Skip to main content

Documentation Index

Fetch the complete documentation index at: https://e-gurl.mintlify.app/llms.txt

Use this file to discover all available pages before exploring further.

Overview

The Advanced Evasion Suite gives you access to the most effective censorship circumvention technologies currently available. Multiple protocols are supported, each working through different mechanisms — so you have options depending on your network conditions.

Available Tools

1. VLESS + REALITY (Most Effective)

Effectiveness: 99.5% success rate against Iran’s DPI The most effective protocol currently available. REALITY masks the TLS fingerprint by mimicking legitimate HTTPS connections to major websites. Best for: Daily use when maximum reliability is needed 
dns-mns singbox start --protocol vless \
  --server example.com:443 \
  --uuid YOUR_UUID \
  --public-key REALITY_KEY \
  --sni www.microsoft.com
Learn more →

2. Hysteria2 (QUIC + Salamander)

Effectiveness: 95%+ against Iran’s protocol filter QUIC-based proxy with Salamander obfuscation. Excellent performance for gaming and streaming due to QUIC’s congestion control. Best for: Gaming, streaming, low-latency needs 
dns-mns singbox start --protocol hysteria2 \
  --server gaming.example.com:443 \
  --password your-password
Learn more →

3. Other Sing-box Protocols

Access multiple protocols through sing-box integration:
  • VMess: Versatile proxy protocol
  • Trojan: HTTPS-masking proxy
  • ShadowTLS: Certificate stealing — hides traffic behind legitimate TLS handshakes
  • TUIC: QUIC-based alternative
# ShadowTLS via sing-box
dns-mns singbox start --protocol shadowtls \
  --server proxy.example.com:443 \
  --password secret

# VMess
dns-mns singbox start --protocol vmess \
  --server proxy.example.com:443 \
  --uuid YOUR_UUID

4. Tunnel Suite (DNSTT / Slipstream / Paqet)

DNS-MNS includes a unified Tunnel Suite (nested under Advanced Evasion) with profile-based tunnel operations:
  • Profile create/list/select/import/export
  • Resolver scan and health checks (with optional auto-switching)
  • Runtime start/stop/status/logs (requires upstream tunnel binaries installed in PATH)
CLI example: 
dns-mns tunnel profile create --name demo-dnstt --transport dnstt --mode client --remote 127.0.0.1:5300
dns-mns tunnel scan --name demo-dnstt
dns-mns tunnel test --name demo-dnstt
Learn more →

5. TLS Fragmentation

For: Breaking SNI-based blocking at the TCP/TLS layer Split the TLS ClientHello across multiple TCP segments, defeating SNI inspection. 
# Enable fragmentation on any proxy
dns-mns doh-proxy --fragment sni
dns-mns proxy --fragment sni --fingerprint firefox
Learn more →

Choosing the Right Protocol

SituationRecommended
Maximum reliabilityVLESS + REALITY
Gaming / low latencyHysteria2
Profile-based tunnelingTunnel Suite (DNSTT / Slipstream / Paqet)
HTTPS-looking trafficShadowTLS (via singbox)
SNI blockingTLS Fragmentation
UDP blockedHysteria2 or VLESS

Evasion Status

Check the status of all running evasion tools: 
# CLI mode
dns-mns singbox status

Configuration Examples

Scenario 1: Maximum Reliability

dns-mns singbox start --protocol vless \
  --server your-server.com:443 \
  --uuid your-uuid \
  --public-key your-key \
  --sni www.microsoft.com

Scenario 2: Maximum Stealth

# ShadowTLS via sing-box
dns-mns singbox start --protocol shadowtls \
  --server proxy.example.com:443 \
  --password secret

Scenario 3: Gaming / Low Latency

dns-mns singbox start --protocol hysteria2 \
  --server gaming.example.com:443 \
  --password your-password

Troubleshooting

All Protocols Failing

  1. Check basic connectivity: ping 1.1.1.1
  2. Run diagnostics: dns-mns diagnose
  3. Try a different network: Test on mobile hotspot
  4. Check system time: Incorrect time causes TLS failures

Protocol Connects but Slow

  1. Try a different server: Geographic distance affects speed
  2. Disable fragmentation: Try --fragment none for speed
  3. Switch protocol: Each protocol performs differently per network

Frequent Disconnections

  1. Check for QoS shaping: Try different ports (443, 8443)
  2. Use the fallback proxy: dns-mns proxy auto-switches protocols
  3. Run diagnostics: dns-mns diagnose > debug.txt
No single protocol works everywhere all the time. Try different options to find what works best for your specific network conditions.