Releases: iPythoning/SUIWARP
Releases · iPythoning/SUIWARP
v1.3.0 — Residential IP Mode: --no-warp Direct Exit
What's New
--no-warp flag for static residential IPs
Static residential IPs don't need Cloudflare WARP — they're already clean. This release adds a --no-warp (also --residential / --direct) flag that skips WARP entirely and routes traffic directly via your server IP.
# Standard (VPS/datacenter — WARP exit)
bash <(curl -sL https://raw.githubusercontent.com/iPythoning/SUIWARP/main/setup.sh)
# Residential IP — direct exit, no WARP
bash <(curl -sL https://raw.githubusercontent.com/iPythoning/SUIWARP/main/setup.sh) --no-warpWhat changes with --no-warp
| Component | Default (WARP) | --no-warp (Residential) |
|---|---|---|
| wireproxy / wgcf | Installed (~4MB) | Skipped |
| S-UI routing | final: warp |
final: direct |
| ShadowTLS outbound | WARP socks5 | Direct |
| systemd dependency | wireproxy-warp.service |
None |
| Exit IP | Cloudflare AS13335 | Your server IP |
When to use each mode
- VPS / datacenter IP → default (WARP hides your datacenter IP behind Cloudflare)
- Static residential IP →
--no-warp(residential is already premium; WARP would downgrade it to Cloudflare datacenter)
Full Changelog
- feat:
SKIP_WARPvariable + argument parser (--no-warp|--residential|--direct) - feat: Step 5 skipped in residential mode (no wireproxy/wgcf install)
- feat: Step 6 routes
final: directin residential mode - feat: ShadowTLS
shadowtls.jsonuses direct outbound in residential mode - feat:
suiwarp-shadowtls.serviceremovesWants=wireproxy-warp.servicein residential mode - feat: Summary shows "Direct Exit: IP (residential — no WARP)" vs "WARP Exit"
- docs: README updated with mode comparison table and architecture diagrams
Upgrade existing residential IP server
# Update S-UI routing to direct (one-liner)
python3 -c "
import sqlite3, json
DB = '/usr/local/s-ui/db/s-ui.db'
conn = sqlite3.connect(DB)
config = {'log': {'level': 'warn'}, 'dns': {'servers': [{'tag': 'cloudflare', 'address': 'tls://1.1.1.1', 'detour': 'direct'}], 'strategy': 'prefer_ipv4'}, 'route': {'rules': [{'protocol': ['dns'], 'action': 'hijack-dns'}, {'ip_is_private': True, 'outbound': 'direct'}], 'final': 'direct'}, 'experimental': {}}
conn.execute('UPDATE settings SET value=? WHERE key=?', (json.dumps(config, indent=2), 'config'))
conn.commit(); conn.close(); print('Done')
"
systemctl stop wireproxy-warp && systemctl disable wireproxy-warp
systemctl restart s-uiv1.2.0 - 10 Protocols: HTTPUpgrade + Port Hopping + ECH
SUIWARP v1.2.0
10 proxy protocol configurations — added HTTPUpgrade, Hysteria2 port hopping, and ECH documentation.
New in v1.2.0
- VLESS HTTPUpgrade (port 10443) — Lighter than WebSocket, uses HTTP Upgrade with Reality TLS. Lower overhead, harder to fingerprint.
- Hysteria2 Port Hopping (UDP 20000-40000) — iptables DNAT redirects 20K port range to Hysteria2 listener. Client randomly hops between ports, defeating QoS throttling.
- ECH (Encrypted Client Hello) — Cloudflare auto-enables ECH for CDN relay domains. SNI encrypted on supported clients (Chrome 130+, Firefox 128+).
All 10 Protocols
| # | Protocol | Port | Category |
|---|---|---|---|
| 1 | VLESS Reality Vision | 443/tcp | Covert |
| 2 | TUIC v5 | 443/udp | Low latency |
| 3 | Hysteria2 | 8443/udp | Max speed |
| 4 | VLESS Reality gRPC | 2053/tcp | Multiplexing |
| 5 | Trojan Reality | 8880/tcp | Classic |
| 6 | VLESS Reality WS | 2083/tcp | CDN compatible |
| 7 | VLESS CDN WS | 2052/tcp | IP hidden (CF) |
| 8 | ShadowTLS v3 + SS2022 | 9443/tcp | Anti-DPI |
| 9 | VLESS HTTPUpgrade | 10443/tcp | Stealth HTTP |
| 10 | Hysteria2 Port Hop | 20000-40000/udp | Anti-QoS |
Resource Usage
~60MB total (S-UI ~50MB + sing-box ~6MB + wireproxy ~4MB)
v1.1.0 - CDN Relay + ShadowTLS v3
SUIWARP v1.1.0
Now with 8 proxy protocols — added CDN relay and ShadowTLS v3 for maximum stealth.
New in v1.1.0
- CDN Relay (VLESS + WS + Cloudflare CDN) — Hide your server IP behind Cloudflare. Even if VPS IP is blocked, CDN relay still works. Port 2052.
- ShadowTLS v3 + Shadowsocks 2022 — Performs a real TLS handshake with legitimate sites (e.g., microsoft.com), making traffic indistinguishable from normal HTTPS. The most DPI-resistant protocol. Port 9443.
- Standalone sing-box 1.13.5 — Installed alongside S-UI for ShadowTLS support.
All 8 Protocols
| # | Protocol | Port | Best For |
|---|---|---|---|
| 1 | VLESS Reality Vision | 443/tcp | Daily driver |
| 2 | TUIC v5 | 443/udp | Low latency |
| 3 | Hysteria2 | 8443/udp | Max speed |
| 4 | VLESS Reality gRPC | 2053/tcp | Multiplexing |
| 5 | Trojan Reality | 8880/tcp | Classic |
| 6 | VLESS Reality WS | 2083/tcp | CDN compatible |
| 7 | VLESS CDN WS | 2052/tcp | IP hidden (CF CDN) |
| 8 | ShadowTLS v3 | 9443/tcp | Anti-DPI stealth |
Quick Start
bash <(curl -sL https://raw.githubusercontent.com/iPythoning/SUIWARP/main/setup.sh)Resource Usage
~60MB total RAM (S-UI ~50MB + sing-box ~6MB + wireproxy ~4MB)
v1.0.0 - Initial Release
SUIWARP v1.0.0
S-UI + Cloudflare WARP one-liner deployment.
Features
- One-command setup — deploy a full proxy server in ~2 minutes
- 6 proxy protocols — VLESS Reality Vision, TUIC v5, Hysteria2, VLESS gRPC, Trojan Reality, VLESS WS
- Free Cloudflare WARP exit — clean IP via wireproxy (~4MB RAM)
- Ultra-low footprint — ~54MB total RAM usage
- Auto-configured — firewall, swap, DNS, Reality keypair, client links
- Clean uninstall —
uninstall.shremoves everything
Quick Start
bash <(curl -sL https://raw.githubusercontent.com/iPythoning/SUIWARP/main/setup.sh)Requirements
- Ubuntu 20.04+ / Debian 11+ (x86_64 or ARM64)
- 1GB RAM minimum
- Root SSH access
Architecture
Client → S-UI (6 protocols) → wireproxy (SOCKS5) → Cloudflare WARP → Clean Exit IP