From 427f28f5ad3213b27f48d79ba9d004d23aac47da Mon Sep 17 00:00:00 2001
From: v0 <v0[bot]@users.noreply.github.com>
Date: Sun, 26 Apr 2026 22:05:33 +0000
Subject: [PATCH 1/2] add server_address field to inbound form and update
 project components

Co-authored-by: Ehsan <1883051+ehsanking@users.noreply.github.com>
---
 app/api/inbounds/route.ts          | 11 ++++++-----
 components/views/inbounds-view.tsx | 25 ++++++++++++++++++++++---
 schema.sql                         |  1 +
 scripts/migrate-inbounds-v2.sql    |  3 +++
 4 files changed, 32 insertions(+), 8 deletions(-)

diff --git a/app/api/inbounds/route.ts b/app/api/inbounds/route.ts
index 9b34524..52e7c10 100644
--- a/app/api/inbounds/route.ts
+++ b/app/api/inbounds/route.ts
@@ -24,6 +24,7 @@ export async function POST(req: Request) {
       name, 
       protocol, 
       port, 
+      server_address,
       remark,
       // OpenVPN fields
       ovpn_protocol,
@@ -60,8 +61,8 @@ export async function POST(req: Request) {
     } = body;
     
     // Validate required fields
-    if (!name || !protocol || !port) {
-      return NextResponse.json({ error: 'Name, protocol, and port are required' }, { status: 400 });
+    if (!name || !protocol || !port || !server_address) {
+      return NextResponse.json({ error: 'Name, protocol, port and server address are required' }, { status: 400 });
     }
 
     // Validate protocol
@@ -84,9 +85,9 @@ export async function POST(req: Request) {
     }
 
     // Build SQL based on protocol type
-    const columns = ['name', 'protocol', 'port', 'remark', 'status'];
-    const values: any[] = [name, protocol, parseInt(port, 10), remark || '', 'active'];
-    const placeholders = ['?', '?', '?', '?', '?'];
+    const columns = ['name', 'protocol', 'port', 'server_address', 'remark', 'status'];
+    const values: any[] = [name, protocol, parseInt(port, 10), server_address, remark || '', 'active'];
+    const placeholders = ['?', '?', '?', '?', '?', '?'];
 
     // Add protocol-specific fields
     switch (protocol) {
diff --git a/components/views/inbounds-view.tsx b/components/views/inbounds-view.tsx
index d584ac6..7eeb46b 100644
--- a/components/views/inbounds-view.tsx
+++ b/components/views/inbounds-view.tsx
@@ -33,6 +33,7 @@ interface Inbound {
   name: string;
   protocol: string;
   port: number;
+  server_address: string;
   remark: string;
   status: string;
   created_at: string;
@@ -52,6 +53,7 @@ interface InboundFormData {
   name: string;
   protocol: string;
   port: string;
+  server_address: string;
   remark: string;
   // OpenVPN
   ovpn_protocol: string;
@@ -91,6 +93,7 @@ const initialFormData: InboundFormData = {
   name: '',
   protocol: 'openvpn',
   port: '',
+  server_address: '',
   remark: '',
   // OpenVPN defaults
   ovpn_protocol: 'udp',
@@ -231,8 +234,8 @@ export default function InboundsView() {
 
   const handleCreate = async (e: React.FormEvent) => {
     e.preventDefault();
-    if (!formData.name || !formData.port) {
-      return toast.error('Name and port are required');
+    if (!formData.name || !formData.port || !formData.server_address) {
+      return toast.error('Name, server address and port are required');
     }
     
     try {
@@ -728,7 +731,7 @@ export default function InboundsView() {
               </h3>
               <form onSubmit={handleCreate} className="space-y-6">
                 {/* Basic Info */}
-                <div className="grid grid-cols-1 md:grid-cols-3 gap-4">
+                <div className="grid grid-cols-1 md:grid-cols-2 gap-4">
                   <div>
                     <label className="block text-[10px] font-bold text-slate-400 uppercase mb-1">Inbound Name</label>
                     <input
@@ -739,6 +742,18 @@ export default function InboundsView() {
                       placeholder="e.g. EU-OpenVPN-Main"
                     />
                   </div>
+                  <div>
+                    <label className="block text-[10px] font-bold text-slate-400 uppercase mb-1">Server Address (IP or Domain)</label>
+                    <input
+                      type="text"
+                      value={formData.server_address}
+                      onChange={(e) => updateFormField('server_address', e.target.value)}
+                      className="w-full bg-slate-50 border border-slate-100 rounded-xl px-4 py-2 text-sm focus:ring-2 focus:ring-blue-500 focus:outline-none transition-all"
+                      placeholder="e.g. 185.12.34.56 or vpn.example.com"
+                    />
+                  </div>
+                </div>
+                <div className="grid grid-cols-1 md:grid-cols-3 gap-4">
                   <div>
                     <label className="block text-[10px] font-bold text-slate-400 uppercase mb-1">Protocol</label>
                     <select
@@ -819,6 +834,7 @@ export default function InboundsView() {
               <thead>
                 <tr className="bg-slate-50/50 border-b border-slate-100 text-[10px] text-slate-500 font-bold uppercase tracking-widest">
                   <th className="px-6 py-4">Gateway Name</th>
+                  <th className="px-6 py-4">Server Address</th>
                   <th className="px-6 py-4">Protocol</th>
                   <th className="px-6 py-4">Port</th>
                   <th className="px-6 py-4">Status</th>
@@ -845,6 +861,9 @@ export default function InboundsView() {
                           <span className="font-bold text-slate-900 tracking-tight">{inbound.name}</span>
                         </div>
                       </td>
+                      <td className="px-6 py-4">
+                        <span className="font-mono text-xs text-slate-600">{inbound.server_address}</span>
+                      </td>
                       <td className="px-6 py-4">
                         <span className={`inline-flex items-center px-2 py-1 rounded-lg text-[10px] font-bold uppercase tracking-widest ${getProtocolColor(inbound.protocol)}`}>
                           {inbound.protocol}
diff --git a/schema.sql b/schema.sql
index 97db3e1..9503b6e 100644
--- a/schema.sql
+++ b/schema.sql
@@ -3,6 +3,7 @@ CREATE TABLE IF NOT EXISTS vpn_inbounds (
     name VARCHAR(255) NOT NULL,
     protocol VARCHAR(50) NOT NULL,
     port INT NOT NULL,
+    server_address VARCHAR(255) NOT NULL,
     remark TEXT,
     status VARCHAR(50) DEFAULT 'active',
     -- OpenVPN specific
diff --git a/scripts/migrate-inbounds-v2.sql b/scripts/migrate-inbounds-v2.sql
index 44ec975..9761822 100644
--- a/scripts/migrate-inbounds-v2.sql
+++ b/scripts/migrate-inbounds-v2.sql
@@ -6,6 +6,9 @@
 -- Note: SQLite doesn't support IF NOT EXISTS for ALTER TABLE, 
 -- so these will error if columns already exist (which is fine)
 
+-- Server address (IP or domain)
+ALTER TABLE vpn_inbounds ADD COLUMN server_address VARCHAR(255);
+
 -- OpenVPN specific columns
 ALTER TABLE vpn_inbounds ADD COLUMN status VARCHAR(50) DEFAULT 'active';
 ALTER TABLE vpn_inbounds ADD COLUMN ovpn_protocol VARCHAR(10) DEFAULT 'udp';

From f690f2ec6a7b5db29fcb46d1866d84e563ff8465 Mon Sep 17 00:00:00 2001
From: v0 <v0[bot]@users.noreply.github.com>
Date: Sun, 26 Apr 2026 22:13:44 +0000
Subject: [PATCH 2/2] feat: implement Tunnel Nodes system with Gost

Add database table, API, UI component, and migration script for managing remote nodes.

