Understanding the 6 Protocols
Overview
SlipNet offers 6 different anti-censorship protocols. Each one uses a different technique to bypass internet censorship. They all achieve the same goal — getting you online — but they work in different ways. If one protocol gets detected or blocked, you can switch to another.
DNSTT — The Recommended Default
What it does: Hides your encrypted internet traffic inside DNS queries using Curve25519 encryption.
How it works: Every device on the internet uses DNS (Domain Name System) to look up website addresses. DNSTT embeds your VPN traffic inside these DNS lookups. To a censor, it looks like your device is making normal DNS queries — which every device does thousands of times per day.
Speed: Medium
Stealth: High
Best for: Everyday use. Start with this protocol. It's the most reliable and has worked through every Iranian internet shutdown we've tested.
Platform: Android (SlipNet app)
Slipstream — The Fastest
What it does: Uses the QUIC protocol (the same technology behind HTTP/3 and Google's infrastructure) tunnelled through DNS.
How it works: QUIC provides better performance than standard DNS tunnelling because it handles packet loss more gracefully and can seamlessly switch between networks (e.g. Wi-Fi to mobile data) without dropping your connection.
Speed: Fast (best of all DNS tunnel protocols)
Stealth: Moderate
Best for: Video calls, streaming, and large downloads when you need better speed.
Platform: Android (SlipNet app)
VayDNS — Maximum Stealth
What it does: Uses the KCP protocol over DNS with advanced DPI evasion features. Supports 9 different DNS record types that can be switched on the fly.
How it works: If Iran's censorship system learns to detect one type of DNS tunnel pattern, VayDNS can switch to a completely different DNS record type without any changes on your phone. This adaptability makes it the hardest protocol to fingerprint.
Speed: Medium
Stealth: Maximum
Best for: When DNSTT has been detected. The most advanced evasion protocol available.
Platform: Android (SlipNet app)
NaiveProxy — HTTPS Disguise (iOS + Android)
What it does: Disguises your traffic as normal HTTPS website browsing instead of using DNS tunnelling.
How it works: NaiveProxy runs on a real web server with a genuine TLS certificate. Your traffic uses the same encryption and browser fingerprint as Google Chrome. If anyone — including a censor — inspects the connection or visits the server directly, they see a completely normal website. This is the only protocol that works on iOS.
Speed: Fast (near-native HTTPS speeds)
Stealth: High
Best for: When DNS-based protocols are blocked. iOS users. Networks that only allow HTTPS traffic.
Platform: Android (SlipNet app) + iOS (via Shadowrocket)
StunTLS — SSH over TLS
What it does: Wraps an SSH tunnel inside TLS encryption, with optional WebSocket transport.
How it works: StunTLS connects directly to the server IP over port 8443 — it doesn't need any domain configuration. The TLS layer makes the connection look like encrypted web traffic. Useful as a quick fallback.
Speed: Medium
Stealth: High
Best for: Quick fallback. Corporate networks. Environments where DNS is filtered through local resolvers.
Platform: Android (SlipNet app)
NoizDNS — Anti-Statistical Analysis
What it does: Identical to DNSTT on the server side, but the SlipNet app adds traffic noise to defeat statistical analysis.
How it works: Advanced censorship systems can detect DNS tunnels by analysing the timing and size patterns of DNS queries. NoizDNS randomises these patterns by injecting noise, making statistical fingerprinting much harder.
Speed: Slower than DNSTT (due to noise injection)
Stealth: Maximum
Best for: When DNSTT is detected via traffic pattern analysis rather than protocol fingerprinting.
Platform: Android (SlipNet app)