search

subspacecommunity / subspace

A fork of the simple WireGuard VPN server GUI community maintained
MIT License
1.8k stars 131 forks source link

Custom client nameservers #223

Open soar opened 2 years ago

soar commented 2 years ago

to: @subspacecommunity/subspace-maintainers

Background

If SUBSPACE_DISABLE_DNS is set to true, but a client uses nameservers in his local subnet (e.g. his IP address is 10.0.0.2, netmask /24, home gateway and caching DNS server - 10.0.0.1), he won't be able to reach it. It can be solved partially by adding all private subnets to an exclusion list:

SUBSPACE_ALLOWED_IPS="::/0, 1.0.0.0/8, 2.0.0.0/8, 3.0.0.0/8, 4.0.0.0/6, 8.0.0.0/7, 11.0.0.0/8, 12.0.0.0/6, 16.0.0.0/4, 32.0.0.0/3, 64.0.0.0/2, 128.0.0.0/3, 160.0.0.0/5, 168.0.0.0/6, 172.0.0.0/12, 172.32.0.0/11, 172.64.0.0/10, 172.128.0.0/9, 173.0.0.0/8, 174.0.0.0/7, 176.0.0.0/4, 192.0.0.0/9, 192.128.0.0/11, 192.160.0.0/13, 192.169.0.0/16, 192.170.0.0/15, 192.172.0.0/14, 192.176.0.0/12, 192.192.0.0/10, 193.0.0.0/8, 194.0.0.0/7, 196.0.0.0/6, 200.0.0.0/5, 208.0.0.0/4"

but in some cases that local DNS server still will be unavailable (e.g. if kill-switch mode is enabled).

Changes

Now, if variable SUBSPACE_CLIENT_NAMESERVERS is set and contain a valid comma-separated list of DNS servers, this list will be included in a client config as is.

Example:

--env SUBSPACE_CLIENT_NAMESERVERS="8.8.8.8,1.1.1.1"
sonarcloud[bot] commented 2 years ago

Kudos, SonarCloud Quality Gate passed!    Quality Gate passed

Bug A 0 Bugs
Vulnerability A 0 Vulnerabilities
Security Hotspot A 0 Security Hotspots
Code Smell A 0 Code Smells

No Coverage information No Coverage information
0.0% 0.0% Duplication