Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

DNS Settings Not Properly Restored After DefGuard macOS client Disconnect #264

Open
NerdvanaExplorer opened this issue Jul 25, 2024 · 0 comments
Open

DNS Settings Not Properly Restored After DefGuard macOS client Disconnect #264

NerdvanaExplorer opened this issue Jul 25, 2024 · 0 comments

Comments

@NerdvanaExplorer
Copy link

Hi team,

I've identified an issue with our DefGuard client on macOS regarding DNS configuration. It's causing some problems for our users, and I think we should address it soon.

Issue Description

When a user connects to our VPN on macOS, we're correctly setting the VPN's DNS. However, upon disconnection, we're not properly restoring the original DNS settings. Instead, we're clearing the DNS configuration entirely.

Current Behavior

  1. On VPN connect:
    • Client replaces existing DNS with VPN's DNS.
  2. On VPN disconnect:
    • Client clears all DNS settings instead of restoring the original configuration.

Expected Behavior

  1. On VPN connect:
    • Client should backup current DNS settings.
    • Add VPN's DNS to existing configuration (not replace entirely).
  2. On VPN disconnect:
    • Remove only the DNS entries added by our VPN.
    • Restore the original DNS settings from the backup.

Steps to Reproduce

  1. Check and note current DNS settings on macOS.
  2. Connect to our VPN.
  3. Verify DNS has changed to VPN's settings.
  4. Disconnect from VPN.
  5. Check DNS settings - they will be empty, not reverted to original settings.

Proposed Solution

We need to modify our https://github.com/DefGuard/wireguard-rs to implement the following logic:

  1. Connection:
    • Backup current DNS settings.
    • Add VPN's DNS entries to existing configuration.
  2. Disconnection:
    • Remove only the DNS entries added by our VPN.
    • Restore original DNS settings from backup.

Key Suggestion:
Instead of replacing the entire DNS configuration when connecting, we should only add new entries for the VPN's DNS. Then, when disconnecting, we can simply remove these added entries. This approach should maintain the user's original DNS configuration while ensuring our VPN works correctly.

Code Areas to Investigate

  1. In wgapi_userspace.rs:
    • configure_dns() method
    • remove_interface() method (specifically macOS sections)

Questions to Consider

  1. Are we correctly storing the original DNS settings during backup?
  2. How can we keep track of the DNS entries we've added to facilitate easy removal later?
  3. Is there a macOS-specific API we should be using for more effective DNS management?
  4. How can we ensure that our added DNS entries take precedence without completely overriding the existing configuration?

Impact

This issue affects all macOS users of our VPN client. It's not breaking functionality, but it's definitely impacting user experience. Users are left without proper DNS configuration after disconnecting, potentially causing temporary network issues.

Let me know if you need any additional information or if you'd like to discuss this further.

Thanks for your help!
@teon teon assigned j-chmielewski and unassigned j-chmielewski Aug 12, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
Backlog & Roadmap
Status: Refined & Ready
Milestone
No milestone
Development

No branches or pull requests
2 participants
@j-chmielewski @NerdvanaExplorer