Open robin98 opened 1 month ago
If you use Hysteria client with transparent proxy (e.g. redirect/proxy/tun), name resolving is done on client side, so server side DNS setting & domain ACL will not work in this case.
We have plan to introduce feature known as "sniffing" or "deep packet inspection" on server side to extract hostname from SNI in ClientHello and resolve it again. This will be able to fix the problem, but not available now.
If you use Hysteria client with transparent proxy (e.g. redirect/proxy/tun), name resolving is done on client side, so server side DNS setting & domain ACL will not work in this case.
We have plan to introduce feature known as "sniffing" or "deep packet inspection" on server side to extract hostname from SNI in ClientHello and resolve it again. This will be able to fix the problem, but not available now.
If I enable the sniffing in the client side, will ACL work?
Describe the bug I tried the
resolver
tag on my server side config at/etc/hysteria/config.yaml
like this; but this method didn't work for my clients as their resolver didn't change from alibaba to any other DNS resolver I specified.Logs
Device and Operating System ubuntu server 22.04.4