✨ What's New in MTProxyMax v1.2.0
MTProxyMax v1.2.0 represents the most extensive feature expansion in the project's history. This release transforms the core script into a full-scale Enterprise Proxy Management Platform featuring commercial voucher automation, role-based Telegram governance, automated hostile threat blacklisting, proactive Anti-DPI forensics, kernel-level bandwidth shaping, load balancer clustering, daily briefing dispatches, smart user onboarding, and hardware-aware performance auto-tuners.
🏢 Enterprise Commercial Suite
-
Commercial Voucher & Gift Code System (
mtproxymax voucher)- Batch Generation: Generate secure batches of gift codes (
mtproxymax voucher create <count> <quota> <days>) formatted asMTP-XXXX-XXXXwith custom data ceilings (e.g.,10G,50G, or unlimited) and validity durations stored cleanly in${INSTALL_DIR}/vouchers.conf. - Self-Service & Bot Redemption: Users or distributors can redeem voucher codes locally (
mtproxymax voucher redeem <code> [label]) or remotely via Telegram bot (/redeem <code>), instantly provisioning a dedicated proxy secret with exact quota and connection limits enforced. - Full Audit Trail: Track every voucher's status (
ACTIVE,REDEEMED,REVOKED), creation timestamp, and associated account label.
- Batch Generation: Generate secure batches of gift codes (
-
Role-Based Access Control (RBAC) & Telegram Admin Tiers (
mtproxymax admin)- Multi-Tier Authorization Governed in
admins.conf:superadmin: Unrestricted access to all 21 remote Telegram bot commands, including destructive engine restarts (/mp_restart), emergency panic lockdowns (/mp_lockdown), script self-updates (/mp_update), and bot removals (/mp_remove).reseller: Delegated operational access restricted strictly to voucher batch creation (/mp_voucher create), voucher auditing (/mp_voucher list), voucher redemption (/redeem), and user statistics queries (/mp_status,/mp_secrets). Destructive server commands are automatically blocked with security violation logging.
- Multi-Tier Authorization Governed in
-
Decoupled Self-Service Web Status Portal (
mtproxymax portal)- Zero-Dependency Static HTML Dashboard: Generates a responsive, dark-mode glassmorphism HTML interface (
index.html) stored in/opt/mtproxymax/portal/. - Automated Background JSON Metrics: During periodic engine sweeps (
sweep()), MTProxyMax automatically exports real-time server health (status.json) and anonymized user quota leaderboards (users.json). - Client Self-Service: Users can check live proxy uptime, server bandwidth consumption, active connection counts, and individual data consumption directly from any browser without exposing internal administrative interfaces or running backend scripts.
- Zero-Dependency Static HTML Dashboard: Generates a responsive, dark-mode glassmorphism HTML interface (
🛡️ Automated Hostile Threat Scanner Shield
- Proactive Shodan & Censys Threat Blocking (
mtproxymax scanner-shield)- High-Speed Kernel Memory Hash Sets: Initializes high-performance Linux kernel memory sets (
ipsettablemtproxymax-scanners) with capacity for up to 65,536 network CIDRs. - Automated Threat Feed Import: Automatically imports and blacklists well-known hostile mass scanning subnets (including Shodan, Censys, and Shadowserver probe networks such as
162.142.125.0/24,167.94.138.0/24,71.6.135.0/24). - Pre-Application Drop: Incoming packets from hostile scanner subnets are silently dropped at the Netfilter kernel boundary before reaching Docker container sockets or triggering SYN cookie thresholds, keeping your proxy invisible to Internet-wide discovery feeds.
- High-Speed Kernel Memory Hash Sets: Initializes high-performance Linux kernel memory sets (
🔬 Advanced Anti-DPI & Emergency Defenses
- Active DPI Forensics Inspector (
mtproxymax dpi-inspect)- Performs a 5-step heuristic scan evaluating SYN cookie state, TLS fingerprint parity, SNI routing reachability, conntrack replay cache depth, and MSS clamping to compute an interactive Anti-DPI Hardening Score out of 100.
