DNS leaks

[eycorsican]

The way Leaf deals with DNS poisoning issues is the use of a combination of FakeDNS and DomainSniffing features.

For FakeDNS to function as expected, plain text UDP DNS traffic from the host must be routed through the TUN interface, consequently handled by Leaf to make a fake DNS response. But on Windows, DNS queries could easily bypass the TUN interface, thus disabling FakeDNS.

It's unclear to me what's the difference between UWP VPN plugin and a third-party TUN/TAP driver such as tap-windows6, I don't observe a change in the routing table when starting Maple, but FakeDNS is not working when some of my network adapters have DNS servers pointed to the default gateway, DNS queries are bypassing FakeDNS.

As a note, here's how Mellow deals with this kind of issues, and the code.

[bdbai]

Once you start a Maple VPN connection, there should be two entries (0.0.0.0/1 and 128.0.0.0/1) added to your routing table. I have no idea why this did not work for you 🤔

Regarding the DNS issue, Maple does not change the default DNS yet. FYI In YtFlow, the only domain strategy is fake DNS, so I think it is possible to do something similar.

WFP APIs may not be a viable solution here because they are forbidden in a UWP app.

[eycorsican]

Glad to hear there's already a solution for UWP VPN plugin! And it seems much easier. Looking forward to a fix.

[eycorsican]

Once you start a Maple VPN connection, there should be two entries (0.0.0.0/1 and 128.0.0.0/1) added to your routing table. I have no idea why this did not work for you 🤔

My bad, the entries did added to the routing table.