DNS Leak in VPN mode

[robin98]

Describe the problem

While using VPN mode in windows, I noticed this program have serious DNS Leak issue. originally while I'm in VPN mode, all my requests including DNS traffic must direct to the selected server. It done well in system proxy mode, but I detect DNS Leak in VPN mode.

How to reproduce

• update my subscription
• set the routing as Global
• enabling VPN Mode via program
• after connection established, I open the CMD and check some blocked domain (by GFW) using ping command, it'll blocked like you never run VPN!

Screenshot

[LorenEteval]

Hi. What you mean by blocked? The ping is successful in your screenshot.

[robin98]

Hi. What you mean by blocked? The ping is successful in your screenshot.

No, check the IP address. it is NOT the twitter. it is a Private range IP address and every time we see this (in Iran) it means GFW somehow sniffed DNS traffic. In this case, they can see that I sending request to a blocked website, and returns that IP address instead of actuall IP of twitter (DNS Transparent Proxy).

[LorenEteval]

Hi. What you mean by blocked? The ping is successful in your screenshot.

No, check the IP address. it is NOT the twitter. it is a Private range IP address and every time we see this (in Iran) it means GFW somehow sniffed DNS traffic. In this case, they can see that I sending request to a blocked website, and returns that IP address instead of actuall IP of twitter (DNS Transparent Proxy).

This issue seems to be related to the upstream, i.e. tun2socks. I'm not sure if there is anything to do on the application side.

[LorenEteval]

Can you try again with curl suggested in the wiki page verify? If there's DNS leak then the curl test will never pass in Iran.

[robin98]

Can you try again with curl suggested in the wiki page verify? If there's DNS leak then the curl test will never pass in Iran.

It seems that the curl can pass the test, but still when I make a ping test, it'll return me the blocked IP. This case became even more starnge when I noticed there is no problem with nslookup command here!

This problem does not happen with my other client, hiddify-Next for desktop.

I can't say this for sure, but I think this kind of possible DNS Leak in VPN mode, causing future problem in the software such Android studio.

[LorenEteval]

Can you try again with curl suggested in the wiki page verify? If there's DNS leak then the curl test will never pass in Iran.

It seems that the curl can pass the test, but still when I make a ping test, it'll return me the blocked IP. This case became even more starnge when I noticed there is no problem with nslookup command here!

This problem does not happen with my other client, hiddify-Next for desktop.

I can't say this for sure, but I think this kind of possible DNS Leak in VPN mode, causing future problem in the software such Android studio.

Have you tried other domains besides twitter? Did they also show incorrect ip address during ping test?

[robin98]

Can you try again with curl suggested in the wiki page verify? If there's DNS leak then the curl test will never pass in Iran.

It seems that the curl can pass the test, but still when I make a ping test, it'll return me the blocked IP. This case became even more starnge when I noticed there is no problem with nslookup command here! This problem does not happen with my other client, hiddify-Next for desktop. I can't say this for sure, but I think this kind of possible DNS Leak in VPN mode, causing future problem in the software such Android studio.

Have you tried other domains besides twitter? Did they also show incorrect ip address during ping test?

Yes, I do. I also tried youtube, facebook and etc... all of them show the signs of DNS Leakage.

[LorenEteval]

Can you try again with curl suggested in the wiki page verify? If there's DNS leak then the curl test will never pass in Iran.

It seems that the curl can pass the test, but still when I make a ping test, it'll return me the blocked IP. This case became even more starnge when I noticed there is no problem with nslookup command here! This problem does not happen with my other client, hiddify-Next for desktop. I can't say this for sure, but I think this kind of possible DNS Leak in VPN mode, causing future problem in the software such Android studio.

Have you tried other domains besides twitter? Did they also show incorrect ip address during ping test?

Yes, I do. I also tried youtube, facebook and etc... all of them show the signs of DNS Leakage.

OK. I can confirm that Furious has DNS leak by analyzing traffic in the Wireshark, and I know where the problem is and how to fix it. I guess that's a first-priority fix.

I'll keep this issue open until it is confirmed fixed. Would you mind having another test in the next version to see if the issue still exists? Thank you. Since I'm very busy recently, I'll just add a prerelease based on old code base focusing on just this issue(no new features, etc.). Is it OK to you?

Updated: observed on Windows. Not sure if macOS version has this issue.

[robin98]

OK. I can confirm that Furious has DNS leak by analyzing traffic in the Wireshark, and I know where the problem is and how to fix it. I guess that's a first-priority fix.

I'll keep this issue open until it is confirmed fixed. Would you mind having another test in the next version to see if the issue still exists? Thank you. Since I'm very busy recently, I'll just add a prerelease based on old code base focusing on just this issue(no new features, etc.). Is it OK to you?

Updated: observed on Windows. Not sure if macOS version has this issue.

Thank you. this is good news. I will wait for you to publish it.

[LorenEteval]

I can confirm this is fixed in new version on my side so I'm closing this. Feed back welcome

[robin98]

I appreciate for this. It seems that the problem has been fixed.