So, long story short I've got opportunity to give Cloak a ride in a fairly hostile environment in an idiosyncratic setup
It works (I'm posting yay)
Using it in Direct mode (CDN does not work, separate issue created previously
Two little suggestions so far
1) allow explicitly specifying a dns resolver for Cloak to use instead of system's
Yes I can use iptables to redirect to dnscrypt / other resolver but being able to put it in a config would be nice
Just quality of life thing
2) a more important matter. In case server IP changes Cloak can spend a while detecting connection broke, much longer than it takes for DNS to reflect the changes
Using aggressive keepalives mitigates that (time between AWS shutdown and re-activation with keepalives set to 10 is between 1 and 2 minutes but with keepalives set to 300 it is 4-7 minutes)
Given that all this time there's activity on Cloak's listening port (openvpn trying to reconnect) , maybe it would be possible to have a feature that allows to initiate aggressive connection restoration when ("activity on listening port" + "no response from upstream for X seconds, with X value separately configurable" ), as distinct from just using keepalives?
Mitigating via keepalives is inferior both due to detection risk and because frankly it eats into battery quite a bit.
So, long story short I've got opportunity to give Cloak a ride in a fairly hostile environment in an idiosyncratic setup
It works (I'm posting yay)
Using it in Direct mode (CDN does not work, separate issue created previously
Two little suggestions so far 1) allow explicitly specifying a dns resolver for Cloak to use instead of system's Yes I can use iptables to redirect to dnscrypt / other resolver but being able to put it in a config would be nice Just quality of life thing
2) a more important matter. In case server IP changes Cloak can spend a while detecting connection broke, much longer than it takes for DNS to reflect the changes
Using aggressive keepalives mitigates that (time between AWS shutdown and re-activation with keepalives set to 10 is between 1 and 2 minutes but with keepalives set to 300 it is 4-7 minutes)
Given that all this time there's activity on Cloak's listening port (openvpn trying to reconnect) , maybe it would be possible to have a feature that allows to initiate aggressive connection restoration when ("activity on listening port" + "no response from upstream for X seconds, with X value separately configurable" ), as distinct from just using keepalives?
Mitigating via keepalives is inferior both due to detection risk and because frankly it eats into battery quite a bit.