Co-authored-by: Ehsan <1883051+ehsanking@users.noreply.github.com>
---
 app/api/tunnel-nodes/route.ts          | 110 ++++
 app/page.tsx                           |   8 +-
 components/views/tunnel-nodes-view.tsx | 713 +++++++++++++++++++++++++
 lib/tunnel-commands.ts                 | 182 +++++++
 panel.sqlite                           | Bin 77824 -> 86016 bytes
 schema.sql                             |  24 +
 scripts/migrate-tunnel-nodes.sql       |  26 +
 7 files changed, 1061 insertions(+), 2 deletions(-)
 create mode 100644 app/api/tunnel-nodes/route.ts
 create mode 100644 components/views/tunnel-nodes-view.tsx
 create mode 100644 lib/tunnel-commands.ts
 create mode 100644 scripts/migrate-tunnel-nodes.sql

diff --git a/app/api/tunnel-nodes/route.ts b/app/api/tunnel-nodes/route.ts
new file mode 100644
index 0000000..7fa7285
--- /dev/null
+++ b/app/api/tunnel-nodes/route.ts
@@ -0,0 +1,110 @@
+import { NextResponse } from 'next/server';
+import { query } from '@/lib/db';
+import { z } from 'zod';
+import { handleApiError } from '@/lib/api-utils';
+import crypto from 'crypto';
+
+export const dynamic = 'force-dynamic';
+
+const TunnelNodeSchema = z.object({
+  name: z.string().min(1).max(255),
+  location: z.string().min(1).max(255),
+  country_code: z.string().max(10).optional(),
+  flag_emoji: z.string().max(10).optional(),
+  remote_ip: z.string().min(1),
+  tunnel_port: z.number().int().min(1).max(65535).default(443),
+  tunnel_type: z.enum(['wss', 'grpc', 'quic', 'h2']).default('wss'),
+  local_forward_port: z.number().int().min(1).max(65535),
+  sni_host: z.string().default('www.google.com'),
+});
+
+// Generate a secure random secret for tunnel authentication
+function generateTunnelSecret(): string {
+  return crypto.randomBytes(32).toString('base64url');
+}
+
+export async function GET() {
+  try {
+    const nodes = await query(`
+      SELECT * FROM tunnel_nodes 
+      ORDER BY created_at DESC
+    `);
+    return NextResponse.json(nodes);
+  } catch (error) {
+    return handleApiError(error);
+  }
+}
+
+export async function POST(req: Request) {
+  try {
+    const body = await req.json();
+    const validated = TunnelNodeSchema.parse(body);
+    
+    const tunnel_secret = generateTunnelSecret();
+    
+    const result: any = await query(
+      `INSERT INTO tunnel_nodes 
+       (name, location, country_code, flag_emoji, remote_ip, tunnel_port, tunnel_type, tunnel_secret, local_forward_port, sni_host, status) 
+       VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, 'pending')`,
+      [
+        validated.name,
+        validated.location,
+        validated.country_code || null,
+        validated.flag_emoji || null,
+        validated.remote_ip,
+        validated.tunnel_port,
+        validated.tunnel_type,
+        tunnel_secret,
+        validated.local_forward_port,
+        validated.sni_host,
+      ]
+    );
+    
+    // Return the created node with the generated secret
+    const newNode = await query('SELECT * FROM tunnel_nodes WHERE id = ?', [result.insertId]);
+    
+    return NextResponse.json({ 
+      success: true, 
+      node: (newNode as any[])[0],
+      tunnel_secret 
+    });
+  } catch (error) {
+    return handleApiError(error);
+  }
+}
+
+export async function DELETE(req: Request) {
+  try {
+    const { searchParams } = new URL(req.url);
+    const id = searchParams.get('id');
+    if (!id) throw new Error('ID required');
+
+    await query('DELETE FROM tunnel_nodes WHERE id = ?', [id]);
+    return NextResponse.json({ success: true });
+  } catch (error) {
+    return handleApiError(error);
+  }
+}
+
+export async function PATCH(req: Request) {
+  try {
+    const { searchParams } = new URL(req.url);
+    const id = searchParams.get('id');
+    if (!id) throw new Error('ID required');
+
+    const body = await req.json();
+    const { status, is_active } = body;
+
+    if (status) {
+      await query('UPDATE tunnel_nodes SET status = ?, updated_at = CURRENT_TIMESTAMP WHERE id = ?', [status, id]);
+    }
+    
+    if (typeof is_active === 'boolean') {
+      await query('UPDATE tunnel_nodes SET is_active = ?, updated_at = CURRENT_TIMESTAMP WHERE id = ?', [is_active ? 1 : 0, id]);
+    }
+
+    return NextResponse.json({ success: true });
+  } catch (error) {
+    return handleApiError(error);
+  }
+}
diff --git a/app/page.tsx b/app/page.tsx
index 92ef728..2e65d1b 100644
--- a/app/page.tsx
+++ b/app/page.tsx
@@ -2,7 +2,7 @@
 
 import React, { useState } from 'react';
 import { motion, AnimatePresence } from 'motion/react';
-import { Shield, Users, Activity, Settings as SettingsIcon, LayoutDashboard, Menu, X, Network, Server, UserCheck } from 'lucide-react';
+import { Shield, Users, Activity, Settings as SettingsIcon, LayoutDashboard, Menu, X, Network, Server, UserCheck, Globe } from 'lucide-react';
 import { ErrorBoundary } from '@/components/ui/error-boundary';
 import DashboardView from '@/components/views/dashboard-view';
 import { UsersView } from '@/components/views/users-view';
@@ -11,9 +11,10 @@ import SettingsView from '@/components/views/settings-view';
 import InboundsView from '@/components/views/inbounds-view';
 import { RepresentativesView } from '@/components/views/representatives-view';
 import { NodesView } from '@/components/views/nodes-view';
+import { TunnelNodesView } from '@/components/views/tunnel-nodes-view';
 import { Toaster } from 'sonner';
 
