v1.1.1
Aether v1.1.1
Aether is a user-space proxy client. It tunnels traffic out of a filtered network and exposes a local SOCKS5 proxy on 127.0.0.1:1819. Point a browser, terminal, or system proxy at that address and your traffic leaves through the tunnel.
What's new in v1.1.1:
- Real end-to-end data-plane validation for MASQUE (HTTP/3 and HTTP/2): a gateway is now only trusted once it has actually carried a probe packet round-trip, not just once the handshake and
:status 200came back. This fixes gateways that looked "connected" but silently dropped all traffic. - The local SOCKS5 proxy no longer opens until the tunnel has passed that validation, so applications can't start using a half-alive tunnel.
- Automatic reconnection for MASQUE: if the tunnel drops or fails validation, Aether rescans and reconnects on its own instead of exiting.
- Quick reconnect: Aether remembers the last gateway that worked and, on the next run, offers to reuse it after a single fast re-check instead of a full rescan. Controlled with --quick-reconnect / --no-quick-reconnect or AETHER_QUICK_RECONNECT.
- New command-line flag interface (aether --help) covering every option that was previously environment-variable-only or prompt-only: --bind, -4/-6/--dual, --peer/--wg-peer, --masque/--wg/--gool, --scan and mode shortcuts, --noize, --h2/--http2, --h2-peer, --fragment and friends, --keepalive, --config/--wg-config/--masque-config, --tls-groups, and more.
- Optional TLS ClientHello fragmentation for MASQUE's HTTP/2 transport (--fragment, --fragment-size, --fragment-delay), for networks that block the h2 handshake based on a single unfragmented ClientHello.
- Windows builds now ship with run-aether.bat: double-click it to run aether.exe in a terminal that stays open afterwards, so the window doesn't just vanish if the tunnel exits.
- Dropped the Windows arm64 build target: boringtun's dependency on ring 0.16 fails to compile on aarch64-pc-windows-msvc, and very few users run arm64 Windows. Windows x86_64 is unaffected.
- .gitignore now explicitly excludes all identity/credential files (aether*.toml, *-secondary.toml, *-lastconn.toml, *.pem, *.key) so a WireGuard private key or MASQUE certificate can never end up committed by accident.
This release includes prebuilt binaries for:
- Linux x86_64, built on Fedora latest (aether-linux-x86_64.tar.gz)
- Linux arm64 / aarch64, built on Fedora latest (aether-linux-arm64.tar.gz)
- Linux armv7 / 32-bit ARM, e.g. Raspberry Pi 2/3 (aether-linux-armv7.tar.gz)
- macOS arm64 / Apple Silicon (aether-macos-arm64.tar.gz)
- macOS x86_64 / Intel (aether-macos-x86_64.tar.gz)
- Windows x86_64 (aether-windows-x86_64.zip)
- Android / Termux arm64 (aether-android-arm64.tar.gz)
- Android / Termux armv7 (aether-android-armv7.tar.gz)
- Android / Termux x86_64 (aether-android-x86_64.tar.gz)
Each archive ships with a matching .sha256 file, and a combined SHA256SUMS.txt lists every checksum.
Quick start (Termux, one-line install):
curl -fsSL https://raw.githubusercontent.com/CluvexStudio/aether/main/aether.sh -o aether.sh && chmod +x aether.sh && ./aether.sh install
Quick start (Windows):
- Download aether-windows-x86_64.zip and extract it.
- Double-click run-aether.bat. It opens a terminal, runs aether.exe, and stays open afterwards so you can read any errors.
Quick start (other platforms):
- Download the archive for your platform and extract it.
- Run the binary and answer the prompts, or set the environment variables listed in the guides.
- Point your client at socks5h://127.0.0.1:1819 and verify with:
curl -x socks5h://127.0.0.1:1819 https://www.cloudflare.com/cdn-cgi/trace
Verify a download (Linux/macOS):
sha256sum -c aether-linux-x86_64.tar.gz.sha256
See README.md and the Docs directory for transport selection, obfuscation profiles, the HTTP/2 vs HTTP/3 choice in MASQUE, and the full environment-variable reference.
What's Changed
- adding dockerfile and documentation by @AzureLeMoon in #5
New Contributors
- @AzureLeMoon made their first contribution in #5
Full Changelog: v1.0.1...v1.1.1