[Document] TUN interface needs DNS server configuration on Windows

LorenEteval commented 5 months ago

Verify steps

[X] Is this something you can debug and fix? Send a pull request! Bug fixes and documentation fixes are welcome.
[X] I have searched on the issue tracker for a related issue.

Version

2.5.1

What OS are you seeing the problem on?

Windows

Description

Hi. According to the Windows examples in the wiki: netsh interface ip set address name="wintun" source=static addr=192.168.123.1 mask=255.255.255.0 gateway=none, notice that there's no further DNS server address configured for TUN device, which will leave DNS server address empty (as expected).

After completing the whole configuration steps, however, I observed that the DNS request from my local computer never goes through the TUN. I checked tun2socks log and also used wireshark to monitor traffic on both TUN device and default network card. It all shows that the DNS traffic was sent to my default network card, which somehow not complying with the purpose of tun2socks.

I'm not sure if this is a bug related to tun2socks itself. It's more like some kind of OS(Windows) mechanism since these traffic (UDP) should be sent to the TUN defined by routing tables, where no DNS server address configured results in DNS resolution failure. However I can do test like iptables /flushdns then curl google.com successfully.

I searched related issues and found that in https://github.com/xjasonlyu/tun2socks/issues/94 there's one more example step netsh interface ip set dns name="tun00" static 8.8.8.8. After DNS server address is configured, I found that DNS traffic was sent to TUN device (also verified by logs and wireshark).

CLI or Config

The socks5 proxy is a localhost proxy provided by Xray-core and confirmed that UDP option is enabled

Then perform all required steps in the Windows wiki page

Logs

See below

How to Reproduce

After tun2socks started and performed required TUN setup, keep repeating steps with ipconfig /flushdns and curl icanhazip.com

a. No DNS server configured in TUN device

b. DNS server (8.8.8.8) configured by netsh interface ip set dns name="tun00" static 8.8.8.8 above

The DNS server can also be configured by OS settings(of course) to achieve the same test result. It can also be observed by wireshark(I did not upload wireshark pcap files for simplicity). The test is carried out under Windows 11 22H2. I'm not sure if other platform has this issue.

iLemonRain commented 5 months ago

it will be much better if it could support remote DNS

github-actions[bot] commented 3 months ago

This issue is stale because it has been open 60 days with no activity. Remove stale label or comment or this will be closed in 7 days

shakibamoshiri commented 3 months ago

it is not about just Windows, on Linux the same issue exists

github-actions[bot] commented 1 month ago

This issue is stale because it has been open 60 days with no activity. Remove stale label or comment or this will be closed in 7 days

xjasonlyu / tun2socks