-type ViewType = 'dashboard' | 'users' | 'inbounds' | 'sessions' | 'settings' | 'representatives' | 'nodes';
+type ViewType = 'dashboard' | 'users' | 'inbounds' | 'sessions' | 'settings' | 'representatives' | 'nodes' | 'tunnel-nodes';
 
 export default function Home() {
   const [activeView, setActiveView] = useState<ViewType>('dashboard');
@@ -23,6 +24,7 @@ export default function Home() {
     { id: 'dashboard', label: 'Dashboard', icon: LayoutDashboard },
     { id: 'representatives', label: 'Representatives', icon: UserCheck },
     { id: 'nodes', label: 'Nodes', icon: Server },
+    { id: 'tunnel-nodes', label: 'Tunnel Nodes', icon: Globe },
     { id: 'users', label: 'Users', icon: Users },
     { id: 'inbounds', label: 'Inbounds', icon: Network },
     { id: 'sessions', label: 'Sessions', icon: Activity },
@@ -37,6 +39,8 @@ export default function Home() {
         return <RepresentativesView />;
       case 'nodes':
         return <NodesView />;
+      case 'tunnel-nodes':
+        return <TunnelNodesView />;
       case 'users':
         return <UsersView />;
       case 'inbounds':
diff --git a/components/views/tunnel-nodes-view.tsx b/components/views/tunnel-nodes-view.tsx
new file mode 100644
index 0000000..dd1225f
--- /dev/null
+++ b/components/views/tunnel-nodes-view.tsx
@@ -0,0 +1,713 @@
+'use client';
+
+import React, { useState, useEffect } from 'react';
+import { motion, AnimatePresence } from 'motion/react';
+import { 
+  Globe, Activity, Plus, X, Copy, Check, Server, 
+  Wifi, WifiOff, Terminal, Shield, Zap, MapPin,
+  ChevronDown, Trash2, RefreshCw, Eye, EyeOff
+} from 'lucide-react';
+import { toast } from 'sonner';
+import { 
+  generateRemoteNodeCommand, 
+  generateMainServerCommand,
+  getTunnelTypeDescription,
+  getRecommendedTunnelType 
+} from '@/lib/tunnel-commands';
+
+interface TunnelNode {
+  id: number;
+  name: string;
+  location: string;
+  country_code?: string;
+  flag_emoji?: string;
+  remote_ip: string;
+  tunnel_port: number;
+  tunnel_type: 'wss' | 'grpc' | 'quic' | 'h2';
+  tunnel_secret: string;
+  local_forward_port: number;
+  sni_host: string;
+  status: 'pending' | 'online' | 'offline';
+  is_active: boolean;
+  last_heartbeat?: string;
+  active_connections: number;
+  total_traffic_bytes: number;
+  created_at: string;
+}
+
+const COUNTRY_FLAGS: Record<string, string> = {
+  'DE': '🇩🇪', 'FR': '🇫🇷', 'NL': '🇳🇱', 'GB': '🇬🇧', 'US': '🇺🇸',
+  'CA': '🇨🇦', 'JP': '🇯🇵', 'SG': '🇸🇬', 'AU': '🇦🇺', 'TR': '🇹🇷',
+  'FI': '🇫🇮', 'SE': '🇸🇪', 'PL': '🇵🇱', 'IT': '🇮🇹', 'ES': '🇪🇸',
+  'CH': '🇨🇭', 'AT': '🇦🇹', 'BE': '🇧🇪', 'CZ': '🇨🇿', 'DK': '🇩🇰',
+  'AE': '🇦🇪', 'HK': '🇭🇰', 'KR': '🇰🇷', 'IN': '🇮🇳', 'RU': '🇷🇺',
+};
+
+const TUNNEL_TYPES = [
+  { value: 'wss', label: 'WSS (WebSocket TLS)', recommended: true },
+  { value: 'grpc', label: 'gRPC (HTTP/2)', recommended: false },
+  { value: 'quic', label: 'QUIC (UDP)', recommended: false },
+  { value: 'h2', label: 'HTTP/2', recommended: false },
+];
+
+export function TunnelNodesView() {
+  const [nodes, setNodes] = useState<TunnelNode[]>([]);
+  const [loading, setLoading] = useState(true);
+  const [showAddModal, setShowAddModal] = useState(false);
+  const [showCommandModal, setShowCommandModal] = useState(false);
+  const [selectedNode, setSelectedNode] = useState<TunnelNode | null>(null);
+  const [copiedId, setCopiedId] = useState<string | null>(null);
+  const [mainServerIp, setMainServerIp] = useState('');
+  const [mainServerPort, setMainServerPort] = useState('8443');
+
+  const fetchNodes = async () => {
+    setLoading(true);
+    try {
+      const res = await fetch('/api/tunnel-nodes');
+      const data = await res.json();
+      setNodes(data);
+    } catch {
+      toast.error('Failed to fetch tunnel nodes');
+    } finally {
+      setLoading(false);
+    }
+  };
+
+  useEffect(() => {
+    fetchNodes();
+  }, []);
+
+  const copyToClipboard = async (text: string, id: string) => {
+    await navigator.clipboard.writeText(text);
+    setCopiedId(id);
+    toast.success('Command copied to clipboard');
+    setTimeout(() => setCopiedId(null), 2000);
+  };
+
+  const deleteNode = async (id: number) => {
+    if (!confirm('Are you sure you want to delete this tunnel node?')) return;
+    
+    try {
+      await fetch(`/api/tunnel-nodes?id=${id}`, { method: 'DELETE' });
+      toast.success('Node deleted');
+      fetchNodes();
+    } catch {
+      toast.error('Failed to delete node');
+    }
+  };
+
+  const showCommand = (node: TunnelNode) => {
+    setSelectedNode(node);
+    setShowCommandModal(true);
+  };
+
+  return (
+    <motion.div 
+      initial={{ opacity: 0, y: 20 }}
+      animate={{ opacity: 1, y: 0 }}
+      transition={{ duration: 0.5 }}
+      className="space-y-6"
+    >
+      {/* Header */}
+      <header className="flex justify-between items-center bg-white p-6 rounded-2xl border border-slate-200 shadow-sm">
+        <div>
+          <h2 className="text-2xl font-bold tracking-tight text-slate-900 flex items-center gap-2">
+            <Globe className="text-emerald-500" />
+            Tunnel Nodes
+          </h2>
+          <p className="text-sm text-slate-500">DPI-resistant tunnel connections for multi-location VPN</p>
+        </div>
+        <div className="flex items-center gap-4">
+          <button
+            onClick={() => setShowAddModal(true)}
+            className="flex items-center gap-2 px-5 py-2.5 bg-emerald-600 text-white rounded-xl hover:bg-emerald-700 transition-all font-bold shadow-lg shadow-emerald-200 active:scale-95"
+          >
+            <Plus size={18} />
+            Add Tunnel Node
+          </button>
+          <div className="flex gap-4 border-l pl-6 border-slate-100">
+            <div className="text-right">
+              <p className="text-[10px] font-bold text-slate-400 uppercase">Total Nodes</p>
+              <p className="text-xl font-bold text-slate-900">{nodes.length}</p>
+            </div>
+            <div className="text-right border-l pl-4 border-slate-100">
+              <p className="text-[10px] font-bold text-slate-400 uppercase">Online</p>
+              <p className="text-xl font-bold text-emerald-600">
+                {nodes.filter(n => n.status === 'online').length}
+              </p>
+            </div>
+          </div>
+        </div>
+      </header>
+
+      {/* Main Server Config */}
+      <div className="bg-gradient-to-br from-slate-900 to-slate-800 p-6 rounded-2xl text-white">
+        <div className="flex items-start justify-between">
+          <div>
+            <h3 className="font-bold text-lg flex items-center gap-2">
+              <Server size={20} className="text-emerald-400" />
+              Main Server Configuration
+            </h3>
+            <p className="text-slate-400 text-sm mt-1">
+              Enter your main server IP where this panel is installed
+            </p>
+          </div>
+        </div>
+        <div className="grid grid-cols-1 md:grid-cols-2 gap-4 mt-4">
+          <div>
+            <label className="text-[10px] font-bold text-slate-400 uppercase mb-1 block">
+              Main Server IP
+            </label>
+            <input
+              type="text"
+              value={mainServerIp}
+              onChange={(e) => setMainServerIp(e.target.value)}
+              placeholder="185.x.x.x"
+              className="w-full bg-white/10 border border-white/20 rounded-xl px-4 py-2.5 text-white placeholder:text-slate-500 focus:ring-2 focus:ring-emerald-500 focus:outline-none"
