Paste or drop a vless://, vmess://, trojan://, ss://, hy2://, or tuic:// URI. We run the real protocol handshake from distributed check nodes and show you exactly what we see.
Your URI is routed to the nearest check node. The node parses it, opens the real network connection your VPN client would, performs the full protocol handshake (TLS, REALITY, VMess AEAD auth, Shadowsocks cipher exchange, Hysteria2 QUIC auth, etc.), and reports the result.
Typical round-trips: VLESS+REALITY 150–400ms, Trojan 200–500ms, Hysteria2 150–350ms depending on region. Longer than 5s usually means UDP blocking, wrong SNI, or a dead server.
Config-based protocols ship private keys inside the config. We don't accept those anonymously — they need to be stored encrypted with AES-256-GCM in your account. Create a free account (5 monitors, no card) to monitor those.
Configs submitted here are used to run one handshake and then discarded. No persistent storage, no logging of credentials, no analytics on config contents. The check node's IP and the handshake result are kept for a few hours for rate-limit accounting.
TunnelHQ runs this exact check every 1 to 10 minutes against your whole fleet. When a handshake fails, Slack / email / Telegram / Discord / webhook alerts fire within a second — before users notice.
Start free — 5 monitors, no credit card