build & Updates

• Fix dev build auto-update: match *-dev suffix, set ReleaseTag in builds
• install.sh: auto-detect latest dev release on dev branch

Stats & Diagnostics

• Wire stats CLI, enhance WARP diagnostics, update VayDNS

SlipGate v1.6.2-dev

What's new

• slipgate stats CLI command — the live dashboard was only reachable from the TUI menu; now works as a direct CLI subcommand
• Comprehensive WARP diagnostics — slipgate diag now verifies the full WARP routing pipeline:
  • WireGuard interface (wg0) up
  • WireGuard handshake recency (detects unreachable endpoints)
  • Routing table 200 default route
  • ip rule entries for every managed UID (SSH users, slipgate-socks, slipgate-naive)
  • SOCKS5 / NaiveProxy service user correctness
  • Outbound IP comparison (default vs WARP-routed via ipify.org)
• VayDNS v0.2.8 — bump binary, add null and caa DNS record types

Notes

Pre-release for testing. If slipgate diag shows all WARP checks passing but traffic still bypasses WARP, please share the full diag output.

v1.6.1

Fixes

• SSH port: Read SSH backend address from config instead of hardcoding port 22 — StunTLS, client URI generation, and firewall handlers now respect custom SSH ports
• WARP on Debian: Install wireguard meta-package instead of wireguard-tools to include the kernel module on older Debian/Ubuntu systems
• External tunnel --port flag: slipgate tunnel add --transport external now accepts --port for fully non-interactive usage

SlipGate v1.6.0

SlipGate v1.6.0

New Features

• Multi-user SOCKS5 auth — all configured users now authenticate simultaneously. Previously only the last-added user could connect.
• StunTLS transport — SSH over TLS + WebSocket proxy. Auto-detects WebSocket, HTTP CONNECT, raw TLS, and payload (DPI bypass) modes. Self-signed TLS cert, no domain required. Available in install wizard and tunnel add.
• External transport — route DNS queries for a domain to a user-specified UDP port for custom/private protocol testing. No managed service — slipgate only handles the DNS routing.
• Config v22 — URI format updated with SSH payload field for DPI bypass support.

Improvements

• StunTLS in install/wizard — available during initial setup; defaults to port 8443 when NaiveProxy is also selected to avoid port conflicts.
• Diagnostics — external tunnels show as informational (yellow) instead of errors for missing service/port.
• Interactive menu — batch tunnel add properly handles StunTLS and External (implicit backends, correct prompts).

Bug Fixes

• Fix update on Debian 13 — self-update no longer fails with "text file busy" (ETXTBSY) when /tmp and /usr/local/bin are on different filesystems.
• Fix duplicate users — AddUser now updates existing user instead of appending a duplicate.
• Fix VayDNS record type — correct field position in exported config URIs.

Binaries

• slipgate-linux-amd64 — x86_64
• slipgate-linux-arm64 — ARM64
• Transport binaries (dnstt-server, slipstream-server, caddy-naive) carried forward from v1.5.1

SlipGate v1.6.0-dev

Dev Release

What's New

• Multi-user SOCKS5 auth — all configured users authenticate simultaneously
• StunTLS transport — SSH over TLS + WebSocket proxy with auto-detection of WebSocket, HTTP CONNECT, raw TLS, and payload (DPI bypass) modes
• StunTLS in install/wizard — available during initial setup with auto cert generation; defaults to port 8443 when NaiveProxy is also selected
• External transport — route DNS queries for a domain to a user-specified UDP port for custom/private protocol testing
• Fix update on Debian 13 — self-update no longer fails with "text file busy"
• Debug logging — SOCKS5 auth logs credential count on startup and failed auth attempts
• Config URI version bumped to v22 with SSH payload field

Usage

# StunTLS tunnel
sudo slipgate tunnel add --transport stuntls --tag mytls

# External DNS routing
sudo slipgate tunnel add --transport external --tag my-proto --domain j.example.com
# → prompts for target UDP port

