diff --git a/easytier/src/connector/dns_connector.rs b/easytier/src/connector/dns_connector.rs
index c2ac24b..2103078 100644
--- a/easytier/src/connector/dns_connector.rs
+++ b/easytier/src/connector/dns_connector.rs
@@ -242,6 +242,7 @@ mod tests {
         let url = "txt://txt.easytier.cn";
         let global_ctx = get_mock_global_ctx();
         let mut connector = DNSTunnelConnector::new(url.parse().unwrap(), global_ctx);
+        connector.set_ip_version(IpVersion::V4);
         let ret = connector.connect().await.unwrap();
         println!("{:?}", ret.info());
     }
@@ -251,6 +252,7 @@ mod tests {
         let url = "srv://easytier.cn";
         let global_ctx = get_mock_global_ctx();
         let mut connector = DNSTunnelConnector::new(url.parse().unwrap(), global_ctx);
+        connector.set_ip_version(IpVersion::V4);
         let ret = connector.connect().await.unwrap();
         println!("{:?}", ret.info());
     }
diff --git a/easytier/src/connector/udp_hole_punch/sym_to_cone.rs b/easytier/src/connector/udp_hole_punch/sym_to_cone.rs
index 48c7321..e3b609e 100644
--- a/easytier/src/connector/udp_hole_punch/sym_to_cone.rs
+++ b/easytier/src/connector/udp_hole_punch/sym_to_cone.rs
@@ -434,7 +434,7 @@ impl PunchSymToConeHoleClient {
         let public_ips: Vec<Ipv4Addr> = stun_info
             .public_ip
             .iter()
-            .map(|x| x.parse().unwrap())
+            .filter_map(|x| x.parse().ok())
             .collect();
         if public_ips.is_empty() {
             return Err(anyhow::anyhow!("failed to get public ips"));
diff --git a/easytier/src/tunnel/insecure_tls.rs b/easytier/src/tunnel/insecure_tls.rs
index f829ee2..35f10ae 100644
--- a/easytier/src/tunnel/insecure_tls.rs
+++ b/easytier/src/tunnel/insecure_tls.rs
@@ -70,7 +70,7 @@ pub fn get_insecure_tls_client_config() -> rustls::ClientConfig {
         .dangerous()
         .with_custom_certificate_verifier(SkipServerVerification::new(provider.clone()))
         .with_no_client_auth();
-    config.enable_sni = false;
+    config.enable_sni = true;
     config.enable_early_data = false;
     config
 }
diff --git a/easytier/src/tunnel/websocket.rs b/easytier/src/tunnel/websocket.rs
index 8214c65..205573b 100644
--- a/easytier/src/tunnel/websocket.rs
+++ b/easytier/src/tunnel/websocket.rs
@@ -183,6 +183,7 @@ impl WSTunnelConnector {
     ) -> Result<Box<dyn Tunnel>, TunnelError> {
         let is_wss = is_wss(&addr)?;
         let socket_addr = SocketAddr::from_url(addr.clone(), ip_version)?;
+        let domain = addr.domain();
         let host = socket_addr.ip();
         let stream = tcp_socket.connect(socket_addr).await?;
 
@@ -203,8 +204,16 @@ impl WSTunnelConnector {
             init_crypto_provider();
             let tls_conn =
                 tokio_rustls::TlsConnector::from(Arc::new(get_insecure_tls_client_config()));
+            let domain_or_ip = match domain {
+                None => {
+                    host.to_string()
+                }
+                Some(domain) => {
+                    domain.to_string()
+                }
+            };
             let stream = tls_conn
-                .connect(host.to_string().try_into().unwrap(), stream)
+                .connect(domain_or_ip.try_into().unwrap(), stream)
                 .await?;
             MaybeTlsStream::Rustls(stream)
         } else {