Comments (7)
Right now the reason why localhost DNS isn't working is because every DNS requests are forwarded to wiregaurd. We can probably add an option to disable DNS forwarding, so that localhost DNS would be allowed. Probably something like:
[Interface]
Address = 10.200.200.2/32
PrivateKey = uCTIK+56CPyCvwJxmU5dBfuyJvPuSXAq1FzHdnIxe1Q=
DNS = 10.200.200.1
DNSForward = False
from wireproxy.
Yes, added option like that would be good.
Another question about warp traffic
fl=411f350
h=cloudflare.com
ip=xxx.xxx.xxx.xxx
ts=1648701225.002
visit_scheme=https
uag=Mozilla/5.0 (Linux; Android 11; M2007J3SG) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.88 Mobile Safari/537.36
colo=SIN
http=http/2
loc=SG
tls=TLSv1.3
sni=plaintext
warp=off
gateway=off
I used client openclash and the warp traffic status seem off? Before migrated from wireguard wgcf to wireproxy status warp either plus or on. Is it client related? I tested on mobile client like sagernet/v2rayNG the warp status are plus/on
from wireproxy.
DNS can be remove from wgcf config file. But i am not sure if it works in wireproxy config file either.
case 1: WGCF WARP use the DNS in wgcf.conf. Use the wireguard config file DNS setting
root@debian:~# cat /etc/wireguard/wgcf.conf
[Interface]
PrivateKey = sD7hz8EFYTpr165ofVUklRkjkWzLd2tkPAipkjHfNmU=
Address = 172.16.0.2/32
Address = fd01:5ca1:ab1e:833b:a1b6:e267:39ad:c88e/128
DNS = 1.1.1.1,8.8.8.8,8.8.4.4,2606:4700:4700::1111,2001:4860:4860::8888,2001:4860:4860::8844
MTU = 1420
PostUp = ip -4 rule add from 10.0.0.131 lookup main
PostDown = ip -4 rule delete from 10.0.0.131 lookup main
[Peer]
PublicKey = bmXOC+F1FxEMF9dyiK2H5/1SUtzH0JuVo51h2wPfgyo=
AllowedIPs = 0.0.0.0/0
AllowedIPs = ::/0
Endpoint = 162.159.193.10:2408
root@debian:~# wg
interface: wgcf
public key: t1j3ZcxgJ9C3U+haQqbMSj/mqBGVeB8mS+QWxMw+UEs=
private key: (hidden)
listening port: 36386
fwmark: 0xca6c
peer: bmXOC+F1FxEMF9dyiK2H5/1SUtzH0JuVo51h2wPfgyo=
endpoint: 162.159.193.10:2408
allowed ips: 0.0.0.0/0, ::/0
root@debian:~# nslookup baidu.com
Server: 1.1.1.1
Address: 1.1.1.1#53
Non-authoritative answer:
Name: baidu.com
Address: 220.181.38.251
Name: baidu.com
Address: 220.181.38.148
case 2: remove DNS=.... in wgcf.conf. Use the VPS default nameserver
root@debian:~# cat /etc/wireguard/wgcf.conf
[Interface]
PrivateKey = sD7hz8EFYTpr165ofVUklRkjkWzLd2tkPAipkjHfNmU=
Address = 172.16.0.2/32
Address = fd01:5ca1:ab1e:833b:a1b6:e267:39ad:c88e/128
MTU = 1420
PostUp = ip -4 rule add from 10.0.0.131 lookup main
PostDown = ip -4 rule delete from 10.0.0.131 lookup main
[Peer]
PublicKey = bmXOC+F1FxEMF9dyiK2H5/1SUtzH0JuVo51h2wPfgyo=
AllowedIPs = 0.0.0.0/0
AllowedIPs = ::/0
Endpoint = 162.159.193.10:2408
root@debian:~# cat /etc/resolv.conf
# Generated by resolvconf
nameserver 114.114.114.114
root@debian:~# systemctl restart wg-quick@wgcf
root@debian:~# nslookup baidu.com
Server: 114.114.114.114
Address: 114.114.114.114#53
Non-authoritative answer:
Name: baidu.com
Address: 220.181.38.148
Name: baidu.com
Address: 220.181.38.251
from wireproxy.
