search

henrypp / simplewall

Simple tool to configure Windows Filtering Platform (WFP) which can configure network activity on your computer.
GNU General Public License v3.0
6.16k stars 484 forks source link

[Question] DNS over HTTPS (DoH) #1657

Open duttyend opened 10 months ago

duttyend commented 10 months ago

Describe the question with as much detail as possible.

I'm using Windows 11 global DNS settings for all Wi-Fi networks and Cloudflare's servers (1.1.1.1 for IPv4 and 2606:4700:4700::1111 for IPv6) and the default system rule included in simplewall doesn't work, there is no internet connection at all.

I had to create a new user rule (see attached screenshots). 2023-12-02 170212 2023-12-02 170233 2023-12-02 170255

Is it the best way to do it? (I tried to modify the existing system rule but everything is greyed out)

App version: 3.7.6 Release 64-bit Windows version: 11 Version 22H2 (OS Build 22621.2715)

LTears commented 9 months ago

DoH requests are usually initiated by the application itself and not through DnsCache, such as Chrome.

XSpark0 commented 1 month ago

I set Protocol to Any instead of Tcp since qBittorrent needs both Tcp and Udp to work properly. I wish there was an option to select Tcp and Udp simultaneously under Protocols. As for DnsCache, DNS over HTTPS (DoH) didn't need it so i didn't have to select it under Apps tab.

duttyend commented 1 month ago

I set Protocol to Any instead of Tcp since qBittorrent needs both Tcp and Udp to work properly. I wish there was an option to select Tcp and Udp simultaneously under Protocols. As for DnsCache, DNS over HTTPS (DoH) didn't need it so i didn't have to select it under Apps tab.

What were you referring to when taking about TCP and UDP? The qBittorrent rule?

What is your DoH configuration in Windows?

XSpark0 commented 1 month ago

I was referring to the Protocol part in the OP first image of Simplewall which i have set to Any instead of Tcp.

I am simply using Cloudflare DNS in Windows 11 Settings with DNS over HTTPS enabled.

XSpark0 commented 3 weeks ago

Found out that enabling DoH rule or HTTP rule in User Rules tab causes Simplewall to not properly obey the white listed apps in Apps tab. So if i enable DoH rule or HTTP rule and then say uncheck Chrome.exe or Opera.exe, they can still access the internet.

I think it might be a bug with Simplewall since enabling a User Rule shouldn't allow it to bypass the Apps with internet access list in Apps tab.

So far i have found out Chrome.exe, Opera.exe and Avp.exe (Kaspersky) can still access internet while unchecked in Apps tab in Apps with internet access list, while qBittorrent.exe can't access internet when unchecked, with DoH or HTTP* user rule enabled in User Rules tab. Weird.

If i add say qBittorrent.exe to Apps tab inside DoH user rule (third image in OP), only then Opera.exe can't access internet anymore when unchecked in Apps with internet access list but that still shouldn't allow it to bypass Apps with internet access list when no App is selected in Apps tab inside DoH user rule.