Skip to main content

Overview

The Advanced Evasion Suite gives you access to the most effective censorship circumvention technologies currently available. Multiple protocols are supported, each working through different mechanisms — so you have options depending on your network conditions.

Available Tools

1. VLESS + REALITY (Most Effective)

Effectiveness: 99.5% success rate against Iran’s DPI The most effective protocol currently available. REALITY masks the TLS fingerprint by mimicking legitimate HTTPS connections to major websites. Best for: Daily use when maximum reliability is needed 
dns-mns singbox start --protocol vless \
  --server example.com:443 \
  --uuid YOUR_UUID \
  --public-key REALITY_KEY \
  --sni www.microsoft.com
Learn more →

2. Hysteria2 (QUIC + Salamander)

Effectiveness: 95%+ against Iran’s protocol filter QUIC-based proxy with Salamander obfuscation. Excellent performance for gaming and streaming due to QUIC’s congestion control. Best for: Gaming, streaming, low-latency needs 
dns-mns singbox start --protocol hysteria2 \
  --server gaming.example.com:443 \
  --password your-password
Learn more →

3. Other Sing-box Protocols

Access multiple protocols through sing-box integration:
  • VMess: Versatile proxy protocol
  • Trojan: HTTPS-masking proxy
  • ShadowTLS: Certificate stealing — hides traffic behind legitimate TLS handshakes
  • TUIC: QUIC-based alternative
# ShadowTLS via sing-box
dns-mns singbox start --protocol shadowtls \
  --server proxy.example.com:443 \
  --password secret

# VMess
dns-mns singbox start --protocol vmess \
  --server proxy.example.com:443 \
  --uuid YOUR_UUID

4. Tunnel Suite (DNSTT / Slipstream / Paqet)

DNS-MNS includes a unified Tunnel Suite (nested under Advanced Evasion) with profile-based tunnel operations:
  • Profile create/list/select/import/export
  • Resolver scan and health checks (with optional auto-switching)
  • Runtime start/stop/status/logs (requires upstream tunnel binaries installed in PATH)
CLI example: 
dns-mns tunnel profile create --name demo-dnstt --transport dnstt --mode client --remote 127.0.0.1:5300
dns-mns tunnel scan --name demo-dnstt
dns-mns tunnel test --name demo-dnstt
Learn more →

5. TLS Fragmentation

For: Breaking SNI-based blocking at the TCP/TLS layer Split the TLS ClientHello across multiple TCP segments, defeating SNI inspection. 
# Enable fragmentation on any proxy
dns-mns doh-proxy --fragment sni
dns-mns proxy --fragment sni --fingerprint firefox
Learn more →

Choosing the Right Protocol

SituationRecommended
Maximum reliabilityVLESS + REALITY
Gaming / low latencyHysteria2
Profile-based tunnelingTunnel Suite (DNSTT / Slipstream / Paqet)
HTTPS-looking trafficShadowTLS (via singbox)
SNI blockingTLS Fragmentation
UDP blockedHysteria2 or VLESS

Evasion Status

Check the status of all running evasion tools: 
# CLI mode
dns-mns singbox status

Configuration Examples

Scenario 1: Maximum Reliability

dns-mns singbox start --protocol vless \
  --server your-server.com:443 \
  --uuid your-uuid \
  --public-key your-key \
  --sni www.microsoft.com

Scenario 2: Maximum Stealth

# ShadowTLS via sing-box
dns-mns singbox start --protocol shadowtls \
  --server proxy.example.com:443 \
  --password secret

Scenario 3: Gaming / Low Latency

dns-mns singbox start --protocol hysteria2 \
  --server gaming.example.com:443 \
  --password your-password

Troubleshooting

All Protocols Failing

  1. Check basic connectivity: ping 1.1.1.1
  2. Run diagnostics: dns-mns diagnose
  3. Try a different network: Test on mobile hotspot
  4. Check system time: Incorrect time causes TLS failures

Protocol Connects but Slow

  1. Try a different server: Geographic distance affects speed
  2. Disable fragmentation: Try --fragment none for speed
  3. Switch protocol: Each protocol performs differently per network

Frequent Disconnections

  1. Check for QoS shaping: Try different ports (443, 8443)
  2. Use the fallback proxy: dns-mns proxy auto-switches protocols
  3. Run diagnostics: dns-mns diagnose > debug.txt
No single protocol works everywhere all the time. Try different options to find what works best for your specific network conditions.