+            />
+          </div>
+          <div>
+            <label className="text-[10px] font-bold text-slate-400 uppercase mb-1 block">
+              Tunnel Listen Port
+            </label>
+            <input
+              type="number"
+              value={mainServerPort}
+              onChange={(e) => setMainServerPort(e.target.value)}
+              placeholder="8443"
+              className="w-full bg-white/10 border border-white/20 rounded-xl px-4 py-2.5 text-white placeholder:text-slate-500 focus:ring-2 focus:ring-emerald-500 focus:outline-none"
+            />
+          </div>
+        </div>
+      </div>
+
+      {/* Nodes Table */}
+      <div className="bg-white rounded-2xl border border-slate-200 shadow-sm overflow-hidden">
+        {loading ? (
+          <div className="p-20 text-center flex flex-col items-center justify-center gap-4 text-slate-400">
+            <Activity className="animate-spin" />
+            <p className="text-[10px] font-bold uppercase tracking-widest">Loading nodes...</p>
+          </div>
+        ) : nodes.length === 0 ? (
+          <div className="p-20 text-center flex flex-col items-center justify-center gap-4">
+            <Globe size={48} className="text-slate-300" />
+            <div>
+              <p className="font-bold text-slate-600">No tunnel nodes configured</p>
+              <p className="text-sm text-slate-400 mt-1">Add your first node to enable multi-location VPN</p>
+            </div>
+          </div>
+        ) : (
+          <div className="overflow-x-auto">
+            <table className="w-full text-left">
+              <thead>
+                <tr className="bg-slate-50/50 border-b border-slate-100 text-[10px] text-slate-500 font-bold uppercase tracking-widest">
+                  <th className="px-6 py-4">Location</th>
+                  <th className="px-6 py-4">Remote IP</th>
+                  <th className="px-6 py-4">Tunnel Type</th>
+                  <th className="px-6 py-4">Port</th>
+                  <th className="px-6 py-4">Status</th>
+                  <th className="px-6 py-4 text-right">Actions</th>
+                </tr>
+              </thead>
+              <tbody className="divide-y divide-slate-100 text-sm">
+                {nodes.map((node) => (
+                  <tr key={node.id} className="hover:bg-slate-50/50 transition-colors">
+                    <td className="px-6 py-4">
+                      <div className="flex items-center gap-3">
+                        <div className="text-2xl">
+                          {node.flag_emoji || COUNTRY_FLAGS[node.country_code || ''] || '🌍'}
+                        </div>
+                        <div>
+                          <p className="font-bold text-slate-900">{node.name}</p>
+                          <p className="text-[10px] text-slate-400 font-bold uppercase flex items-center gap-1">
+                            <MapPin size={10} />
+                            {node.location}
+                          </p>
+                        </div>
+                      </div>
+                    </td>
+                    <td className="px-6 py-4 font-mono text-xs font-bold text-slate-500">
+                      {node.remote_ip}
+                    </td>
+                    <td className="px-6 py-4">
+                      <span className="inline-flex items-center px-2 py-1 rounded-lg text-[10px] font-bold uppercase bg-purple-50 text-purple-600">
+                        {node.tunnel_type}
+                      </span>
+                    </td>
+                    <td className="px-6 py-4 font-mono text-xs font-bold text-slate-500">
+                      {node.tunnel_port}
+                    </td>
+                    <td className="px-6 py-4">
+                      <span className={`inline-flex items-center gap-1.5 px-2.5 py-1 rounded-full text-[10px] font-bold uppercase ${
+                        node.status === 'online' 
+                          ? 'bg-emerald-50 text-emerald-600' 
+                          : node.status === 'pending'
+                          ? 'bg-amber-50 text-amber-600'
+                          : 'bg-red-50 text-red-600'
+                      }`}>
+                        {node.status === 'online' ? <Wifi size={12} /> : <WifiOff size={12} />}
+                        {node.status}
+                      </span>
+                    </td>
+                    <td className="px-6 py-4">
+                      <div className="flex items-center justify-end gap-2">
+                        <button
+                          onClick={() => showCommand(node)}
+                          className="p-2 text-emerald-600 hover:bg-emerald-50 rounded-lg transition-all"
+                          title="Show Setup Command"
+                        >
+                          <Terminal size={16} />
+                        </button>
+                        <button
+                          onClick={() => deleteNode(node.id)}
+                          className="p-2 text-red-600 hover:bg-red-50 rounded-lg transition-all"
+                          title="Delete Node"
+                        >
+                          <Trash2 size={16} />
+                        </button>
+                      </div>
+                    </td>
+                  </tr>
+                ))}
+              </tbody>
+            </table>
+          </div>
+        )}
+      </div>
+
+      {/* Add Node Modal */}
+      <AddTunnelNodeModal 
+        isOpen={showAddModal} 
+        onClose={() => setShowAddModal(false)} 
+        onSuccess={() => {
+          fetchNodes();
+          setShowAddModal(false);
+        }}
+      />
+
+      {/* Command Modal */}
+      <CommandModal
+        isOpen={showCommandModal}
+        onClose={() => setShowCommandModal(false)}
+        node={selectedNode}
+        mainServerIp={mainServerIp}
+        mainServerPort={parseInt(mainServerPort, 10) || 8443}
+        onCopy={copyToClipboard}
+        copiedId={copiedId}
+      />
+    </motion.div>
+  );
+}
+
+// Add Node Modal Component
+function AddTunnelNodeModal({ 
+  isOpen, 
+  onClose, 
+  onSuccess 
+}: { 
+  isOpen: boolean; 
+  onClose: () => void; 
+  onSuccess: () => void;
+}) {
+  const [formData, setFormData] = useState({
+    name: '',
+    location: '',
+    country_code: '',
+    remote_ip: '',
+    tunnel_port: '443',
+    tunnel_type: getRecommendedTunnelType(),
+    local_forward_port: '10000',
+    sni_host: 'www.google.com',
+  });
+  const [isSubmitting, setIsSubmitting] = useState(false);
+
+  const handleSubmit = async (e: React.FormEvent) => {
+    e.preventDefault();
+    
+    if (!formData.name || !formData.location || !formData.remote_ip) {
+      toast.error('Please fill all required fields');
+      return;
+    }
+
+    setIsSubmitting(true);
+    try {
+      const res = await fetch('/api/tunnel-nodes', {
+        method: 'POST',
+        headers: { 'Content-Type': 'application/json' },
+        body: JSON.stringify({
+          ...formData,
+          tunnel_port: parseInt(formData.tunnel_port, 10),
+          local_forward_port: parseInt(formData.local_forward_port, 10),
+          flag_emoji: COUNTRY_FLAGS[formData.country_code] || null,
+        }),
+      });
+
+      if (!res.ok) throw new Error('Failed to create node');
+      
+      toast.success('Tunnel node created successfully');
+      onSuccess();
+      setFormData({
+        name: '',
+        location: '',
