Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Thread] dnscrypt-proxy on iOS #42

Closed
jedisct1 opened this issue Jan 27, 2018 · 72 comments
Closed

[Thread] dnscrypt-proxy on iOS #42

jedisct1 opened this issue Jan 27, 2018 · 72 comments
Labels

Comments

@jedisct1
Copy link
Collaborator

@jedisct1 jedisct1 commented Jan 27, 2018

DNSCloak takes advantage of the DNS proxy provider system introduced in iOS 11 to bring the DNSCrypt protocol to Apple devices. Devices don't have to be jailbroken to install this software.

This is great, but it apparently uses code from dnscrypt-proxy v1, it is not opensource and lacks interesting features such as logging and filtering.

A similar, opensource application for iOS would be terrific!

@s-s
Copy link
Contributor

@s-s s-s commented Jan 27, 2018

>>> TestFlight <<<

Have already ported v2 to iOS (since first betas), with filtering and logging. Waiting for stable version to release it. Also requires some testing - if anybody interested, I may release it under TestFlight.

PS: Lack of features are the dynamic nature of plugins loading in v1.

@s-s
Copy link
Contributor

@s-s s-s commented Jan 27, 2018

BTW it is not a DNS proxy provider (due to it is limited to supervised devices), but a generic packet tunnel. So, it would run on iOS 10 as well, and may be on iOS 9 (there is triple less memory available for network extensions comparing to iOS 10).

@jedisct1
Copy link
Collaborator Author

@jedisct1 jedisct1 commented Jan 27, 2018

@s-s So, this is using NEKit? This is even better!

I'd love to testflight it.

@s-s
Copy link
Contributor

@s-s s-s commented Jan 27, 2018

@jedisct1, no, it is a simple NEPacketTunnelProvider (it is required to run client code in background + setup iOS DNS resolver to that client) + thread wrapper for client + client built as static libs (v1) / framework built with gomobile (v2). I’ll release v2 framework build environment later, so someone may use it for macOS / opensource iOS client.

I’ll try to put v2 into TestFlight tomorrow.

PS: NEKit is great by itself (it is a framework to route traffic through a set of proxies), but it is absolutely not required here. All the “magic” is done with native NEDNSSettings of NetworkExtension framework. I’m very surprised that nobody have ported dnscrypt-proxy to iOS previously.

@jamespoore
Copy link

@jamespoore jamespoore commented Feb 3, 2018

+1 for Testflight. Would be happy to assist with user testing of your app @s-s.

@jedisct1 top work for the v2 implementation, very pleased so far.

@jedisct1
Copy link
Collaborator Author

@jedisct1 jedisct1 commented Feb 3, 2018

Been testing the new DNSCloak for a couple days, and it works really well.

I just had an issue after the installation. "Start" didn't do anything, and I couldn't choose a resolver either. Maybe because I had the previous (non-testflight) version previously installed.

I uninstalled everything and reinstalled the beta. "Start" didn't do anything, which makes sense since no resolvers was selected, but still feels a bit confusing. But I could then pick a resolver, hit start, and watch the query log fill itself with queries.

@hcarrega
Copy link

@hcarrega hcarrega commented Feb 7, 2018

Just want to try TestFlight to

@s-s
Copy link
Contributor

@s-s s-s commented Feb 8, 2018

@hcarrega, added you to TestFlight, check your email.
@jamespoore, please, send me an email to sergey [dot] smirnov [dot] dev [at] gmail [dot] com - Apple requires an email to send invitation
I'll try to put fresh TestFlight build this weekend - a little busy with work...

@hcarrega
Copy link

@hcarrega hcarrega commented Feb 8, 2018

Thanks ;)

@jedisct1
Copy link
Collaborator Author

@jedisct1 jedisct1 commented Feb 23, 2018

Hi @s-s -- Just to mention that the new version you pushed on Testflight is really good!

It works perfectly. Looking forward to seeing it on the AppStore!

