Releases: hedioum/Hedioum-Pool-Tunnel
Release list
v0.3.2
This release (v0.3.2) is a critical hotfix update addressing architectural edge cases during installation and daemon lifecycle management. It resolves severe lockout risks and enhances the resilience of the built-in auto-updater.
🚨 Critical Fixes
- Resolved Ingress Node SSH Lockout: Fixed a critical logical flaw in
install.shwhere modern Ubuntussh.socketbindings were aggressively disabled across all node types. The daemon now strictly isolates port 22 modifications to Foreign Egress nodes only, guaranteeing zero SSH interruptions for Iran Hub administrators. - Reboot Persistence for Custom SSH Ports: Addressed a time-bomb issue in
system.gowhere modifying the egress SSH port left the service disabled on system reboot. The daemon now correctly injectssystemctl enable ssh.serviceto ensure persistence. - Zero-Downtime Updater Resilience: Fortified the
SelfUpdatemechanism against GitHub API rate limits. The daemon now strictly validates HTTP 200 OK statuses before executing binary swaps, preventing corrupt downloads. Additionally, implemented deferred cleanup to prevent temporary file leaks (/tmp/hedioum-tunnel-new) if an update aborts.
⚙️ Operational Enhancements
- Resolved Dashboard State Paradox: Fixed a UX timing issue where the background daemon appeared as
inactive (dead)immediately after completing the setup wizard.main.gonow proactively bootstraps the systemd service in the background before rendering the Interactive Dashboard. - Smart Architecture Detection in Installer: Upgraded the 1-Click bash installer to natively detect host CPU architecture (
uname -m). It now seamlessly fetches either theamd64orarm64binary without user intervention.
📦 Installation / Upgrade
To install or safely upgrade to this stable hotfix, run the following command as root:
bash <(curl -fsSL https://raw.githubusercontent.com/hedioum/Hedioum-Pool-Tunnel/main/install.sh)v0.3.1
This release marks a significant milestone in transitioning the Hedioum Dynamic Pool Tunnel from an experimental mesh routing tool to a highly stable, production-ready infrastructure daemon.
Version v0.3.1 focuses entirely on operational resilience, zero-allocation micro-optimizations, and seamless cross-architecture deployments.
🚀 Key Features & Enhancements
Core Networking & DPI Evasion:
- SSH Decoy Protocol Perfection: Resolved the critical
Bad packet lengthandMAC incorrectscanner drops. Implemented a zero-data-lossRecorderConnandReplayConnarchitecture to consume redundant Decoy banners silently, ensuring DPI scanners interact flawlessly with the actual OpenSSH daemon. - CPU Micro-Optimizations in Framing Layer: Replaced resource-heavy
rand.Intnloops with highly optimized bulkcrypto/rand.Readblock allocations in thePadConnlayer. This drastically reduces CPU overhead on both Hub and Egress nodes during high-throughput video streaming or large file transfers.
Infrastructure & OS Compatibility:
- Native ARM64 Support: Introduced full cross-compilation support. The tunnel now deploys natively on ARM-based cloud instances (e.g., Oracle Cloud, Hetzner ARM) with a dedicated binary.
- Modern Ubuntu Compatibility: The automated installer and system utilities now gracefully handle
systemdsocket activation (ssh.socket), ensuring Port 22 is strictly freed for the DPI Decoy without locking administrators out. - Automated Firewall Provisioning: The daemon now dynamically detects
ufwstates and automatically provisions rules for the relocated SSH port (2022).
Operations & UX (Dashboard):
- Smart Local Port Allocation: The setup wizard now actively probes the OS to find dynamically free local SOCKS5 ports, eliminating
address already in usefatal crashes when registering multiple egress nodes. - Backward Configuration Compatibility: The daemon now automatically injects safe defaults (like
TargetPort: 22and scalable connection limits) into legacy JSON configs upon loading, ensuring zero-downtime updates for existing users. - Refined CLI Dashboard: Upgraded the Interactive TUI with dynamic menu generation, displaying real-time node limits, capabilities, and specific daemon tokens directly from the operational screen.
