Internet access that can't be blocked
Six stealth protocols that disguise your VPN traffic as normal DNS queries or HTTPS browsing. Confirmed working in Iran, China, Russia, and every other censored network we've tested. Most VPN providers offer zero censorship solutions. We offer six.
Included with every PremierVPN subscription. No extra charge.
Standard VPNs don't work in censored countries
Governments in Iran, China, Russia, and dozens of other countries use Deep Packet Inspection (DPI) to detect and block VPN traffic. WireGuard, OpenVPN, and IKEv2 are all identifiable and routinely blocked. You need something they can't see.
VPNs Get Blocked
Standard VPN protocols have distinct traffic patterns that DPI systems identify and block within seconds.
IPs Get Blacklisted
Known VPN server IP addresses are added to national blocklists. Connecting to a VPN server IP simply doesn't work.
We Bypass Everything
Our tunnels hide your traffic inside protocols that governments can't block without breaking the internet itself.
Your traffic hides in plain sight
Instead of connecting to a VPN server directly, our tunnels wrap your internet traffic inside everyday protocols that censorship systems can't distinguish from normal activity.
You connect
Open SlipNet on your phone and tap Connect. Your traffic is encrypted and wrapped inside DNS queries or HTTPS requests.
Filters see nothing
The government's DPI system sees normal DNS traffic or a regular HTTPS website visit. There's nothing to detect or block.
You're online
Our servers in Germany and Finland unwrap your traffic and connect you to the open internet. Full speed, full access.
Six ways past any firewall
Each protocol uses a different evasion technique. If one gets detected, switch to another. Your subscription includes all six — most VPN providers offer none.
DNSTT
RecommendedEncrypted DNS Tunnel — The Default Choice
DNSTT hides your internet traffic inside DNS queries — the system every device uses to look up website addresses. DNS is so fundamental to how the internet works that no government can block it without shutting down their entire network. Your encrypted data rides inside what looks like completely normal DNS lookups.
Each packet is encrypted with Curve25519 keys before being embedded in DNS records. The traffic pattern is indistinguishable from a busy DNS resolver handling millions of legitimate queries. DNSTT has been battle-tested in Iran through multiple internet shutdown events and has never been successfully blocked.
Best for: Everyday use in Iran, China, and any country that blocks VPNs. Start here — switch to others only if needed.
Slipstream
QUIC-over-DNS — Maximum Speed
Slipstream is our fastest DNS tunnel protocol. It uses QUIC — the same protocol that powers HTTP/3 and Google's infrastructure — tunnelled inside DNS queries. The result is significantly higher throughput than DNSTT while maintaining the same DNS-based stealth.
QUIC's built-in multiplexing and connection migration mean Slipstream handles packet loss gracefully and can seamlessly switch between networks (e.g. Wi-Fi to mobile data) without dropping your connection. It's the best option when network conditions are good and you need speed for video calls or streaming.
Best for: Video calls, streaming, and large downloads on networks where DNS tunnels aren't yet detected.
VayDNS
Maximum StealthKCP-over-DNS — Advanced DPI Evasion
VayDNS is our most advanced anti-detection protocol. It uses KCP (a UDP-based reliable transport) tunnelled through DNS, with a tunable wire format that can be adjusted to evade even the most sophisticated DPI systems. The protocol supports multiple DNS record types (TXT, CNAME, A, AAAA, MX, NS, SRV, NULL, CAA) and can switch between them on the fly.
When Iran or China upgrades their censorship infrastructure to detect one tunnelling pattern, VayDNS can be reconfigured to use a different record type, query size, and timing pattern — without changing anything on your phone. This adaptability makes it the last resort when everything else has been fingerprinted.
Best for: When DNSTT has been detected. Networks with advanced DNS tunnel detection. The hardest protocol to fingerprint.
NaiveProxy
Works on iOSHTTPS Proxy — Indistinguishable from Web Browsing
NaiveProxy takes a completely different approach. Instead of DNS tunnelling, it disguises your traffic as normal HTTPS website browsing. It runs on top of Caddy (a production web server) with a real Let's Encrypt TLS certificate. When anyone — including a censor — connects to the server, they see a perfectly normal website.
The proxy uses Chromium's network stack internally, so the TLS fingerprint matches a genuine Chrome browser. Active probing (where censors connect to suspicious servers to test if they're proxies) returns a legitimate decoy website. NaiveProxy is also the only protocol in our suite that works on iOS via the Shadowrocket app.
Best for: When DNS-based tunnels are blocked. iOS users (via Shadowrocket). Networks that only allow HTTPS traffic.
StunTLS
SSH-over-TLS — No Domain Required
StunTLS wraps an SSH tunnel inside TLS encryption, with optional WebSocket transport for CDN compatibility. Unlike the DNS-based protocols, StunTLS doesn't require any domain configuration — it connects directly to the server IP over port 8443. This makes it the simplest to deploy as a fallback.
The TLS layer ensures the connection looks like encrypted web traffic, while the SSH layer provides secure, authenticated tunnelling with zero DNS leaks. StunTLS is particularly useful in corporate environments where DNS traffic is filtered through local resolvers.
Best for: Corporate networks. Quick fallback when DNS tunnels aren't available. Environments with local DNS filtering.