@jedisct1
Copy link
Collaborator Author

@jedisct1 jedisct1 commented Feb 23, 2018

You may want to upgrade the proxy to the latest version though :)

@jedisct1
Copy link
Collaborator Author

@jedisct1 jedisct1 commented Feb 23, 2018

@s-s Just one thing: "filters" should be "no filters": the "filters" label is currently displayed for resolvers that do not filter :)

@tmasiff
Copy link

@tmasiff tmasiff commented Feb 26, 2018

Also want to try if you can. TestFlight:Temadrakula@gmail.com

@s-s
Copy link
Contributor

@s-s s-s commented Feb 26, 2018

@jedisct1, thank you for pointing with filter flag, fixed! :) Also upgraded to latest version (was short on time at Friday, stucked with types mess @ gomobile). I'll upload new TF build soon. As for App Store - I want to implement a couple of things before release - add passcode lock for parental control and move to dnscrypt-proxy managed caches as a source for app's list (as a step toward exposing config editor).

@tmasiff, done, check your email.

@jedisct1
Copy link
Collaborator Author

@jedisct1 jedisct1 commented Feb 26, 2018

Don't Rush, I'm gonna upload a new proxy version tonight (just to fix a recently reported bug with DoH servers where IP addresses were not specified).

@ghost
Copy link

@ghost ghost commented Mar 2, 2018

@jedisct1 AdGuard Pro iOS is opensource, allows inclusion of custom DNScrypt servers & has a wonderful filtering mechanism. TestFlight it & see for yourself.

@jedisct1
Copy link
Collaborator Author

@jedisct1 jedisct1 commented Mar 2, 2018

I bought it, and didn't find any DNSCrypt support in it :(

@ghost
Copy link

@ghost ghost commented Mar 2, 2018

@s-s I’m in agreement with @jedisct1 regarding the latest TestFlight of DNSCloak - it works quite nicely. I’d like to see a mechanism to include custom DNScrypt servers, however. Also a nice enhancement for the use TCP only rule would be an explanation regarding its usefulness running it over TOR. @mtigas maintains https://GitHub.com/mtigas/OnionBrowser which is the only officially endorsed - by the TOR Project - iOS TOR browser.

@ghost
Copy link

@ghost ghost commented Mar 2, 2018

@jedisct1 - you’ve got to use the beta via TestFlight. Hop over to the git repo https://github.com/AdguardTeam/AdguardForiOS & let @ameshkov know you’d like to use it.
Edit: Even simpler, here’s the short form to fill out https://docs.google.com/forms/d/e/1FAIpQLSf5JWqO_Qsdri1nwJphse46Qk48YHVyc3IZs1l-XmJ3ff0dDQ/viewform

@ameshkov
Copy link

@ameshkov ameshkov commented Mar 2, 2018

We've just finished with the first implementation that will be released next week, but it is based on dnscrypt-proxy v1. Once it's released, we'll push the code to GH.

Using dnscrypt-proxy v2 is on our roadmap.

@jedisct1 regarding beta test application, I can see yours, gimme a minute:)

@s-s
Copy link
Contributor

@s-s s-s commented Mar 2, 2018

@X8716e, custom static resolvers and lists will be available with config editor (will be added a little bit later).
As for Tor, I'll mention it, but keep in mind that Tor and dnscrypt-proxy will not work simultaneously on a (non-jailbroken) iOS device for many reasons, most of them are iOS limits. The only scenario I see is to put a Tor middlebox in front of an iOS device with dnscrypt-proxy. But I'd prefer to move dnscrypt-proxy on that middlebox device in this scenario.
As for OnionBrowser - all (well, there is an exception, but its existence in the App Store is just a matter of time) "Tor browser" implementations on iOS do name resolutions via SOCKS proxy provided by Tor client. Just because they have no other way to customize resolver settings. They just can't use dnscrypt-proxy (proxied to the same Tor client).

