Update - April 20, 2026

OrbVPN App (v20.2.x) — Native VLESS & Auto-Reconnect

• Native iOS VLESS: VLESS now runs through a pure-Go OrbVless.framework (dlopen'd) with a tun2socks/gVisor netstack, XTLS-Vision, Reality, and pure-Go gRPC transport — tunneling real traffic on iOS
• Reality Health-Check: Post-start Reality probe with automatic fallback; real WebSocket and CDN fronting for ws/cdn_ws transports
• Auto-Reconnect: New state machine with network-change detection (connectivity_plus), infinite retry with active internet probing, and process rebind so DNS survives a WiFi toggle
• Resilient Auth: Stop forcing logout on network errors during 401/refresh; trust cached authorization on network errors
• Mimicry: Honors RegionConfig for restricted regions (e.g. Russia → Yandex) and self-heals a stuck Manual+None profile back to Auto
• Smart DNS: Parallel latency probing so primary/secondary resolvers are the nearest
• UI & Diagnostics: Stats screen surfaces the current transport and fragmentation state; hidden servers excluded from the list; distance-based latency labels; 100% translation coverage
• Versions: 20.2.0 (build 20200) and 20.2.1 (build 20201), with iOS/macOS aligned to Android

OrbMESH Server

• Real gRPC: End-to-end HTTP/2 gRPC on pure Go with an nginx-aligned service name; fixed ClientHello race and xray deadlock
• Real WebSocket Transport: Native ws and cdn_ws transports
• Reality & Vision: xray-core-compatible Reality client with XTLS-Vision, persistent Reality keys (fixes iPhone "stale pubkey" breakage), and iOS-specific TCP_NODELAY and Reality routing fixes; iOS dynamic framework built via c-archive + clang relink
• Deploy Hardening: Query the OrbNET DB for ORBNET_SERVER_ID instead of hardcoding regions, fail-fast on empty ID, idempotent iptables MASQUERADE/FORWARD rules, and a fixed Docker healthcheck

OrbNET Go Backend

• Smart Server Recommendation: GeoIP-based nearest-foreign-server selection with explicit country preference and ISO-to-name mapping; removed legacy server-table fallback
• OAuth Reliability: JWK cache TTL and key-rotation retry for Google/Apple, plus detailed OAuth logging for recurring sign-in failures
• Android App Links: Added a second SHA256 fingerprint and get_login_creds to assetlinks.json
• Schema: Created the missing orbmesh_connections table