Binaries

• slipgate-linux-amd64 — x86_64
• slipgate-linux-arm64 — ARM64

SlipGate v1.5.1

Changes

• Remove DNS resolution section from diagnostics screen
• Fix VayDNS record type not exported in client config URI
• Show defaults in brackets for all interactive tunnel add prompts (MTU, idle timeout, keep alive, client ID size, queue size, port)
• Mark default record type in VayDNS select menus across all wizards
• Skip WARP prompt on re-run when already enabled

SlipGate v1.5.0

SlipGate v1.5.0

New Features

• slipgate diag — Built-in diagnostics command that checks services, ports, keys, DNS resolution, boot persistence, systemd-resolved stub, and orphaned services. Shows last 10 journal lines for any failing service.
• slipgate tunnel remove --all — Remove all tunnels at once with a single confirmation prompt.
• Auto-download transport binaries on tunnel add — No longer requires running install first; tunnel add downloads the binary if missing and sets up DNS infrastructure (port 53, systemd-resolved).

Bug Fixes

• Fix wizard key-sharing across transports — sharedDNSTTKey leaked across transport groups in quick wizard, causing "failed to copy private key" errors when mixing DNS and non-DNS transports with "both" backends (e.g. VayDNS + Slipstream).
• Fix DNS router not starting after reboot — Added After=systemd-resolved.service ordering so the DNS router waits for resolved to release port 53. Moved StartLimitBurst=0 to [Unit] section for wider systemd compatibility.
• Fix tunnel add missing DNS setup — tunnel add for DNS transports now opens port 53 in the firewall and disables systemd-resolved stub listener, matching the behavior of install and quick wizard.
• Fix diag false positives — Direct transports (SSH, SOCKS5) no longer flagged as missing services; WARP service no longer flagged as orphaned.

SlipGate v1.4.1

SlipGate v1.4.1

Bug Fixes

• Fix install wiping existing config — slipgate install no longer overwrites existing tunnels, users, and route settings
• Fix DNS router not starting on boot — service was never systemctl enabled, now persists across reboots
• Fix update binary loss — transport binaries are backed up before re-download; restored on failure instead of being deleted
• Fix restart order — tunnels restart before DNS router/SOCKS5, so tunnels are ready when the router comes back up

Features

• Tunnel tag renaming — slipgate tunnel edit --tag old --new-tag new renames tunnel directory, service, config, and route references
• Auto-deduplicate tags — wizard and install auto-suffix tags (-2, -3, etc.) when duplicates exist
• Shared keypair for "both" backend — tunnel add --backend both now shares the Curve25519 keypair across socks/ssh tunnels, matching wizard behavior
• VayDNS public key in install summary — shown alongside DNSTT keys at the end of install
• VayDNS tuning flags in tunnel add CLI — --idle-timeout, --keep-alive, --clientid-size, --queue-size

v1.4.0

SlipGate v1.4.0

New

• VayDNS transport — KCP-based DNS tunnel with Curve25519 encryption, configurable record type, idle timeout, keepalive, client ID size, and queue size
• Redesigned stats dashboard — 256-color palette, load average, uptime, peak/avg sparkline annotations, service status section, domain column in tunnel table
• WARP integration — optional Cloudflare WARP outbound routing

Improved

• All VayDNS parameters available on both tunnel add and tunnel edit CLI flags
• Select prompts default to first option on Enter, showing default in brackets
• VayDNS HMAC verification registered in DNS router
• Dev builds prefer dev releases for updates, fall back to stable
• Update command prints download URL for debugging
• Improved architecture diagram in README

Fixed

• TCPKeepAlive moved from sshd Match block to global settings (was causing sshd validation failure)
• system_install missing VayDNS transport case (caused "vaydns config is nil" on install)
• vaydns-server added to uninstall and update binary lists

v1.3.1

Fix

• Fix update command: slipgate update now regenerates systemd service files instead of only restarting them. This fixes the ENV-ERROR no TOR_PT_MANAGED_TRANSPORT_VER error when upgrading from v1.2 to v1.3.

Upgrading

Users experiencing the PT environment variable error should download this release and run slipgate update again. Existing tunnels and client configurations are preserved — no need to recreate anything.