+        country_code: '',
+        remote_ip: '',
+        tunnel_port: '443',
+        tunnel_type: getRecommendedTunnelType(),
+        local_forward_port: '10000',
+        sni_host: 'www.google.com',
+      });
+    } catch {
+      toast.error('Failed to create tunnel node');
+    } finally {
+      setIsSubmitting(false);
+    }
+  };
+
+  if (!isOpen) return null;
+
+  return (
+    <div className="fixed inset-0 z-50 flex items-center justify-center p-4">
+      <motion.div
+        initial={{ opacity: 0 }}
+        animate={{ opacity: 1 }}
+        exit={{ opacity: 0 }}
+        onClick={onClose}
+        className="absolute inset-0 bg-slate-900/40 backdrop-blur-md"
+      />
+      
+      <motion.div
+        initial={{ opacity: 0, scale: 0.9, y: 40 }}
+        animate={{ opacity: 1, scale: 1, y: 0 }}
+        exit={{ opacity: 0, scale: 0.9, y: 40 }}
+        className="relative w-full max-w-2xl bg-white rounded-3xl shadow-2xl overflow-hidden"
+      >
+        <div className="bg-emerald-600 px-8 py-6 text-white">
+          <div className="flex items-center justify-between">
+            <div>
+              <h3 className="text-xl font-bold">Add Tunnel Node</h3>
+              <p className="text-emerald-100 text-sm mt-1">Configure a new location for DPI-resistant connection</p>
+            </div>
+            <button onClick={onClose} className="p-2 hover:bg-white/20 rounded-xl transition-all">
+              <X size={20} />
+            </button>
+          </div>
+        </div>
+
+        <form onSubmit={handleSubmit} className="p-8 space-y-6">
+          <div className="grid grid-cols-2 gap-4">
+            <div>
+              <label className="text-[10px] font-bold text-slate-400 uppercase mb-1 block">
+                Node Name *
+              </label>
+              <input
+                type="text"
+                value={formData.name}
+                onChange={(e) => setFormData(prev => ({ ...prev, name: e.target.value }))}
+                placeholder="e.g. Paris-01"
+                className="w-full bg-slate-50 border border-slate-100 rounded-xl px-4 py-2.5 text-sm focus:ring-2 focus:ring-emerald-500 focus:outline-none"
+              />
+            </div>
+            <div>
+              <label className="text-[10px] font-bold text-slate-400 uppercase mb-1 block">
+                Location *
+              </label>
+              <input
+                type="text"
+                value={formData.location}
+                onChange={(e) => setFormData(prev => ({ ...prev, location: e.target.value }))}
+                placeholder="e.g. Paris, France"
+                className="w-full bg-slate-50 border border-slate-100 rounded-xl px-4 py-2.5 text-sm focus:ring-2 focus:ring-emerald-500 focus:outline-none"
+              />
+            </div>
+          </div>
+
+          <div className="grid grid-cols-2 gap-4">
+            <div>
+              <label className="text-[10px] font-bold text-slate-400 uppercase mb-1 block">
+                Remote Server IP *
+              </label>
+              <input
+                type="text"
+                value={formData.remote_ip}
+                onChange={(e) => setFormData(prev => ({ ...prev, remote_ip: e.target.value }))}
+                placeholder="185.x.x.x"
+                className="w-full bg-slate-50 border border-slate-100 rounded-xl px-4 py-2.5 text-sm font-mono focus:ring-2 focus:ring-emerald-500 focus:outline-none"
+              />
+            </div>
+            <div>
+              <label className="text-[10px] font-bold text-slate-400 uppercase mb-1 block">
+                Country Code
+              </label>
+              <select
+                value={formData.country_code}
+                onChange={(e) => setFormData(prev => ({ ...prev, country_code: e.target.value }))}
+                className="w-full bg-slate-50 border border-slate-100 rounded-xl px-4 py-2.5 text-sm focus:ring-2 focus:ring-emerald-500 focus:outline-none appearance-none"
+              >
+                <option value="">Select Country</option>
+                {Object.entries(COUNTRY_FLAGS).map(([code, flag]) => (
+                  <option key={code} value={code}>{flag} {code}</option>
+                ))}
+              </select>
+            </div>
+          </div>
+
+          <div className="grid grid-cols-2 gap-4">
+            <div>
+              <label className="text-[10px] font-bold text-slate-400 uppercase mb-1 block">
+                Tunnel Type
+              </label>
+              <select
+                value={formData.tunnel_type}
+                onChange={(e) => setFormData(prev => ({ ...prev, tunnel_type: e.target.value as any }))}
+                className="w-full bg-slate-50 border border-slate-100 rounded-xl px-4 py-2.5 text-sm focus:ring-2 focus:ring-emerald-500 focus:outline-none appearance-none"
+              >
+                {TUNNEL_TYPES.map(type => (
+                  <option key={type.value} value={type.value}>
+                    {type.label} {type.recommended ? '(Recommended)' : ''}
+                  </option>
+                ))}
+              </select>
+              <p className="text-[10px] text-slate-400 mt-1">
+                {getTunnelTypeDescription(formData.tunnel_type)}
+              </p>
+            </div>
+            <div>
+              <label className="text-[10px] font-bold text-slate-400 uppercase mb-1 block">
+                Tunnel Port
+              </label>
+              <input
+                type="number"
+                value={formData.tunnel_port}
+                onChange={(e) => setFormData(prev => ({ ...prev, tunnel_port: e.target.value }))}
+                placeholder="443"
+                className="w-full bg-slate-50 border border-slate-100 rounded-xl px-4 py-2.5 text-sm focus:ring-2 focus:ring-emerald-500 focus:outline-none"
+              />
+              <p className="text-[10px] text-slate-400 mt-1">Port 443 recommended for HTTPS mimicry</p>
+            </div>
+          </div>
+
+          <div className="grid grid-cols-2 gap-4">
+            <div>
+              <label className="text-[10px] font-bold text-slate-400 uppercase mb-1 block">
+                Local Forward Port
+              </label>
+              <input
+                type="number"
+                value={formData.local_forward_port}
+                onChange={(e) => setFormData(prev => ({ ...prev, local_forward_port: e.target.value }))}
+                placeholder="10000"
+                className="w-full bg-slate-50 border border-slate-100 rounded-xl px-4 py-2.5 text-sm focus:ring-2 focus:ring-emerald-500 focus:outline-none"
+              />
+            </div>
+            <div>
+              <label className="text-[10px] font-bold text-slate-400 uppercase mb-1 block">
+                SNI Host (for DPI bypass)
+              </label>
+              <input
+                type="text"
+                value={formData.sni_host}
+                onChange={(e) => setFormData(prev => ({ ...prev, sni_host: e.target.value }))}
+                placeholder="www.google.com"
+                className="w-full bg-slate-50 border border-slate-100 rounded-xl px-4 py-2.5 text-sm focus:ring-2 focus:ring-emerald-500 focus:outline-none"
+              />
+              <p className="text-[10px] text-slate-400 mt-1">Fake SNI to bypass DPI detection</p>
+            </div>
+          </div>
+
+          <div className="pt-4 border-t border-slate-100">
+            <button