- Self-Healing Cover Watchdog (
mtproxymax cover-watchdog)- Background watchdog probing primary cover domain health every 60 seconds. Automatically rotates to backup SNI pool candidates upon censorship interception or consecutive HTTP 5xx failures.
- Emergency Panic Lockdown Switch (
mtproxymax lockdown [on|off])- Instant posture hardening switch enabling kernel SYN tarpits, Ultra-Stealth conntrack replay protection, and TCP MSS clamping via CLI or remote Telegram bot command (
/mp_lockdown).
- Instant posture hardening switch enabling kernel SYN tarpits, Ultra-Stealth conntrack replay protection, and TCP MSS clamping via CLI or remote Telegram bot command (
- Multi-Port Listener Pool (
mtproxymax port-pool [add|remove|list])- Listens on multiple fallback TCP ports simultaneously (e.g., 443, 8443, 2053) via automated kernel
iptablesNAT redirection without extra container runtime overhead.
- Listens on multiple fallback TCP ports simultaneously (e.g., 443, 8443, 2053) via automated kernel
- Dynamic FakeTLS Padding & Jitter (
mtproxymax tls-pad [auto|off|rotate])- Randomizes FakeTLS certificate payload lengths dynamically (
fake_cert_len) to prevent active DPI packet sizing heuristics from identifying MTProto handshake packets.
- Randomizes FakeTLS certificate payload lengths dynamically (
- Active Probe Decoy Redirection (
mtproxymax honeypot [on|off|status])- Intercepts unauthorized active scanners and redirects unauthenticated probes to realistic decoy web endpoints.
🏎️ Bandwidth Shaping & Quota Intelligence
- Linux Kernel QoS Traffic Shaping (
mtproxymax qos [set <mbps>|off|status])- Enforces per-IP upload and download rate ceilings using Linux
tc(Traffic Control) hierarchical token buckets andiptables hashlimitrules to prevent aggressive clients from saturating server links.
- Enforces per-IP upload and download rate ceilings using Linux
- Happy Hours Quota Exclusions (
mtproxymax happy-hours [set <win>|off])- Configures unmetered schedule windows (e.g.,
02:00-08:00) where client traffic bypasses monthly quota accounting.
- Configures unmetered schedule windows (e.g.,
- Proactive Telegram Expiry Reminders (
mtproxymax notify-expiry)- Scans user accounts and dispatches automated direct Telegram reminders 7 days, 3 days, and 24 hours prior to account expiration.
- Multi-IP Subscription Anomaly Scanner (
mtproxymax leak-scan [thresh])- Inspects real-time connection logs to detect credential leaks and abnormal simultaneous IP sharing across proxy secrets.
📡 Operations, Briefings & Onboarding Suite
- Telegram Backup Push (
mtproxymax backup send-tg [file])- Compresses the server configuration and secrets database into an encrypted
.tar.gzarchive and pushes it directly as a document attachment to the superadmin Telegram bot chat.
- Compresses the server configuration and secrets database into an encrypted
- Scheduled Executive Morning Briefings (
mtproxymax daily-report [on|off|run])- Configures automated daily cron summaries sent directly to Telegram detailing 24-hour traffic volume, peak connection counts, and upcoming account expirations.
- SSH Brute-Force Intrusion Shield (
mtproxymax ssh-shield [on|off|status])- Automatically configures fail2ban rules and kernel firewall jails protecting host SSH ports against automated dictionary attack bots.
- International Network Grade Benchmarker (
mtproxymax net-grade)- Performs comprehensive TCP ping and routing stability evaluations against global transit nodes, scoring server network quality with an A+/A/B/C letter grade.
- Interactive Smart Onboarding Wizard (
mtproxymax onboard [label])- Step-by-step interactive administrative wizard guiding operators through creating accounts with custom bandwidth limits, connection caps, expiration dates, and immediate QR code outputs.
