-
Notifications
You must be signed in to change notification settings - Fork 61
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
DoT not working properly #80
Comments
Found the issue, you can close this one, by the way, if we want to add Using DNS over WARP, any recommendations? |
Ok. Warp is like a VPN . Here is a guide . let me know if it works🙏 I'll add to guide. Cloudflare WARP Installation Guide for LinuxThis guide provides detailed instructions on how to install Cloudflare WARP on Linux. Cloudflare WARP is a service that improves internet privacy, security, and performance by routing traffic through Cloudflare's global network. InstallationFollow the steps below to install Cloudflare WARP on your Linux machine. Step 1: Add Cloudflare WARP RepositoryFor Debian/Ubuntu-based systems:
For Fedora-based systems:
Step 2: Register and Activate WARP
Step 3: Verify WARP StatusTo check the status of WARP and ensure it is working correctly: warp-cli status |
OK I will try it, but one more question before I start, how tdo I configure AdGuard Home to use it? Is there a port for the upstream DNS like in the case of the other ones: |
Github issues will be dead soon 😂 @aberthil use AI chats bro. Will explain any and anything 1000 times better than me or anyone. This is what I got from chatgpt. Both WARP clients (Linux and app-based) establish their own independent, secure tunnels to Cloudflare's network. Here's a breakdown of how it works:
Ask AI more about these 2 methodsMethod 1 - Create a Cloudflare TunnelAuthenticate with Cloudflare You need to create a Cloudflare Tunnel and authenticate it with your Cloudflare account. Run the following command to log in and authenticate cloudflared with your Cloudflare account: cloudflared tunnel login This will open a URL in your browser for Cloudflare authentication. Select your domain (if you're hosting your services under a domain). 2.2 Create the Tunnel Next, create a new tunnel: cloudflared tunnel create <TUNNEL_NAME> Replace <TUNNEL_NAME> with a name of your choice for the tunnel. To make the tunnel accessible, configure it to route traffic to a specific service or port: cloudflared tunnel route dns <TUNNEL_NAME> <DOMAIN> For example, if you want to route DNS traffic, it could look like this: cloudflared tunnel route dns mytunnel example.com Method 2 - Cloudflare Zero Trust AccountStep 1: Create a Cloudflare Zero Trust Account
Step 2: Set Up a Private Network in Cloudflare Zero Trust
Step 3: Generate WireGuard Configuration
|
Understood, this basically saya that all traffic out will be sent over the vpn which can be an issue if the server hosts other services, right?
In that case, the best would be to have a dedicated AdGuard server with the VPN, now it has pro and con, the main pro is obviously the fact that it is the most secure way to achieve DNS….
Now, still one last question, what do you put as upstream DNS then, just 1.1.1.1, 1.0.0.1 ?
Thank you
… On Oct 13, 2024, at 7:20 AM, ☣┌͜∩͜┐͜(͜◣͜_͜◢͜)͜┌͜∩͜┐☣ ***@***.***> wrote:
Github issues will be dead soon 😂 @aberthil <https://github.com/aberthil> use AI chats bro. Will explain any and anything 1000 times better than me or anyone. This is what I got from chatgpt. <https://chatgpt.com/>
Both WARP clients (Linux and app-based) establish their own independent, secure tunnels to Cloudflare's network. Here's a breakdown of how it works:
Independent WARP Connections:
WARP on Linux: When you install and enable WARP on a Linux machine using warp-cli, the system routes all internet traffic from that machine through Cloudflare's secure network. This helps mask your IP, encrypts your traffic, and improves performance via Cloudflare's backbone.
WARP App on Other Devices: Similarly, when you install the WARP app on a phone or another computer, that device creates a separate encrypted tunnel to Cloudflare. It operates similarly to the Linux setup, providing privacy and routing traffic through Cloudflare.
How They Work Together:
While both the Linux WARP client and the WARP apps on other devices don't connect to each other directly, they all benefit from the same secure Cloudflare network.
Each device (whether it's a Linux machine or a mobile phone running the WARP app) independently routes traffic through Cloudflare. The devices do not need to share a direct connection.