+              type="submit"
+              disabled={isSubmitting}
+              className="w-full py-4 bg-emerald-600 text-white rounded-2xl font-bold text-sm uppercase tracking-widest hover:bg-emerald-700 disabled:opacity-50 transition-all shadow-xl shadow-emerald-500/20 active:scale-[0.98] flex items-center justify-center gap-3"
+            >
+              {isSubmitting ? (
+                <RefreshCw className="animate-spin" size={20} />
+              ) : (
+                <>
+                  <Plus size={20} />
+                  Create Tunnel Node
+                </>
+              )}
+            </button>
+          </div>
+        </form>
+      </motion.div>
+    </div>
+  );
+}
+
+// Command Modal Component
+function CommandModal({
+  isOpen,
+  onClose,
+  node,
+  mainServerIp,
+  mainServerPort,
+  onCopy,
+  copiedId,
+}: {
+  isOpen: boolean;
+  onClose: () => void;
+  node: TunnelNode | null;
+  mainServerIp: string;
+  mainServerPort: number;
+  onCopy: (text: string, id: string) => void;
+  copiedId: string | null;
+}) {
+  const [showSecret, setShowSecret] = useState(false);
+  const [activeTab, setActiveTab] = useState<'remote' | 'main'>('remote');
+
+  if (!isOpen || !node) return null;
+
+  const remoteCommand = generateRemoteNodeCommand(node, mainServerIp || 'YOUR_MAIN_SERVER_IP', mainServerPort);
+  const mainCommand = generateMainServerCommand(
+    { ip: mainServerIp || 'YOUR_MAIN_SERVER_IP', port: mainServerPort },
+    node.tunnel_type,
+    node.tunnel_secret,
+    node.local_forward_port
+  );
+
+  return (
+    <div className="fixed inset-0 z-50 flex items-center justify-center p-4">
+      <motion.div
+        initial={{ opacity: 0 }}
+        animate={{ opacity: 1 }}
+        exit={{ opacity: 0 }}
+        onClick={onClose}
+        className="absolute inset-0 bg-slate-900/40 backdrop-blur-md"
+      />
+      
+      <motion.div
+        initial={{ opacity: 0, scale: 0.9, y: 40 }}
+        animate={{ opacity: 1, scale: 1, y: 0 }}
+        exit={{ opacity: 0, scale: 0.9, y: 40 }}
+        className="relative w-full max-w-4xl bg-white rounded-3xl shadow-2xl overflow-hidden max-h-[90vh] flex flex-col"
+      >
+        <div className="bg-slate-900 px-8 py-6 text-white flex-shrink-0">
+          <div className="flex items-center justify-between">
+            <div className="flex items-center gap-4">
+              <div className="text-3xl">
+                {node.flag_emoji || COUNTRY_FLAGS[node.country_code || ''] || '🌍'}
+              </div>
+              <div>
+                <h3 className="text-xl font-bold">{node.name}</h3>
+                <p className="text-slate-400 text-sm">{node.location} - Setup Commands</p>
+              </div>
+            </div>
+            <button onClick={onClose} className="p-2 hover:bg-white/20 rounded-xl transition-all">
+              <X size={20} />
+            </button>
+          </div>
+        </div>
+
+        <div className="p-6 overflow-y-auto flex-1">
+          {/* Warning if no main server IP */}
+          {!mainServerIp && (
+            <div className="bg-amber-50 border border-amber-200 rounded-xl p-4 mb-6">
+              <p className="text-amber-800 text-sm font-medium">
+                Please enter your Main Server IP in the configuration section above to generate correct commands.
+              </p>
+            </div>
+          )}
+
+          {/* Tunnel Info */}
+          <div className="bg-slate-50 rounded-xl p-4 mb-6">
+            <div className="grid grid-cols-3 gap-4 text-sm">
+              <div>
+                <p className="text-[10px] font-bold text-slate-400 uppercase">Tunnel Type</p>
+                <p className="font-bold text-slate-900">{node.tunnel_type.toUpperCase()}</p>
+              </div>
+              <div>
+                <p className="text-[10px] font-bold text-slate-400 uppercase">Remote IP</p>
+                <p className="font-mono font-bold text-slate-900">{node.remote_ip}</p>
+              </div>
+              <div>
+                <p className="text-[10px] font-bold text-slate-400 uppercase">Port</p>
+                <p className="font-mono font-bold text-slate-900">{node.tunnel_port}</p>
+              </div>
+            </div>
+            <div className="mt-4 pt-4 border-t border-slate-200">
+              <div className="flex items-center justify-between">
+                <div>
+                  <p className="text-[10px] font-bold text-slate-400 uppercase">Tunnel Secret</p>
+                  <p className="font-mono text-sm text-slate-900">
+                    {showSecret ? node.tunnel_secret : '••••••••••••••••••••'}
+                  </p>
+                </div>
+                <button
+                  onClick={() => setShowSecret(!showSecret)}
+                  className="p-2 text-slate-400 hover:text-slate-600 hover:bg-slate-100 rounded-lg transition-all"
+                >
+                  {showSecret ? <EyeOff size={16} /> : <Eye size={16} />}
+                </button>
+              </div>
+            </div>
+          </div>
+
+          {/* Tabs */}
+          <div className="flex gap-2 mb-4">
+            <button
+              onClick={() => setActiveTab('remote')}
+              className={`px-4 py-2 rounded-xl text-sm font-bold transition-all ${
+                activeTab === 'remote'
+                  ? 'bg-emerald-600 text-white'
+                  : 'bg-slate-100 text-slate-600 hover:bg-slate-200'
+              }`}
+            >
+              Remote Node Command
+            </button>
+            <button
+              onClick={() => setActiveTab('main')}
+              className={`px-4 py-2 rounded-xl text-sm font-bold transition-all ${
+                activeTab === 'main'
+                  ? 'bg-emerald-600 text-white'
+                  : 'bg-slate-100 text-slate-600 hover:bg-slate-200'
+              }`}
+            >
+              Main Server Command
+            </button>
+          </div>
+
+          {/* Command Display */}
+          <div className="relative">
+            <div className="bg-slate-900 rounded-2xl p-6 overflow-x-auto">
+              <pre className="text-sm text-slate-300 whitespace-pre-wrap font-mono leading-relaxed">
+                {activeTab === 'remote' ? remoteCommand : mainCommand}
+              </pre>
+            </div>
+            <button
+              onClick={() => onCopy(activeTab === 'remote' ? remoteCommand : mainCommand, `${node.id}-${activeTab}`)}
+              className="absolute top-4 right-4 flex items-center gap-2 px-3 py-1.5 bg-white/10 hover:bg-white/20 text-white rounded-lg text-xs font-bold transition-all"
+            >
+              {copiedId === `${node.id}-${activeTab}` ? (
+                <>
+                  <Check size={14} />
+                  Copied!
+                </>
+              ) : (
+                <>
+                  <Copy size={14} />
+                  Copy Command
+                </>
+              )}
+            </button>
+          </div>
+
+          {/* Instructions */}
+          <div className="mt-6 space-y-4">
+            <h4 className="font-bold text-slate-900 flex items-center gap-2">
+              <Shield size={16} className="text-emerald-500" />
+              Setup Instructions
+            </h4>
+            <ol className="list-decimal list-inside space-y-2 text-sm text-slate-600">
+              <li>First, run the <strong>Main Server Command</strong> on your panel server to start the tunnel listener</li>
