ignoramous
commented
6 days ago Thanks.
Can somebody clarify the difference between adding (ticking) Domain and Wildcard? For example, I would have thought blocking the domain "example.com" blocks everything to that domain (i.e. .example.com).
We've gone with:
examp.leblocking justexamp.le*.examp.leblocking all subdomains ofexamp.le
Some kind of sorting function, for example, I would like Trusted domains listed first.
Noted: https://github.com/celzero/rethink-app/issues/1579
Is it possible to add last handhsake and Transfer RX, like in the offical Wireguard App?
Showing handshake and up/down stats now since v055h.
So, is there a way to add a kill switch (I.E. Block all internet) if the Proxy drops.
Simple mode behaves like this. For Advanced mode, we've introduced a Lockdown switch if you desire this behaviour. Note that, if a WireGuard is split-tunneled (that is, none of its Peers can route ALL subnets; typically, this means there are no Peers that are default gateways 0.0.0.0/0 or ::), the traffic will be routed through the underlying network instead (despite Lockdown when in Advanced mode or in Simple mode).
What's the difference between DNS > Prevent DNS leaks and Firewall > block when DNS bypassed? Firewall > block when DNS bypassed kills whatsapp / Signal notifications, or at least delays them.
Prevent DNS leaks captures packets sent on port 53 and forwards them to user-set DNS endpoint. This prevents apps (like WhatsApp and Signal among others) from using their own upstream DNS53 (plain old unencrypted) resolvers. Capturing packets on port 53 like this may break some apps, usually the ones doing funny things like NAT traversal or push notifications outside of Google's Firebase Cloud Messaging (ex: p2p/chat apps).
Block when DNS is bypassed will block any connection to IP addresses that were NOT resolved by Rethink. For instance, when Telegram uses its own DNS-over-HTTPS (encrypted) to resolve IPs to connect to, Rethink will block connections to those IPs. This is helpful in scenarios where you expect to apply domain rules to ALL installed apps and are NOT okay with those apps bypassing your domain rules. Note that, if you don't let Telegram do its own DNS-over-HTTPS, it would simply refuse to function.
If I try to block a domain from WiFi (unmetered) AND Mobile data (metered), as soon as I tap one option the app disappears and is moved to blocked. So, I have to then scroll through all the blocked apps again to block the other option. Unblocking works fine (I can unblock metered then metered).
-
1516
Deleting per app domain rules also deletes IP and port rules > Domain rules.
You mean deleting per-app rule for example.com ends up deleting Universal (global) rule example.com, too? This sounds like a bug.
Importing Wireguard configs (wireguard.zip saved from official app) does not respect server names
-
1373
Restoring a backup does not restore Wireguard configs.
We mostly don't back them up as these contain "private keys" and generally need to figure out a safer way to back them up and restore them (may require user to enter pin / password).
-
1280
Cannot remove DNS from WG config (seem to default to Cloudfare, 1.1.1.1)
Fixed in v055k, I believe.
Cannot set MTU back to auto in WG config (defaults to 1500)
In Rethink, MTU from the WireGuard configuration is only a hint.
I have two Wireguard servers, one of them always gives this error when trying to activate: PasreAddr(""): Unable to parse IP.
I am presuming this to be fixed now? We had several reports from users with a similar error msg to this one. Let us know if that's not the case.
-
1013
-
1372
(closing this report in favour of other open issues linked above; feel free to re-open this one if you think we missed out on something).
Firstly, I would like to say "good work" to the developers, I am enjoying the app!
As per the subject, some observations and suggestions.....
In Firewall > IP & Port rules: IP & Port rules should probably read "IP & Port rules / Domain Rules"
In Firewall > IP & Port rules > Domain Rules:
In Proxy > Wireguard:
Is it possible to add last handhsake and Transfer RX, like in the offical Wireguard App?
If I have Always ON VPN & Block Connections without VPN ("Lockdown") can still result in an IP leak if the Proxy (in my case, Wireguard) drops connection for some reason. So, is there a way to add a kill switch (I.E. Block all internet) if the Proxy drops.
What's the difference between DNS > Prevent DNS leaks and Firewall > block when DNS bypassed?
If I try to block a domain from WiFi (unmetered) AND Mobile data (metered), as soon as I tap one option the app disappears and is moved to blocked. So, I have to then scroll through all the blocked apps again to block the other option. Unblocking works fine (I can unblock metered then metered).
Deleting per app domain rules also deletes IP and port rules > Domain rules.
Importing Wireguard configs (wireguard.zip saved from official app) does not respect server names
Restoring a backup does not restore Wireguard configs.
Firewall > block when DNS bypassed kills whatsapp / Signal notifications, or at least delays them.
Cannot remove DNS from WG config (seem to default to Cloudfare, 1.1.1.1) Cannot set MTU back to auto in WG config (defaults to 1500)
I have two Wireguard servers, one of them always gives this error when trying to activate: PasreAddr(""): Unable to parse IP. EDIT: this last error is related to the above and seems to be when no DNS is entered in the config (i.e. "auto").