Open ltguillaume opened 3 months ago
Hi there! I'm one of the QA guys at Windscribe. The scenario you mentioned can only happen if the following conditions are met
There are two options available right now that can help with this.
Then this looks like the local DNS (my router) is a fallback option at all times. In other words, why wouldn't this happen during an active VPN connection, e.g. when the Windscribe DNS doesn't respond (in time), which at times has been the case, instead of just when switching between servers?
It doesn't happen during an active VPN connection as our app only whitelists a single DNS server (10.255.255.1 - 10.255.255.4). If for some reason the DNS fails in the tunnel it will appear that you don't have any internet.
During a re-connection this whitelist is dropped so the app can configure itself again. During this time since the tunnel is down any DNS servers that are allowed through the firewall can communicate. And since Allow LAN Traffic is enabled, the locally configured DNS server can respond to queries. As it's in the whitelisted LAN range.
We've discussed a way to work around this, but the ideas don't work for all platforms.
Thanks for explaining, but this is rather confusing nonetheless: I have set up a different internal app DNS (ControlD), so why wouldn't it only whitelist that DNS during (re-)connection, especially if the firewall is set to always-on? It seems that makes both of those settings rather obsolete and misleading under these conditions.
v2.10.2
So I've set the network adapter's DNS IPs to my ISP's servers, the same as my router's settings.
I can see that the DNS leaks are indeed now gone, even with "Allow LAN traffic" enabled.
A new problem arises, though: there's a 20s delay on first start-up now before
Windscribe helper connected ok
Also, the start of WireGuardService takes 20 seconds, often even on reconnects/server switches, where there previously was no such delay.
[040424 0:23:54:658 43.086] [firewall_controller] firewall enabled with ips count: 181
[040424 0:23:54:924 43.352] [xxx] Starting "WireguardService"
[040424 0:24:15:170 63.597] [xxx] Opened and mapped the wireguard service log file
Edit So, this is when using ControlD or OpenDNS set for the App internal DNS. If I set it to System default, there's no such delay.
What I don't understand either is that I don't see the OpenDNS or ControlD DNS pop up on ipleak.net during a server switch/reconnection, but I DO see my ISP's IP pop up there if I set App Internal DNS to OS default. Why wouldn't I see the OpenDNS/ControlD IPs?
@Ivantheallknowing Is there anything I can do to resolve the extreme times it currently takes before I get connected after following your first advice ("Set the system DNS to something else besides a local one") without setting the App Internal DNS to OS Default?
Configuration
Steps to reproduce
Remarks
Sources