- SSL/TLS Cover Domain Inspector (
mtproxymax cert-check [domain])- Audits cover domains via OpenSSL to verify certificate issuer chains, cipher suites, and days until TLS expiration.
🌐 DevOps Clustering & Automation Suite
- Layer-4 Load Balancer Exporter (
mtproxymax export-lb [haproxy|nginx])- Generates production-ready HAProxy (
haproxy.cfg) and Nginx Stream (nginx.conf) configuration snippets configured for Layer-4 TCP proxying and PROXY Protocol v2.
- Generates production-ready HAProxy (
- Cloudflare Dynamic DNS Updater (
mtproxymax ddns [set|run|status|off])- Automatically queries Cloudflare API v4 and updates domain A records whenever public IP changes are detected.
- Point-in-Time Snapshots (
mtproxymax snapshot [create|restore]) & Forensics Bundle (mtproxymax diag-dump)- Creates self-contained
.tar.gzconfiguration backups with one-click restoration and packages comprehensive system diagnostics for auditing.
- Creates self-contained
- Instant Server Replication & Bootstrapping (
mtproxymax clone-link&bootstrap <base64>)- Generates a one-line Base64 export bundle containing server configuration parameters that can be instantly bootstrapped onto a fresh secondary node.
🚀 Performance & Self-Healing Suite
- TCP BBR & Fast Open Booster (
mtproxymax tcp-boost [on|off|status])- Activates Google's BBR congestion control algorithm and TCP Fast Open (
TFO) to drastically reduce latency over high-packet-loss networks.
- Activates Google's BBR congestion control algorithm and TCP Fast Open (
- Aggressive Mobile Socket Reaper (
mtproxymax tcp-clean [on|off|status])- Tunes kernel
fin_timeoutandkeepalive_probesto rapidly purge orphaned mobile client sockets caused by sudden cellular drops.
- Tunes kernel
- Ultra-Low Latency Socket Queue Booster (
mtproxymax socket-boost [on|off])- Expands
somaxconnand network device backlog limits to handle thousands of concurrent connection bursts without packet drops.
- Expands
- Automated Memory & Socket Self-Healer (
mtproxymax heal&auto-heal [on|off|status])- Background self-healer that automatically flushes kernel buffer caches and reaps zombie connections when RAM thresholds drop below critical limits.
- TCP Fast-Path Window Scaling & MTU Probing (
mtproxymax tcp-fastpath [on|off])- Optimizes RFC-compliant TCP window scaling (
tcp_window_scaling=1), Selective Acknowledgments (tcp_sack=1), and Path MTU discovery (tcp_mtu_probing=1).
- Optimizes RFC-compliant TCP window scaling (
- Dynamic RAM Auto-Tuning (
mtproxymax ram-tune [auto|off])- Hardware-aware scaling of TCP memory buffers (
rmem_max/wmem_max) across Small (≤1GB), Medium (1-4GB), and Large (>4GB) server tiers.
- Hardware-aware scaling of TCP memory buffers (
- Dynamic Port Range Shadowing (
mtproxymax port-hop [add|remove|list])- Redirects multi-port NAT blocks (
<start>:<end>) to the primary listen port viaiptablesornftables. Includes overlap shielding against the proxy port.
- Redirects multi-port NAT blocks (
- Multi-Core IRQ Packet Spreading (
mtproxymax cpu-tune [on|off|status])- Spreads encrypted packet processing across available CPU cores via Receive Packet Steering (
RPS/RFS) with container read-only sandbox detection.
- Spreads encrypted packet processing across available CPU cores via Receive Packet Steering (
- Interactive TUI Control Centers
- Dedicated ASCII menus (
show_enterprise_menuunder option[e]andshow_performance_menuunder option[p]) enabling real-time configuration and live status verification.
- Dedicated ASCII menus (
🏁 Upgrade
mtproxymax updatePinned Engine: telemt v3.4.19 (987c53c)