@tmasiff
Copy link

@tmasiff tmasiff commented Mar 3, 2018

Thanks )

@ghost
Copy link

@ghost ghost commented Mar 5, 2018

@s-s Mostly accurate info; however I’m concerned with the dismissal of TCP as useful. It gives the impression to any who know no better that why try to learn anything on the subject since the developer of this proprietary software is saying there’s no need to do so. I wrongly assumed your application was opensource. Why? Because you’re here on GitHub. My mistake, and one that won’t happen again. Regarding running DNSCrypt concurrently with TOR via SOCKS, there are definite ways to go about doing it. Ideally, simply entering & exiting TOR via DNSCrypt & minimising the connection time to your chosen DNSCrypt server is how most would want to use the mix. Other alternatives exist, though they rely a lot on your level of trust in the DNSCrypt provider. As for asking “how”, well, I’m sure you’ll figure it out ;)

EDIT: @jedisct1 Apologies for a convo that should be taking place on the dev’s project page instead of hijacking space on your own. It’s not possible, however, and I’ll respond no further to said dev. Thanks for your understanding

@jedisct1
Copy link
Collaborator Author

@jedisct1 jedisct1 commented Mar 7, 2018

@s-s The release candidate is perfect! Really nice. This makes it by far the best DNS changing tool on mobile platforms.

I just had a case where I was stuck in the settings page. Close didn't do anything, other controls didn't work any more either.
I'm gonna try to find a sequence to reproduce this.

@s-s
Copy link
Contributor

@s-s s-s commented Mar 7, 2018

@jedisct1, thank you, but all credits should go to you actually - I’m just wrapping UI around your client.

It seems that I’ve found what you are writing about - stuck due to conflicting modals, I’ll make a relayout to fix this problem and one more with logs modal. So, there would be rc2...

Actually, there are still a lot of work to be done: I want to expose as much as possible of dnscrypt-proxy original features. The next big things should be config editor (it would be simpler to edit a couple of lines than have a complex UI as well as adding custom lists and static resolvers, which in fact are already supported ;), forwarding and cloaking, then blacklists (they may be tricky due to iOS behavior).

As for “proprietary”, of course, you can judge me for that, but I don’t want to produce the hell of “yet-another-cl0kdNs-clone-with-brand-new-unique-created-by-myself-icon-buy-now-for-the-only-$0.99” copies which the App Store is all about (AS review policies just don’t work or work against the original developer). This makes frustrating and demotivates a lot. I’m a dev and I want to spend my time on development, not on fighting with copycats. So, choosing between keeping project “proprietary” (in fact - not) or not touching the theme at all I’ve decided to select the first one, at least for the first time. The mentioned Mike’s OB and many other devs that were making opensource projects for iOS stucked with exactly the same problem.

@jedisct1 jedisct1 changed the title Help wanted: iOS support [Thread] dnscrypt-proxy on iOS Mar 25, 2018
@hcarrega
Copy link

@hcarrega hcarrega commented Jan 19, 2019

Orcloak is off to
Since I trial orcloak I can still subscribe

@hcarrega
Copy link

@hcarrega hcarrega commented Jan 20, 2019

Btw people o are previous on TestFlight still continue getting updates?

@jedisct1
Copy link
Collaborator Author

@jedisct1 jedisct1 commented Jan 29, 2019

Any news on this, @s-s @moba ?

@moba
Copy link

@moba moba commented Jan 30, 2019

It took ages to get a verified account, and now we're waiting for Apple to manually transfer ownership from the previous personal account to our company account...

@hcarrega
Copy link

@hcarrega hcarrega commented Feb 5, 2019

Any News?

@SirusDoma
Copy link

@SirusDoma SirusDoma commented Feb 6, 2019

Meanwhile waiting for the release, can i have the testflight invitation?

@hcarrega
Copy link

@hcarrega hcarrega commented Feb 6, 2019

My TestFlight is expiring in 20 days I hope in that time the app get back again

@boistordu
Copy link

@boistordu boistordu commented Feb 11, 2019

@moba no news yet from Apple?