+              <li>Then, run the <strong>Remote Node Command</strong> on the remote server ({node.location})</li>
+              <li>The tunnel will establish automatically and traffic will flow through securely</li>
+              <li>Use the systemd service for auto-start on remote server reboot</li>
+            </ol>
+          </div>
+        </div>
+      </motion.div>
+    </div>
+  );
+}
diff --git a/lib/tunnel-commands.ts b/lib/tunnel-commands.ts
new file mode 100644
index 0000000..62cfb81
--- /dev/null
+++ b/lib/tunnel-commands.ts
@@ -0,0 +1,182 @@
+/**
+ * DPI-Resistant Tunnel Command Generator
+ * 
+ * Generates commands for establishing secure tunnels between nodes
+ * Using Gost (Go Simple Tunnel) for maximum DPI bypass capability
+ * 
+ * Tunnel Types:
+ * - WSS: WebSocket over TLS (looks like HTTPS traffic)
+ * - gRPC: HTTP/2 based (looks like Google services)
+ * - QUIC: UDP-based encrypted protocol
+ * - H2: HTTP/2 tunnel
+ */
+
+export interface TunnelNode {
+  id: number;
+  name: string;
+  location: string;
+  country_code?: string;
+  flag_emoji?: string;
+  remote_ip: string;
+  tunnel_port: number;
+  tunnel_type: 'wss' | 'grpc' | 'quic' | 'h2';
+  tunnel_secret: string;
+  local_forward_port: number;
+  sni_host: string;
+  status: string;
+}
+
+export interface MainServerConfig {
+  ip: string;
+  port: number;
+}
+
+/**
+ * Generate the command to run on the MAIN server (where panel is installed)
+ * This creates the listener that remote nodes will connect to
+ */
+export function generateMainServerCommand(
+  mainServer: MainServerConfig,
+  tunnelType: string,
+  tunnelSecret: string,
+  localForwardPort: number
+): string {
+  const authHeader = Buffer.from(`admin:${tunnelSecret}`).toString('base64');
+  
+  switch (tunnelType) {
+    case 'wss':
+      return `# Install Gost on Main Server
+curl -L https://github.com/ginuerzh/gost/releases/download/v2.11.5/gost-linux-amd64-2.11.5.gz -o gost.gz && gunzip gost.gz && chmod +x gost && mv gost /usr/local/bin/
+
+# Run Tunnel Listener (WSS - Looks like HTTPS)
+gost -L "relay+wss://:${mainServer.port}?auth=${authHeader}&path=/ws&cert=/etc/ssl/certs/server.crt&key=/etc/ssl/private/server.key"`;
+
+    case 'grpc':
+      return `# Install Gost on Main Server
+curl -L https://github.com/ginuerzh/gost/releases/download/v2.11.5/gost-linux-amd64-2.11.5.gz -o gost.gz && gunzip gost.gz && chmod +x gost && mv gost /usr/local/bin/
+
+# Run Tunnel Listener (gRPC - Looks like Google services)
+gost -L "relay+grpc://:${mainServer.port}?auth=${authHeader}"`;
+
+    case 'quic':
+      return `# Install Gost on Main Server
+curl -L https://github.com/ginuerzh/gost/releases/download/v2.11.5/gost-linux-amd64-2.11.5.gz -o gost.gz && gunzip gost.gz && chmod +x gost && mv gost /usr/local/bin/
+
+# Run Tunnel Listener (QUIC - UDP encrypted)
+gost -L "relay+quic://:${mainServer.port}?auth=${authHeader}"`;
+
+    case 'h2':
+      return `# Install Gost on Main Server
+curl -L https://github.com/ginuerzh/gost/releases/download/v2.11.5/gost-linux-amd64-2.11.5.gz -o gost.gz && gunzip gost.gz && chmod +x gost && mv gost /usr/local/bin/
+
+# Run Tunnel Listener (HTTP/2)
+gost -L "relay+h2://:${mainServer.port}?auth=${authHeader}"`;
+
+    default:
+      return `# Unknown tunnel type: ${tunnelType}`;
+  }
+}
+
+/**
+ * Generate the command to run on the REMOTE node server
+ * This connects back to the main server and creates the tunnel
+ */
+export function generateRemoteNodeCommand(
+  node: TunnelNode,
+  mainServerIp: string,
+  mainServerListenPort: number
+): string {
+  const authHeader = Buffer.from(`admin:${node.tunnel_secret}`).toString('base64');
+  
+  const installCmd = `# ============================================
+# Tunnel Setup for: ${node.name} (${node.location})
+# ============================================
+
+# Step 1: Install Gost
+curl -L https://github.com/ginuerzh/gost/releases/download/v2.11.5/gost-linux-amd64-2.11.5.gz -o gost.gz
+gunzip gost.gz
+chmod +x gost
+mv gost /usr/local/bin/
+
+`;
+
+  let tunnelCmd = '';
+  
+  switch (node.tunnel_type) {
+    case 'wss':
+      tunnelCmd = `# Step 2: Start Tunnel (WSS - DPI Resistant)
+# This will forward local port ${node.local_forward_port} through the tunnel
+gost -L "tcp://:${node.local_forward_port}" -F "relay+wss://${mainServerIp}:${mainServerListenPort}?auth=${authHeader}&path=/ws&serverName=${node.sni_host}"`;
+      break;
+
+    case 'grpc':
+      tunnelCmd = `# Step 2: Start Tunnel (gRPC - Looks like Google traffic)
+gost -L "tcp://:${node.local_forward_port}" -F "relay+grpc://${mainServerIp}:${mainServerListenPort}?auth=${authHeader}"`;
+      break;
+
+    case 'quic':
+      tunnelCmd = `# Step 2: Start Tunnel (QUIC - UDP based)
+gost -L "tcp://:${node.local_forward_port}" -F "relay+quic://${mainServerIp}:${mainServerListenPort}?auth=${authHeader}"`;
+      break;
+
+    case 'h2':
+      tunnelCmd = `# Step 2: Start Tunnel (HTTP/2)
+gost -L "tcp://:${node.local_forward_port}" -F "relay+h2://${mainServerIp}:${mainServerListenPort}?auth=${authHeader}"`;
+      break;
+  }
+
+  const systemdService = `
+
+# ============================================
+# Optional: Create Systemd Service for Auto-Start
+# ============================================
+cat > /etc/systemd/system/gost-tunnel.service << 'EOF'
+[Unit]
+Description=Gost Tunnel to Main Server
+After=network.target
+
+[Service]
+Type=simple
+ExecStart=/usr/local/bin/gost -L "tcp://:${node.local_forward_port}" -F "relay+${node.tunnel_type}://${mainServerIp}:${mainServerListenPort}?auth=${authHeader}${node.tunnel_type === 'wss' ? `&path=/ws&serverName=${node.sni_host}` : ''}"
+Restart=always
+RestartSec=5
+
+[Install]
+WantedBy=multi-user.target
+EOF
+
+systemctl daemon-reload
+systemctl enable gost-tunnel
+systemctl start gost-tunnel
+
+# Check status
+systemctl status gost-tunnel`;
+
+  return installCmd + tunnelCmd + systemdService;
+}
+
+/**
+ * Get human-readable description of tunnel type
+ */
+export function getTunnelTypeDescription(type: string): string {
+  switch (type) {
+    case 'wss':
+      return 'WebSocket over TLS - Appears as normal HTTPS traffic, best for bypassing DPI';
+    case 'grpc':
+      return 'gRPC over HTTP/2 - Mimics Google services traffic';
+    case 'quic':
+      return 'QUIC Protocol - Fast UDP-based encrypted tunnel';
+    case 'h2':
+      return 'HTTP/2 Tunnel - Standard HTTP/2 based connection';
+    default:
+      return 'Unknown tunnel type';
+  }
+}
+
+/**
+ * Get recommended tunnel type based on conditions
+ */
+export function getRecommendedTunnelType(): 'wss' | 'grpc' | 'quic' | 'h2' {
+  // WSS is generally the most DPI-resistant for Iranian firewall
+  return 'wss';
+}
diff --git a/panel.sqlite b/panel.sqlite
index e45ab6771a06c33eb9de54fc7c4a26e754bf2879..9ce367c052c474ccca3e1d27c9210609212066b7 100644
GIT binary patch
delta 641
zcmZ`$PiqrF6wfwmc1_aa7MmbN7{ri-hGI=~Q7_YU)j*ntWGlT*C%cn$%64bjnYhWx
z_Tt4$We&NDcvTP&g5K-dZ&1PSQCBvGl;VR2kN4j1&*Pn3s3-4koUIy0B9T~$@?R{y
ztyC4`^TCJ9+)WiGvOhAX>5uwv-PO+Zs`_1pUyNHt_0?!u%ReqCr+2C6kP&r8NDMuX
zxX5D;;fM<?hJ3!YQtz11GC`xYZSI5r0Kjew%!5EFCaM6+5w-<=Ny@KvL(4xY6qGkz
zfqO2Q-=D8<PX#Tw)ikfLN}Sw~-&CNx%*KK;PvT5&(q2?jb(;-65sZ-?T>)OePW?IT
zlr|oeD`^l#-^Bw&j@c2tJ`1A0Ac*>tgGFVvHg)2&Ktv~7ptT$2Ub6|d&8Kj$X@Skn
zYD_xa6l0&rvxQtf<h*!g!igOaG4t5{>)J(q7KAu(&^3h^%RPz?85c974{NpZOuQI|
z;rf8FflJnHc3hMfnR}W~JcoLN$*(14?Y@h-K!*eeqDQa*R%6HPT5zWwv&XNHKeKn_
xr<9f#Ohk@Efct%Fquy8$4z?Q4B-Eh1Os0}U-<h<t%GyG@{PkQ@9+lqv;18Z$%s2o5

