Read This First
Why OpenSnell exists, why Snell is the protocol I chose, and why our fully reverse-engineered v6 stays closed-source. Please read this before you deploy.
This page is the one I'd ask everyone to read before using OpenSnell. It isn't about configuration — the rest of the docs cover that. It's about why this project exists, what it values, and the reasoning behind the one decision people ask about most: why v6 is closed-source.
TL;DR — OpenSnell exists because I wanted a Snell implementation that matched the official server's quality. The open-source build stays v4 / v5. Snell v6 is fully reverse-engineered but intentionally not published, for the same reason v6 exists at all: keeping it hard to fingerprint.
How this project started
OpenSnell began with Mihomo. I noticed it had added support for every version of Snell, v1 through v5, and I decided to write my own Snell client and server to understand the protocol properly.
While building it, I found that Mihomo's implementation had a real problem: its approach left a lot of performance on the table, and it ran far slower than the official Snell server. So I reworked that part of the code and opened two pull requests against Mihomo. To this day neither has been merged. That's fine — I'm not a Mihomo user myself; I just wanted the adaptation done well. OpenSnell is what came out of that effort.
Why Snell
I've been a fan of Surge and its developer, Yachen Liu, for a long time, and I think Snell is a genuinely well-designed protocol. A few reasons it's the one I chose:
- It's simple, easy to use, and stable. There's very little that can go wrong, and very little to tune.
- No TLS, and no pretending to be TLS. I'm not fond of protocols that imitate TLS — the mimicry makes the proxy more complex and adds overhead to latency and throughput for no real benefit.
- It's plain TCP. A clean TCP protocol with no TLS layer is, to me, far more appealing than the alternatives.
- The design is thoughtful. For example, Snell doesn't require your server's clock to be correct. Even if the server's time is completely wrong, it has no effect on establishing a connection or on normal use — there's no timestamp to get out of sync.
If you want the head-to-head against other protocols, see the protocol comparison.
On the source
OpenSnell didn't start as a deliberate effort to reverse-engineer Snell or to make its internals public. The code had already been made public by someone else; I simply wanted to take it further — make the implementation more complete and add a few features that are actually useful in practice. The alpha branch is where those extras live.
On v6, and why it stays closed
Surge has since released v6, and I tried it the moment it was out. In my own day-to-day use, v6 is a large step up from v5 — see Snell v6 for what actually changed.
We have completed a 100% reverse-engineering of v6 — our implementation is byte-for-byte identical to the official server on the wire. And we have decided not to open-source it.
The reasoning is simple. The Snell developer, the Surge developer, and you reading this all want the same thing: a free internet, and the right to exchange information freely. Snell v6's entire purpose is to be hard to fingerprint. A public, byte-exact v6 emitter would work directly against that goal — it's the kind of thing that gives censors a fixed target to study. Keeping it unpublished lets the protocol mature quietly and stay harder to identify on the wire. For v6 specifically, I think that's the more responsible choice.
Curious whether v6 actually makes you safer against the Great Firewall? See
v5 vs v6 against the GFW for an honest, axis-by-axis
answer. To run v6 today, the installer can deploy the official
Surge snell-server v6.