@moba
Copy link

@moba moba commented Feb 11, 2019

Not sure about the details, @s-s maybe knows. :)

@hcarrega
Copy link

@hcarrega hcarrega commented Feb 12, 2019

Subscriptions on ORCloak app from @s-s it’s valid

@s-s
Copy link
Contributor

@s-s s-s commented Feb 16, 2019

DNSCloak is back!

All credit goes to @moba and the team of Center for the Cultivation of Technology (https://www.techcultivation.org/)! Thank you everyone in this thread for your support!

App link https://itunes.apple.com/app/id1452162351
TestFlight TestFlight is available via public link: https:// testflight [dot] apple [dot] com [slash] join [slash] RlMeZBo7

Why new app?

Apple is unable (technically) to make an app transfer from one account to another due to the presence of iCloud entitlement. It is required to present file picker dialog for black/white/etc-lists (please, don't ask me why it is required for a read-only access for a system-provided dialog). So, the only way was to submit it as a new app with a new bundle ID. You may migrate to a new app yourself only.

What is a changelog for 2.2.0?

Since App Store doesn't provide a changes information for initial build: 2.2.0 contains all changes that was present in the latest TestFlight build:

  1. Latest dnscrypt-proxy 2.0.19 (8377d49 for 2.2.0);
  2. TLS 1.3 support (2.2.0 was built using latest Go 1.12rc1);
  3. Strict mode - replace some negative responses to override iOS behavior to fallback to a system resolver. Should prevent leaks in case of failing/rate-limiting resolvers. Also will retry query in case of resolver errors. Enabled by default, can be toggled in Advanced settings.
  4. Toggable ip/black/whitelist logs;
  5. Confirmation dialog for launch with empty "server_names" (aka "Why it takes so long to connect?" issue);
  6. Filter toggle to display selected resolvers only (near search input);
  7. Minor internal improvements: additional log messages, IPv6 handling.
@hcarrega

This comment was marked as off-topic.

@s-s

This comment was marked as off-topic.

@solarelf
Copy link

@solarelf solarelf commented Mar 7, 2019

Okay, please provide a link to the thread to discuss ORCloak... we really want to stay tuned into this issue... we need ORCloak!!

@Onepamopa
Copy link

@Onepamopa Onepamopa commented Mar 12, 2019

What's the github for dnsclaok? Getting some issues with it that need to be discussed.

@jedisct1
Copy link
Collaborator Author

@jedisct1 jedisct1 commented Jun 4, 2019

Wait, what? I didn't even know that DNSCloak had been opensourced. This is huge!

@qauff
Copy link

@qauff qauff commented Jul 26, 2019

@jedisct1 can you update the dnscrypt proxy website to include DNSCloak? :D

@jedisct1
Copy link
Collaborator Author

@jedisct1 jedisct1 commented Jul 26, 2019

@qauff
Copy link

@qauff qauff commented Jul 26, 2019

@jedisct1
Copy link
Collaborator Author

@jedisct1 jedisct1 commented Jul 26, 2019

dnscrypt.org has nothing to do with the project, this is a fake site that copied old content.

@qauff
Copy link

@qauff qauff commented Jul 26, 2019

Yikes.... that's not good. Okay good to know.

@rugabunda
Copy link

@rugabunda rugabunda commented Oct 23, 2019

The ios app is in need of an update to support the newest anon features in .29

@jedisct1
Copy link
Collaborator Author

@jedisct1 jedisct1 commented Oct 23, 2019

Closing, as dnscloak has its own repository: https://github.com/s-s/dnscloak

@jedisct1 jedisct1 closed this Oct 23, 2019
@DNSCrypt DNSCrypt locked and limited conversation to collaborators Nov 23, 2019
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
Projects
None yet
Linked pull requests

Successfully merging a pull request may close this issue.

None yet