delta 65
zcmZozz}oPDWrDOIKLZ1UFc8B4&qN(#M*fWnOa2S7vmayNInLe4wU*-vM-KZj4&%*&
O0vp)3A7f{<(f|O}A`kum

diff --git a/schema.sql b/schema.sql
index 9503b6e..c392de4 100644
--- a/schema.sql
+++ b/schema.sql
@@ -115,6 +115,30 @@ CREATE TABLE IF NOT EXISTS vpn_servers (
     created_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP
 );
 
+-- Tunnel Nodes for DPI-resistant connections
+CREATE TABLE IF NOT EXISTS tunnel_nodes (
+    id INTEGER PRIMARY KEY AUTOINCREMENT,
+    name VARCHAR(255) NOT NULL,
+    location VARCHAR(255) NOT NULL,
+    country_code VARCHAR(10),
+    flag_emoji VARCHAR(10),
+    remote_ip VARCHAR(45) NOT NULL,
+    tunnel_port INT NOT NULL DEFAULT 443,
+    tunnel_type VARCHAR(50) DEFAULT 'wss',
+    tunnel_secret VARCHAR(255) NOT NULL,
+    local_forward_port INT NOT NULL,
+    sni_host VARCHAR(255) DEFAULT 'www.google.com',
+    status VARCHAR(50) DEFAULT 'pending',
+    is_active BOOLEAN DEFAULT TRUE,
+    last_heartbeat TIMESTAMP,
+    active_connections INT DEFAULT 0,
+    total_traffic_bytes BIGINT DEFAULT 0,
+    created_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP,
+    updated_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP
+);
+
+CREATE INDEX IF NOT EXISTS idx_tunnel_nodes_status ON tunnel_nodes (status, is_active);
+
 CREATE TABLE IF NOT EXISTS server_status_history (
     id INTEGER PRIMARY KEY AUTOINCREMENT,
     server_id INT,
diff --git a/scripts/migrate-tunnel-nodes.sql b/scripts/migrate-tunnel-nodes.sql
new file mode 100644
index 0000000..2808a7e
--- /dev/null
+++ b/scripts/migrate-tunnel-nodes.sql
@@ -0,0 +1,26 @@
+-- Migration: Add Tunnel Nodes Table for DPI-Resistant Connections
+-- Version: 1.0
+-- Description: Creates table for managing multi-location tunnel nodes
+
+CREATE TABLE IF NOT EXISTS tunnel_nodes (
+    id INTEGER PRIMARY KEY AUTOINCREMENT,
+    name VARCHAR(255) NOT NULL,
+    location VARCHAR(255) NOT NULL,
+    country_code VARCHAR(10),
+    flag_emoji VARCHAR(10),
+    remote_ip VARCHAR(45) NOT NULL,
+    tunnel_port INT NOT NULL DEFAULT 443,
+    tunnel_type VARCHAR(50) DEFAULT 'wss',
+    tunnel_secret VARCHAR(255) NOT NULL,
+    local_forward_port INT NOT NULL,
+    sni_host VARCHAR(255) DEFAULT 'www.google.com',
+    status VARCHAR(50) DEFAULT 'pending',
+    is_active BOOLEAN DEFAULT TRUE,
+    last_heartbeat TIMESTAMP,
+    active_connections INT DEFAULT 0,
+    total_traffic_bytes BIGINT DEFAULT 0,
+    created_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP,
+    updated_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP
+);
+
+CREATE INDEX IF NOT EXISTS idx_tunnel_nodes_status ON tunnel_nodes (status, is_active);