search

Watfaq / clash-rs

custom protocol network proxy
https://watfaq.gitbook.io/clashrs-user-manual/
Apache License 2.0
809 stars 64 forks source link

Can TUN mode supports DNS hijacking #590

Closed Maasea closed 1 month ago

Maasea commented 2 months ago

I'm using TUN mode on window, but all requests are sent as IPs, which invalidates the domain rule.

In TUN mode it is not possible to access the url through the proxy. I don't know if it's because TUN mode can't resolve the IP of the proxy server.

dns:
  enable: true
  ipv6: true
  listen: 0.0.0.0:1053
  nameserver:
    - 223.5.5.5
  enhanced-mode: fake-ip
  fake-ip-range: 198.18.0.2/16

tun:
  enable: true
  device-id: "dev://Clash"
  route-all: true

Also, is it possible to manually disable the warning simple-obfs is deprecated, which is shown in the log every time a proxy request is used.

ibigbug commented 2 months ago

Good point.

Only after DNS resolved the IPs can get into the TUN device by system route.

Maybe the domain rule can be applied with fake ip enabled.

I'll need to look into that.

ibigbug commented 1 month ago

609 should enable the domain rules for tun when the clash DNS is enabled

I'll not do dns hijack for https://github.com/Watfaq/clash-rs/discussions/406#discussioncomment-10727058 unless we see other reasons