diff --git a/infra/conf/transport_internet.go b/infra/conf/transport_internet.go
index 44efd7f9..65f4151b 100644
--- a/infra/conf/transport_internet.go
+++ b/infra/conf/transport_internet.go
@@ -496,8 +496,8 @@ func (c *StreamConfig) Build() (*internet.StreamConfig, error) {
 		config.SecurityType = tm.Type
 	}
 	if strings.EqualFold(c.Security, "xtls") {
-		if config.ProtocolName != "tcp" {
-			return nil, newError("XTLS only supports TCP for now.")
+		if config.ProtocolName != "tcp" && config.ProtocolName != "domainsocket" {
+			return nil, newError("XTLS only supports TCP and DomainSocket for now.")
 		}
 		xtlsSettings := c.XTLSSettings
 		if xtlsSettings == nil {
diff --git a/transport/internet/domainsocket/dial.go b/transport/internet/domainsocket/dial.go
index bd6591de..d3a43f48 100644
--- a/transport/internet/domainsocket/dial.go
+++ b/transport/internet/domainsocket/dial.go
@@ -11,6 +11,7 @@ import (
 	"v2ray.com/core/common/net"
 	"v2ray.com/core/transport/internet"
 	"v2ray.com/core/transport/internet/tls"
+	"v2ray.com/core/transport/internet/xtls"
 )
 
 func Dial(ctx context.Context, dest net.Destination, streamSettings *internet.MemoryStreamConfig) (internet.Connection, error) {
@@ -27,6 +28,8 @@ func Dial(ctx context.Context, dest net.Destination, streamSettings *internet.Me
 
 	if config := tls.ConfigFromStreamSettings(streamSettings); config != nil {
 		return tls.Client(conn, config.GetTLSConfig(tls.WithDestination(dest))), nil
+	} else if config := xtls.ConfigFromStreamSettings(streamSettings); config != nil {
+		return xtls.Client(conn, config.GetXTLSConfig(xtls.WithDestination(dest))), nil
 	}
 
 	return conn, nil
diff --git a/transport/internet/domainsocket/listener.go b/transport/internet/domainsocket/listener.go
index 9a98971e..607dbbd0 100644
--- a/transport/internet/domainsocket/listener.go
+++ b/transport/internet/domainsocket/listener.go
@@ -11,6 +11,7 @@ import (
 	"strings"
 
 	"github.com/pires/go-proxyproto"
+	goxtls "github.com/xtls/go"
 	"golang.org/x/sys/unix"
 
 	"v2ray.com/core/common"
@@ -18,15 +19,17 @@ import (
 	"v2ray.com/core/common/session"
 	"v2ray.com/core/transport/internet"
 	"v2ray.com/core/transport/internet/tls"
+	"v2ray.com/core/transport/internet/xtls"
 )
 
 type Listener struct {
-	addr      *net.UnixAddr
-	ln        net.Listener
-	tlsConfig *gotls.Config
-	config    *Config
-	addConn   internet.ConnHandler
-	locker    *fileLocker
+	addr       *net.UnixAddr
+	ln         net.Listener
+	tlsConfig  *gotls.Config
+	xtlsConfig *goxtls.Config
+	config     *Config
+	addConn    internet.ConnHandler
+	locker     *fileLocker
 }
 
 func Listen(ctx context.Context, address net.Address, port net.Port, streamSettings *internet.MemoryStreamConfig, handler internet.ConnHandler) (internet.Listener, error) {
@@ -73,6 +76,9 @@ func Listen(ctx context.Context, address net.Address, port net.Port, streamSetti
 	if config := tls.ConfigFromStreamSettings(streamSettings); config != nil {
 		ln.tlsConfig = config.GetTLSConfig()
 	}
+	if config := xtls.ConfigFromStreamSettings(streamSettings); config != nil {
+		ln.xtlsConfig = config.GetXTLSConfig()
+	}
 
 	go ln.run()
 
@@ -103,6 +109,8 @@ func (ln *Listener) run() {
 
 		if ln.tlsConfig != nil {
 			conn = tls.Server(conn, ln.tlsConfig)
+		} else if ln.xtlsConfig != nil {
+			conn = xtls.Server(conn, ln.xtlsConfig)
 		}
 
 		ln.addConn(internet.Connection(conn))