-
-
Notifications
You must be signed in to change notification settings - Fork 138
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
VPN mode (one WireGuard) #1049
Comments
Could you elaborate on this? I only have 1 wireguard upstream but I have not been able to figure out how to use it as dns resolver. Doesn't seem like the other issues have any clues either. |
This feature isn't in |
I would anticipate that this feature / option would be highly desirable for many users. In my situation, I have got my own DNS and WireGuard (WG) server on the same cloud/virtual server. I use personal and work profile, in each I have RDNS (v055a) and both of them connects to the WG server, i.e. one WG connection in true VPN style. I use DoH in RDNS to connect to the DNS server, but because all queries are going over clearnet, I have to open an external port on the server and that is accessible for anyone. Thus, it would be very desirable for RDNS to overwrite any DNS in Android and RDNS and tunnel everything through WG. In such case, RDNS does not have to really use DoH/DoT as all DNS traffic would go through encrypted WG to the DNS server. Simple option of IPv4 DNS on local network of the WG server would fulfill the need. Obviously, for those who do not have DNS server, DNS should use DoH/Dot for all queries to public DNS servers tunnelled thought WG. When we may expect v055b? |
This is a slightly different feature (tunneling DoH/DNSCrypt/etc over any user-set WireGuard endpoint), which has also been implemented. One-WireGuard is really just that one WireGuard profile active. This means, no way to exclude apps from its tunnel or use custom DNS (DNS set in WireGuard's profile will instead be used, instead). |
My apologies for any lack of clarity or misunderstanding. I think the way how you have described it is going to address the current inconvenience of reaching an external DNS server, which is on the same server as WireGuard, with DoH/DoT over clearnet. I would find highly desirable feature if RDNS use only one active WireGuard profile in each RDNS (personal and work profile) with all applications using its tunnel and DNS set in WireGuard's profile, i.e overwrites any another DNS used by Android. Thus, for this DoH/DoT would not be necessary. However, I appreciate that other users may need or want to use external DNS server with DoH/DoT and use WireGuard tunnel for it. Do you know when v055b may become available? |
You got it. One-WireGuard will forward DNS as set in the active WireGuard profile. Tunneling DoH/DNSCrypt/etc through WireGuard is a different feature, and more importantly, mutually exclusive with this One-WireGuard feature: #543 / #979 etc
May be this week, if nothing critical comes up in our day-to-day testing (but from experience, there's something severe or the other that we stumble upon every single day)... |
I'm looking forward to this change. sometimes with enough finagling I can get DNS to be proxied but it's completely random |
I also have another issue with the existing mode this may resolve - currently I have to manually revise the list of When I click |
This new feature sounds great, thank you very much, I am looking forward to it. |
Local blocklists will be effective, yes. But otherwise, WireGuard will answer all DNS queries. |
Great, thank you! |
Impl in |
Rethink supports connecting to multiple WireGuard upstreams, but then DNS resolution couldn't be tunneled to any ONE of them (but could be to ALL of them, which is wasteful: #979).
Some folks would prefer to run just ONE WireGuard, but in true "VPN" style with DNS queries (and possibly ICMP) also tunneled through it. Doing so would also help simplify / partially address:
The text was updated successfully, but these errors were encountered: