DNS filter list doesn't work while wireguard is turned on

[seensoul]

First of all, big thank you for this marvelous software that defends our privacy. I noticed some kind of bug, if it's bug. When I set up RethinkDNS and set up some of privacy lists to block traffic, it's working fine. But, when I turn on wireguard configured to connect with MullvadVPN, I noticed, that RethinkDNS is no more blocking traffic from configured lists, all requests to e. g. Google are passing (without Wireguard they were blocked according to my privacy list blocking Google).

So, I want both: first to use RethinkDNS and its lists to block malicious app, and at the end send traffic over Wireguard to Mullvad IP.

Is it a bug, or I'm doing something wrong? Thank you and best regards

====== Reproducing this issue ======

1. Set up some privacy lists like Privacy, Google, Apple, etc.
2. Check the log if they are blocking traffic properily,
3. Now add a Wireguard tunnel to real VPN server, e. g. Mullvad.
4. Now look at logs. Traffic blocked before is now strangely allowed, just don't know why

[ignoramous]

But, when I turn on wireguard configured to connect with MullvadVPN, I noticed, that RethinkDNS is no more blocking traffic from configured lists, all requests to e. g. Google are passing (without Wireguard they were blocked according to my privacy list blocking Google).

1. Are you using WireGuard in "Simple" mode or "Advanced" mode?
   • In "Simple" mode, WireGuard's DNS is used.
   • In "Advanced" mode, user-set DNS (DNS over HTTPS, Oblivious DNS over HTTPS, DNSCrypt, RDNS+ etc) is used.
2. If you're using On-device blocklists (available only on F-Droid and Website/GitHub flavours), then domain blocking should work regardless of the WireGuard modes ("Simple" / "Advanced").

[seensoul]

Thank you for reply.

It's something weird, because after I posted a comment here I have changed something and it worked well. I used the Advanced Wireguard Configuration. And yes it worked, all my lists worked, blocked Google and other spying stuff. and then tunneling it via Wireguard to Mullvad VPN.

But now I see only "Waiting" or "Error" on WIreguard config and only DNS works, WIreguard stopped working. I downloaded another config from Mullvad.net site, but no one works.

Maybe I could debug this issue? Should I download Mullvad.net config for Android or for Linux? I downloaded Android configs.

[ignoramous]

Import those configs in the official WireGuard app (playstore, website) and see if it works?

If not, are you technical? If so, put Rethink in Verbose mode in Configure -> Settings -> Log level and look for clues in the output from adb logcat | grep -i "golog".

[seensoul]

Thank you @ignoramous :) Let's catch this bug :)

Well, I put the config to wireguard app and it works. Connects to Mullvad and works just fine. Am I enough technical? :) Let's see :) I'll try to provide some logs from adb, just a moment

[seensoul]

Well well, I have something :) I'm enough technical to find grep replacement for Windows, its findstr, but I couldn't find how to use -i on windows (ignore letters case), but I've found, that Rethink uses GoLog letters and here you are :)

I log.txt

[ignoramous]

Well well, I have something :)

Thanks for the logs, we've identified a fix for WireGuard not working.

As for DNS filters (blocklist) not working, the logs you shared tell us that certain domain names are explicitly trusted / allowed. You can check for these in Configure -> Firewall -> IP & Port rules (swipe over to Domain rules) and in Configure -> Firewall -> Per app IP / Domain rules (swipe over to Domain rules).

[Lanius-collaris]

Well well, I have something :) I'm enough technical to find grep replacement for Windows, its findstr, but I couldn't find how to use -i on windows (ignore letters case), but I've found, that Rethink uses GoLog letters and here you are :)

Try /i?

/i Ignores the case of the characters when searching for the string.

https://learn.microsoft.com/en-us/windows-server/administration/windows-commands/findstr

[seensoul]

Unfortunately installing the version 055m I waited long time for F-droid to update it, but it looks like the new version didn't help I still get error connecting to VPN why this same configuration works with wireguard I will provide you more logs rapidly as soon it will be possible

[ignoramous]

I still get error connecting to VPN why this same configuration works with wireguard I will provide you more logs rapidly as soon it will be possible

This bug is about dns filter (blocklists) not working. Is that what you're seeing?

If not, for other wireguard-related issues in v055m, see:

• 1483

• 1490