Deployment & Lifecycle:
- Resilient 1-Click Installer & Auto-Updater: Upgraded the
install.shand internalSelfUpdateroutines to strictly verify OS architecture (uname -m/runtime.GOARCH) before fetching binaries. Replaced raw link fallbacks with precise GitHub Release Asset targeting to survive API rate-limiting in restricted network environments.
📦 Installation / Upgrade
To install or safely upgrade to this version, run the following command as root:
bash <(curl -fsSL https://raw.githubusercontent.com/hedioum/Hedioum-Pool-Tunnel/main/install.sh)v0.3.0
🛡️ Hedioum Pool Tunnel v0.3.0 - Advanced Obfuscation & Active Probe Defense
This critical security release overhauls the cryptographic architecture of Hedioum, shifting obfuscation from the logical stream layer directly to the physical TCP socket. This ensures Zero-Leakage of multiplexer signatures, making the tunnel completely invisible to modern Deep Packet Inspection (DPI) heuristics.
✨ Core Security Upgrades
- Physical Socket Encryption (XOR Stream Cipher): All data, including Yamux control headers (Ping, Window Updates), is now encrypted at the lowest level using a highly optimized, stateful XOR stream cipher. GFW will only see high-entropy, unpredictable bytes on Port 22.
- Dynamic Packet Padding (Length Obfuscation): Implemented a lightweight, zero-allocation custom framing protocol (
PadConn). It injects randomized garbage data (between 0 to 255 bytes) into every TCP frame. This defeats DPI machine-learning models that rely on fixed packet-size analysis. - Decoy Routing (Active Scanner Defense): Hedioum no longer drops or bans connections that fail the AuthToken handshake. Instead, it acts as a transparent proxy, silently forwarding unauthorized GFW probes and bots directly to your real OpenSSH daemon (Port 2022). To any external scanner, your server now looks and behaves exactly like a standard, uninteresting Linux machine.
- Zero GC Overhead: Both XOR and Padding layers utilize
sync.Pooland pre-allocated memory buffers to guarantee absolute zero garbage collection overhead under heavy, 300+ Mbps loads.
📥 Upgrade Instructions
For existing v0.2.0 Nodes:
Run hedioum-tunnel in your terminal and select Option 5 (Update Hedioum Daemon). The system will safely pull this release and restart.
(Note: You must update both your Iran Hub and Foreign Egress nodes simultaneously, as the physical handshake protocol has fundamentally changed).
For Fresh Installs:
Run the master installation script:
bash <(curl -s https://raw.githubusercontent.com/hedioum/Hedioum-Pool-Tunnel/main/install.sh)
v0.2.0
🚀 Hedioum Pool Tunnel v0.2.0 - Traffic Shaping & Telemetry
This major release introduces kernel-level traffic shaping and a vastly improved operational dashboard, officially transforming Hedioum from a connection multiplexer into a stealthy, DPI-evasive SDN overlay.
✨ Core Architectural Upgrades
- Strict Traffic Shaping (Token Bucket): We replaced soft bandwidth triggers with a strict, zero-overhead Token Bucket rate limiter (
golang.org/x/time/rate). The system now leverages TCP window Backpressure to naturally throttle aggressive streams (like IDM or Speedtests) down to the exact DPI Evasion Cap. This guarantees that no single physical connection will ever trigger GFW volume-based heuristic alarms. - Dynamic Warm-up Pools (
MinConnections): Node administrators can now define a baseline number of physical connections (e.g., 10) to keep alive at all times. This eliminates latency spikes and TCP handshake overhead during sudden traffic bursts, providing a seamless experience for end-users. - Enhanced Telemetry Dashboard: Completely overhauled the CLI dashboard's "Live Status" interface. It now displays a clean, tree-structured summary of your Active Mesh Topologies, including Egress IPs, SOCKS5 bind ports, Pool Sizing (Min/Max), and live DPI Evasion dynamics (Caps & Jitter).
- Backward Compatibility: Existing
hedioum.jsonconfigurations are automatically patched in-memory with the newMinConnectionsand bandwidth fields to prevent deployment crashes.
