MintFlow
MintFlow Menu
Get MintFlow app

MintFlow NetStack 1.9.2 is out

MintFlow NetStack 1.9.2 adds AnyTLS proxy support, fixes config import edge cases, improves WireGuard prefix routing, and optimizes HTTP/2 connection handling.

MintFlow 1.9.2 release

MintFlow NetStack 1.9.2 is now available on the App Store. This release is smaller than 1.9.0, but it closes several practical gaps for users who maintain plain-text profiles and chain traffic through proxy or VPN paths.

The headline change is AnyTLS proxy support. You can now define an anytls L4 proxy in the profile, including the server, port, password, SNI, certificate checking behavior, and session reuse tuning. This gives MintFlow another modern proxy option alongside WireGuard, AmneziaWG, Shadowsocks, VMess, HTTP, and SOCKS5.

AnyTLS profile support

AnyTLS is configured in the same [l4proxies] section as other Layer 4 proxies:

[l4proxies]
any=type:anytls,nickname:AnyTLS,server:any.example.com,port:443,password:secret,sni:cdn.example.com,skip-cert-check:false,session-reuse:true,idle-session-check-interval:30,idle-session-timeout:60,min-idle-sessions:1,max-idle-sessions:4,enabled:true

The required fields are type:anytls, server, port, and password. If sni is not provided, MintFlow uses the server value as the TLS SNI. The session reuse fields are optional and keep their built-in defaults when omitted.

The manual has been updated with the full AnyTLS profile field table.

Import and routing fixes

This release also fixes two configuration issues:

  • WireGuard and AmneziaWG imports now handle profiles that use CRLF or CR line endings.
  • WireGuard routing now behaves correctly when the interface address uses a wider prefix such as /24, instead of only the narrow host-style prefixes common in many mobile VPN examples.

These are small details, but they matter when profiles come from different tools, operating systems, or server panels.

HTTP engine optimization

MintFlow’s HTTP engine also gets another round of optimization in 1.9.2. The main work is around HTTP/2 upstream connection pooling and stream cleanup. For HTTP capture and rewrite workflows, that should reduce avoidable connection churn and make long-running debugging sessions more predictable.

Packet core direction

There is also an important engineering direction behind this release cycle. MintFlow is beginning to phase out the fd.io VPP dependency and replace the parts we actually need with a smaller Rust-based packet-processing core.

VPP helped MintFlow move quickly: it gave us a mature forwarding plane, WireGuard integration, routing tables, and a host stack while the product was still taking shape. But on iOS Network Extension, the cost of carrying a full packet-processing platform is real. Memory pressure, binary size, startup behavior, and cross-language integration overhead all matter on mobile devices.

The goal of the Rust rewrite is not to rebuild all of VPP. It is to implement the minimal surface MintFlow needs: UTUN packet handling, route dispatch, proxy/VPN handoff, DNS integration, and the HTTP engine bridge. Keeping that surface smaller should improve performance, reduce overhead, and make future Apple-platform work easier to maintain.

Final words

MintFlow 1.9.2 is a compatibility and infrastructure release. AnyTLS broadens the proxy choices, the import fixes reduce profile friction, the HTTP engine cleanup improves day-to-day debugging, and the Rust packet-core work sets the direction for lower overhead releases.

As always, feedback is welcome at mintflow@galaxnet.cc.