NoizDNS
DNSTT with DPI Evasion — Client-Side Obfuscation
NoizDNS uses the same server infrastructure as DNSTT but enables additional client-side obfuscation. The SlipNet app adds noise to the DNS query timing and size patterns, making it harder for statistical analysis to identify the tunnel. The server handles both DNSTT and NoizDNS clients on the same port — the difference is entirely in how the client shapes its traffic.
Best for: When DNSTT is detected via traffic analysis. Slightly slower than DNSTT due to noise injection, but significantly harder to fingerprint.
Protocol comparison
Choose the right protocol for your situation.
| Protocol | Speed | Stealth | Port | Android | iOS | Use When |
|---|---|---|---|---|---|---|
| DNSTT | ●●●○ | ●●●○ | 53/udp | ✓ | — | Default — start here |
| Slipstream | ●●●● | ●●○○ | 53/udp | ✓ | — | Need speed (video/streaming) |
| VayDNS | ●●●○ | ●●●● | 53/udp | ✓ | — | DNSTT detected — maximum stealth |
| NaiveProxy | ●●●● | ●●●○ | 443/tcp | ✓ | ✓ | DNS blocked — HTTPS still works |
| StunTLS | ●●●○ | ●●●○ | 8443/tcp | ✓ | — | Quick fallback — no domain needed |
| NoizDNS | ●●○○ | ●●●● | 53/udp | ✓ | — | Traffic analysis detection |
Tunnel servers optimised for the Middle East
Our anti-censorship servers are located in Germany and Finland — the optimal locations for low-latency connections from Iran and surrounding regions.
Germany
Frankfurt — Low latency to Iran, Turkey, and the Middle East. No port restrictions.
Finland
Helsinki — Alternative route. Strong privacy laws. Excellent peering to Russia and Central Asia.
Why most VPN providers can't offer this
Running anti-censorship tunnels requires dedicated infrastructure, custom DNS routing, and deep expertise in evasion techniques. Most VPN providers rely on standard protocols and hope for the best. We built something different.
6 Protocols
Most VPNs offer zero anti-censorship protocols. We offer six, each using a different evasion technique.
Included Free
Anti-censorship tunnels are included with every VPN subscription. No add-ons, no extra fees, no tiers.
Battle-Tested
Confirmed working during Iran's internet shutdowns and China's Golden Shield upgrades. Real-world proven.
Instant Fallback
One protocol blocked? Switch to another in seconds. All six are pre-configured and ready in the app.
Available on Android — with iOS support via NaiveProxy
The DNS-based tunnel protocols (DNSTT, Slipstream, VayDNS, NoizDNS, StunTLS) are currently available on Android via the free SlipNet app. iOS users can connect using NaiveProxy through the Shadowrocket app.
Android
All 6 protocols available
Download the free SlipNet app, import your connection URIs from the PremierVPN portal, and connect. All six protocols are available with one-tap switching.
iOS
NaiveProxy via Shadowrocket
iOS users can connect using NaiveProxy through the Shadowrocket app (available on the App Store). NaiveProxy disguises traffic as normal HTTPS browsing — fast, reliable, and undetectable. We also offer VLESS + Reality as an additional iOS option.
Get unrestricted internet access today
Anti-censorship tunnels are included free with every PremierVPN subscription. Six protocols, two server locations, unlimited switching. Start with any VPN plan.
Frequently asked questions
Yes. Our DNS tunnelling protocols (DNSTT, VayDNS, Slipstream) have been confirmed working during every major internet restriction event in Iran. NaiveProxy provides an additional HTTPS-based fallback. We maintain servers in Germany and Finland specifically optimised for low-latency connections from the Middle East.
Yes. The Great Firewall uses some of the most advanced DPI technology in the world. Our NaiveProxy protocol — which uses Chromium's TLS fingerprint and serves a real decoy website — is specifically designed to resist active probing, which is China's primary detection method. VayDNS provides a DNS-based alternative with adaptive evasion.
DNS tunnelling is inherently slower than WireGuard or OpenVPN because traffic is encapsulated inside DNS queries, which adds overhead. For browsing, messaging, and social media, the speed is more than sufficient. For video calls, we recommend Slipstream (our fastest DNS protocol) or NaiveProxy (which runs over HTTPS at near-native speeds).
Start with DNSTT — it's the most reliable and works in almost every situation. If it gets detected or blocked, switch to VayDNS (maximum stealth) or NaiveProxy (HTTPS-based, different evasion technique entirely). All six protocols are pre-configured in the app.
NaiveProxy works on iOS via the Shadowrocket app (available on the App Store). The DNS-based protocols (DNSTT, Slipstream, VayDNS) currently require the SlipNet Android app. We also offer VLESS + Reality as an alternative for iOS users.
Yes. Anti-censorship tunnels are included free with every PremierVPN subscription — Personal, Premium, and Business. No add-ons or extra charges.
No. DNS tunnel traffic is indistinguishable from normal DNS queries. NaiveProxy traffic is indistinguishable from normal HTTPS browsing. Your ISP sees only everyday internet activity — they cannot detect that a tunnel is active.
Your tunnel credentials work on one device at a time per server. You can activate connections on both the Germany and Finland servers simultaneously. Each server supports all six protocols.