📥 Upgrade Instructions
For existing v0.1.1 Nodes:
Simply run hedioum-tunnel in your terminal and select Option 5 (Update Hedioum Daemon). The system will safely pull this release, back up your current binary, and perform a zero-downtime restart.
For Fresh Installs or Older Nodes:
Run the master installation script:
bash <(curl -s https://raw.githubusercontent.com/hedioum/Hedioum-Pool-Tunnel/main/install.sh)
v0.1.1
🚀 Hedioum Pool Tunnel v0.1.1 - Lifecycle & Maintenance Update
This release brings structural maturity and essential lifecycle management tools to the Hedioum Dynamic Pool Tunnel CLI, making production maintenance completely seamless for node administrators.
✨ What's New in v0.1.1
- Robust Self-Update System (Blue-Green Logic): Added an in-app binary updater accessible directly from the interactive dashboard. It fetches the latest assets via the GitHub API, verifies file integrity, creates a localized backup (
.bak), and executes an automatic rollback if the new version crashes during systemd startup. - Clean Uninstaller: Implemented a single-click purge function that safely stops/disables the background daemon, unlinks systemd units, reloads the daemon configuration, and completely removes binaries and JSON databases from
/etc/hedioumwithout leaving orphaned files. - CLI Architecture Refactoring: Split the monolithic
main.gointo specialized, single-responsibility components (main.go,wizard.go, anddashboard.go) within thecmd/hedioumpackage, drastically lowering code density and preventing future regression bugs. - Strict Dependency Auditing: Cleaned up unused imports and standardized cross-compilation target pathways within the automated
Makefile.
🛠 Asset Installation
Don't forget to drag and drop your newly compiled bin/hedioum-tunnel binary into the Assets section below before publishing this release.
📥 Upgrade Command
Administrators running existing nodes can simply execute the global installer to pull this new infrastructure layout:
bash <(curl -s https://raw.githubusercontent.com/hedioum/Hedioum-Pool-Tunnel/main/install.sh)
v0.1.0 - Chaos Mesh Beta
🚀 Hedioum Pool Tunnel v0.1.0 - Chaos Mesh Beta
Welcome to the first major release of the Hedioum Dynamic Pool Tunnel! This version introduces our core enterprise-grade architecture, designed specifically to evade Deep Packet Inspection (DPI) and eliminate TCP Meltdown under heavy load.
✨ Key Features & Enhancements
- Chaos Mesh Dynamic Balancing: Replaced traditional Round-Robin with a "Least Loaded" algorithm. The system now dynamically distributes traffic based on real-time bandwidth usage (Mbps) across the physical connection pool.
- DPI Evasion (Fluctuating Caps): Implemented randomized bandwidth jitter. Each physical connection now has a floating bandwidth limit (e.g., 8 Mbps ± 2 Mbps) that changes dynamically, preventing GFW and DPI from detecting static traffic patterns.
- Zero-Downtime Connection Draining: Introduced a
Drainingstate for physical sockets during Scale-Down events. Connections are gracefully drained of active logical streams (like open Telegram sockets) before closing, preventing any lag or disconnects for end-users. - Scale-Up Revive (Fast Path): If a traffic spike occurs, the system will instantly revive a draining connection back to
Activestatus, bypassing the overhead of establishing a new TCP/SSH handshake. - Interactive Operations Dashboard: The CLI dashboard now includes a real-time configuration summary, displaying active egress pools, Target IPs, Local SOCKS bindings, and live DPI Evasion dynamics (Limits & Jitter).
- Zero-Overhead Live Monitoring: Built a highly optimized atomic byte counter wrapped around
net.Conn, allowing real-time Mbps calculation without mutex locking or performance degradation.
🛠 Installation / Upgrade
Simply run the master installation script on any Ubuntu/Debian node:
bash <(curl -s https://raw.githubusercontent.com/hedioum/Hedioum-Pool-Tunnel/main/install.sh)
(Note: The installer automatically fetches this latest compiled release asset).