LorenEteval / Furious

A GUI proxy client based on PySide6. Support Xray-core & hysteria
GNU General Public License v3.0
949 stars 85 forks source link

DNS Leak in VPN mode #52

Closed robin98 closed 9 months ago

robin98 commented 11 months ago

Describe the problem

While using VPN mode in windows, I noticed this program have serious DNS Leak issue. originally while I'm in VPN mode, all my requests including DNS traffic must direct to the selected server. It done well in system proxy mode, but I detect DNS Leak in VPN mode.

How to reproduce

Screenshot

image

LorenEteval commented 10 months ago

Hi. What you mean by blocked? The ping is successful in your screenshot.

robin98 commented 10 months ago

Hi. What you mean by blocked? The ping is successful in your screenshot.

No, check the IP address. it is NOT the twitter. it is a Private range IP address and every time we see this (in Iran) it means GFW somehow sniffed DNS traffic. In this case, they can see that I sending request to a blocked website, and returns that IP address instead of actuall IP of twitter (DNS Transparent Proxy).

LorenEteval commented 10 months ago

Hi. What you mean by blocked? The ping is successful in your screenshot.

No, check the IP address. it is NOT the twitter. it is a Private range IP address and every time we see this (in Iran) it means GFW somehow sniffed DNS traffic. In this case, they can see that I sending request to a blocked website, and returns that IP address instead of actuall IP of twitter (DNS Transparent Proxy).

This issue seems to be related to the upstream, i.e. tun2socks. I'm not sure if there is anything to do on the application side.

LorenEteval commented 10 months ago

Can you try again with curl suggested in the wiki page verify? If there's DNS leak then the curl test will never pass in Iran.

robin98 commented 10 months ago

Can you try again with curl suggested in the wiki page verify? If there's DNS leak then the curl test will never pass in Iran.

It seems that the curl can pass the test, but still when I make a ping test, it'll return me the blocked IP. This case became even more starnge when I noticed there is no problem with nslookup command here!

This problem does not happen with my other client, hiddify-Next for desktop.

I can't say this for sure, but I think this kind of possible DNS Leak in VPN mode, causing future problem in the software such Android studio.

LorenEteval commented 10 months ago

Can you try again with curl suggested in the wiki page verify? If there's DNS leak then the curl test will never pass in Iran.

It seems that the curl can pass the test, but still when I make a ping test, it'll return me the blocked IP. This case became even more starnge when I noticed there is no problem with nslookup command here!

This problem does not happen with my other client, hiddify-Next for desktop.

I can't say this for sure, but I think this kind of possible DNS Leak in VPN mode, causing future problem in the software such Android studio.

Have you tried other domains besides twitter? Did they also show incorrect ip address during ping test?

robin98 commented 10 months ago

Can you try again with curl suggested in the wiki page verify? If there's DNS leak then the curl test will never pass in Iran.

It seems that the curl can pass the test, but still when I make a ping test, it'll return me the blocked IP. This case became even more starnge when I noticed there is no problem with nslookup command here! This problem does not happen with my other client, hiddify-Next for desktop. I can't say this for sure, but I think this kind of possible DNS Leak in VPN mode, causing future problem in the software such Android studio.

Have you tried other domains besides twitter? Did they also show incorrect ip address during ping test?

Yes, I do. I also tried youtube, facebook and etc... all of them show the signs of DNS Leakage.

LorenEteval commented 10 months ago

Can you try again with curl suggested in the wiki page verify? If there's DNS leak then the curl test will never pass in Iran.

It seems that the curl can pass the test, but still when I make a ping test, it'll return me the blocked IP. This case became even more starnge when I noticed there is no problem with nslookup command here! This problem does not happen with my other client, hiddify-Next for desktop. I can't say this for sure, but I think this kind of possible DNS Leak in VPN mode, causing future problem in the software such Android studio.

Have you tried other domains besides twitter? Did they also show incorrect ip address during ping test?

Yes, I do. I also tried youtube, facebook and etc... all of them show the signs of DNS Leakage.

OK. I can confirm that Furious has DNS leak by analyzing traffic in the Wireshark, and I know where the problem is and how to fix it. I guess that's a first-priority fix.

I'll keep this issue open until it is confirmed fixed. Would you mind having another test in the next version to see if the issue still exists? Thank you. Since I'm very busy recently, I'll just add a prerelease based on old code base focusing on just this issue(no new features, etc.). Is it OK to you?

Updated: observed on Windows. Not sure if macOS version has this issue.

robin98 commented 10 months ago

OK. I can confirm that Furious has DNS leak by analyzing traffic in the Wireshark, and I know where the problem is and how to fix it. I guess that's a first-priority fix.

I'll keep this issue open until it is confirmed fixed. Would you mind having another test in the next version to see if the issue still exists? Thank you. Since I'm very busy recently, I'll just add a prerelease based on old code base focusing on just this issue(no new features, etc.). Is it OK to you?

Updated: observed on Windows. Not sure if macOS version has this issue.

Thank you. this is good news. I will wait for you to publish it.

LorenEteval commented 9 months ago

I can confirm this is fixed in new version on my side so I'm closing this. Feed back welcome

robin98 commented 9 months ago

I appreciate for this. It seems that the problem has been fixed.