DNS can be remove from wgcf config file. But i am not sure if it works in wireproxy config file either.
case 1: WGCF WARP use the DNS in wgcf.conf. Use the wireguard config file DNS setting
root@debian:~# cat /etc/wireguard/wgcf.conf [Interface] PrivateKey = sD7hz8EFYTpr165ofVUklRkjkWzLd2tkPAipkjHfNmU= Address = 172.16.0.2/32 Address = fd01:5ca1:ab1e:833b:a1b6:e267:39ad:c88e/128 DNS = 1.1.1.1,8.8.8.8,8.8.4.4,2606:4700:4700::1111,2001:4860:4860::8888,2001:4860:4860::8844 MTU = 1420 PostUp = ip -4 rule add from 10.0.0.131 lookup main PostDown = ip -4 rule delete from 10.0.0.131 lookup main [Peer] PublicKey = bmXOC+F1FxEMF9dyiK2H5/1SUtzH0JuVo51h2wPfgyo= AllowedIPs = 0.0.0.0/0 AllowedIPs = ::/0 Endpoint = 162.159.193.10:2408 root@debian:~# wg interface: wgcf public key: t1j3ZcxgJ9C3U+haQqbMSj/mqBGVeB8mS+QWxMw+UEs= private key: (hidden) listening port: 36386 fwmark: 0xca6c peer: bmXOC+F1FxEMF9dyiK2H5/1SUtzH0JuVo51h2wPfgyo= endpoint: 162.159.193.10:2408 allowed ips: 0.0.0.0/0, ::/0 root@debian:~# nslookup baidu.com Server: 1.1.1.1 Address: 1.1.1.1#53 Non-authoritative answer: Name: baidu.com Address: 220.181.38.251 Name: baidu.com Address: 220.181.38.148
case 2: remove DNS=.... in wgcf.conf. Use the VPS default nameserver
root@debian:~# cat /etc/wireguard/wgcf.conf [Interface] PrivateKey = sD7hz8EFYTpr165ofVUklRkjkWzLd2tkPAipkjHfNmU= Address = 172.16.0.2/32 Address = fd01:5ca1:ab1e:833b:a1b6:e267:39ad:c88e/128 MTU = 1420 PostUp = ip -4 rule add from 10.0.0.131 lookup main PostDown = ip -4 rule delete from 10.0.0.131 lookup main [Peer] PublicKey = bmXOC+F1FxEMF9dyiK2H5/1SUtzH0JuVo51h2wPfgyo= AllowedIPs = 0.0.0.0/0 AllowedIPs = ::/0 Endpoint = 162.159.193.10:2408 root@debian:~# cat /etc/resolv.conf # Generated by resolvconf nameserver 114.114.114.114 root@debian:~# systemctl restart wg-quick@wgcf root@debian:~# nslookup baidu.com Server: 114.114.114.114 Address: 114.114.114.114#53 Non-authoritative answer: Name: baidu.com Address: 220.181.38.148 Name: baidu.com Address: 220.181.38.251
I think I will do something like:
Case 1: DNS is specified, DNSForward is false
DNS Traffic would be sent without being routed via wireguard
Case 2: DNS is specified, DNSForward is true
DNS Traffic would be sent via wireguard
Case 3: DNS is not specified:
Default nameservers would be used, and DNS would not be routed via wireguard
from wireproxy.
How about reducing to only 1 parameter? Remove DNSForward.
Case 1: DNS is specified
DNS Traffic would be sent with it.
Case 2: DNS is not specified
Default nameservers would be used.
from wireproxy.
How about reducing to only 1 parameter? Remove DNSForward.
Case 1: DNS is specified DNS Traffic would be sent with it.
Case 2: DNS is not specified Default nameservers would be used.
Yeah that seems more consistent with how wireguard works. I'll go with this route instead then.
from wireproxy.
With the new commit, if DNS field is empty, the system nameserver will be used. So you can configure your /etc/resolv.conf
with nameserver 127.0.0.1
, and do something like:
[Interface]
Address = 10.200.200.2/32
PrivateKey = uCTIK+56CPyCvwJxmU5dBfuyJvPuSXAq1FzHdnIxe1Q=
DNSForward = False
from wireproxy.
Related Issues (20)
- Support for AmneziaWG protocol HOT 1
- `suah.dev/protect` no-op under Linux? HOT 2
- Secure wireproxy with landlock
- please add feature to restart or stop own process HOT 3
- Add support of DynDNS IP address refresh HOT 1
- /etc/localtime open: no such file or directory HOT 4
- HTTPS traffic not working?
- FR: Tag ghcr.io images for their release versions
- open /dev/null: permission denied HOT 2
- wireguard本身能通过代理连接吗
- Health metrics port extraction issue --info/-i
- Garbage data when using SOCKS 5 proxy to IPv6
- Default configuration location HOT 2
- curl: (56) Recv failure: Connection reset by peer when running on Docker HOT 1
- Using wireproxy to share a wireguard VPN connection with multiple local peers HOT 2
- Not workiing anymore? HOT 1
- ERR_CONNECTION_CLOSED on Chrome with SOCKS5 and HTTP HOT 1
- race / crash in CheckAlive HOT 1
- extend /metrics HOT 1
- When server closes connection, connection hangs on client (between two wireproxy)
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from wireproxy.