FrostBlade5
commented
2 years ago Which Protocols will work? Wireguard? TCP? UDP? "Smart"? Obfuscated?
Closed FrostBlade5 closed 1 year ago
FrostBlade5
commented
2 years ago Which Protocols will work? Wireguard? TCP? UDP? "Smart"? Obfuscated?
FrostBlade5
commented
2 years ago 
changemenemo
commented
2 years ago I can confirm that. Protonvpn (at least on linux) is hijacking dns server from portmaster (if both are running on the same endpoint)
FrostBlade5
commented
2 years ago Sorry for opening another issue i should have shared it here, in regards to https://github.com/safing/portmaster/issues/777
I have shared your reply with protonvpn and will give an update once i get a reply.
Edit: For now i will follow your suggestions and stick with Quad9 DNS and let it overwrite protonvpn as there is no other option sadly.
FrostBlade5
commented
2 years ago @davegson may i ask what you personally think about cloudflares dns server 1.1.1.1 and 1.0.0.1 in terms of privacy? Quad9 seem to have a good reputation regarding privacy, but doing a speedtest i noticed that with portmaster quad9 combined with simplewall i have a ping of ~30 ms while if using cloudflare or my isp without simplewall or portmaster i had 1-10 ms
FrostBlade5
commented
2 years ago 
I was reading a post on reddit about quad9 which said the following:
You should know that Quad9 DNS is (among others) founded by The Global Cyber Alliance, which was founded by Manhattan District Attorney’s Office and City of London Police.
So this was warned about a several years ago, but I see people recommend Quad9 all the time now, so I wanted to make you all aware.
To verify go to this page: https://www.quad9.net/about/sponsors
Notice The Global Cyber Alliance is a Founding Organization?
Now go to the website of The Global Cyber Alliance and scroll down to see:
https://www.globalcyberalliance.org/founding-organizations/
Now the screenshot about shows that the website www.globalcyberalliance.org has connections to facebook.com, absolutly red flag for privacy, if they have deals with facebook and at the same time are connected to quad9 this can't be any good for privacy.
davegson
commented
2 years ago @davegson may i ask what you personally think about cloudflares dns server 1.1.1.1 and 1.0.0.1 in terms of privacy? Quad9 seem to have a good reputation regarding privacy, but doing a speedtest i noticed that with portmaster quad9 combined with simplewall i have a ping of ~30 ms while if using cloudflare or my isp without simplewall or portmaster i had 1-10 ms
Hey there, we have a detailed write-up from when we selected the DNS providers with our individual judgements:
https://safing.io/blog/2020/07/07/how-safing-selects-its-default-dns-providers/#our-selection
just as an fyi, this was written before Quad9 moved to Switzerland, which I feel would give Quad9 more privacy points. Also, Bill Woodcock, one of Quad9's board members is very active on reddit with a lot of in-depth answers on your brought up questions:
https://old.reddit.com/user/billwoodcock
just scroll through his posts to see what he has to say.
github-actions[bot]
commented
1 year ago Auto-closing this issue after waiting for input for a month. If anyone finds the time to provide the requested information, please re-open the issue and we will continue handling it.
I sent an email to ProtonVPN and asked them what would happen if i use their VPN combined with Portmaster. This is what they said:
Please note that each Proton VPN server runs a DNS server as well, and our native apps have a default DNS leak protection feature that forces your internet connection to resolve DNS queries via our DNS servers. This means that when you are connected to Proton VPN, your DNS queries go through our encrypted VPN tunnel.
If you are using a custom DNS server, it will override our own DNS servers and will utilize the DNS server that you have specified. When it comes to such a setup, we will be unable to guarantee that you will not experience leaks, nor that your ISP will not be able to see the DNS requests. The DNS requests will be sent through the VPN tunnel and use the encryption, but they will be handled by the DNS provider that you are using, and all of the privacy/security concerns in such a setup should be addressed by the custom DNS provider, and not Proton VPN, as the DNS requests are not handled by our own internal DNS servers.
What do the Portmaster Dev's say to this? As far as i know Portmaster doesn't have it's own DNS-Server but uses multiple other providers like cloudflare and quad9 so i case own goes down there will always be a backup. Anyways, is there a way to configure Portmaster so ProtonVPN will be able to enforce their own DNS-Server? Am i good to just install both programs and run them without any further configuration or are there things i should know?