Ask AI more about these 2 methods
Method 1 - Create a Cloudflare Tunnel
Authenticate with Cloudflare
You need to create a Cloudflare Tunnel and authenticate it with your Cloudflare account.
Run the following command to log in and authenticate cloudflared with your Cloudflare account:
cloudflared tunnel login
This will open a URL in your browser for Cloudflare authentication. Select your domain (if you're hosting your services under a domain).
2.2 Create the Tunnel
Next, create a new tunnel:
cloudflared tunnel create <TUNNEL_NAME>
Replace <TUNNEL_NAME> with a name of your choice for the tunnel.
2.3 Configure the Tunnel to Run on a Specific Port
To make the tunnel accessible, configure it to route traffic to a specific service or port:
cloudflared tunnel route dns <TUNNEL_NAME> <DOMAIN>
For example, if you want to route DNS traffic, it could look like this:
cloudflared tunnel route dns mytunnel example.com
Method 2 - Cloudflare Zero Trust Account
Step 1: Create a Cloudflare Zero Trust Account
Go to the Cloudflare Zero Trust dashboard and create an account (if you don’t have one).
Once you're logged in, follow the instructions to set up Cloudflare for Teams for your network.
Step 2: Set Up a Private Network in Cloudflare Zero Trust
In the Zero Trust dashboard, go to Access > Tunnels.
Set up a private network and configure the network you want to tunnel through Cloudflare’s network using WireGuard.
Install the Cloudflare Tunnel daemon (cloudflared) on your server or network you want to secure.
Configure your private network and make it available via the tunnel.
Step 3: Generate WireGuard Configuration
Go to Settings > Network.
Find the WireGuard configuration section and generate a WireGuard configuration file.
Download the configuration file to use with your WireGuard client.
—
Reply to this email directly, view it on GitHub <#80 (comment)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/AR476WP4BV3S2GMVNMX57JDZ3J6UDAVCNFSM6AAAAABPOWQ76SVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDIMBYHE4TQNZWGQ>.
You are receiving this because you were mentioned.
|
I don't know what setup you have. You just adding cloudflare public dns to adguard ? |
I followed all your instructions so indeed I have:
127.0.0.1:53
127.0.0.1:5333
127.0.0.1:8053
127.0.0.1:5053
And in the config files used the Cloudflare DNS
… On Oct 13, 2024, at 9:10 AM, ☣┌͜∩͜┐͜(͜◣͜_͜◢͜)͜┌͜∩͜┐☣ ***@***.***> wrote:
I don't know what setup you have. You just adding cloudflare public dns to adguard ?
—
Reply to this email directly, view it on GitHub <#80 (comment)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/AR476WKJJUPMXGKG6XA3MH3Z3KLO5AVCNFSM6AAAAABPOWQ76SVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDIMBZGAZTIOBSGY>.
You are receiving this because you were mentioned.
|
OK I did try a few things here to see if I could make it work…
First, I install it following these: https://pkg.cloudflareclient.com/
Then I install the tunnel and connect, check the status:
***@***.***:/etc/resolvconf $ warp-cli status
Status update: Connected
***@***.***:/etc/resolvconf $
I then check the settings:
***@***.***:/etc/resolvconf $ warp-cli settings
Merged configuration:
(derived) Always On: true
(default) Switch Locked: false
(user set) Mode: Warp
(not set) WARP tunnel protocol: WireGuard
(default) Disabled for Wifi: false
(default) Disabled for Ethernet: false
(not set) Resolve via: cloudflare-dns.com @ [162.159.36.1, 2606:4700:4700::1111]
(not set) qlog logging: Disabled
(default) Onboarding: true
(api defaults) Exclude mode, with hosts/ips:
10.0.0.0/8
100.64.0.0/10
169.254.0.0/16
172.16.0.0/12
192.0.0.0/24
192.168.0.0/16
224.0.0.0/24
240.0.0.0/4
239.255.255.250/32
255.255.255.255/32
fe80::/10
fd00::/8
ff01::/16
ff02::/16
ff03::/16
ff04::/16
ff05::/16
fc00::/7
17.249.0.0/16
17.252.0.0/16
17.57.144.0/22
17.188.128.0/18
17.188.20.0/23
2620:149:a44::/48
2403:300:a42::/48
2403:300:a51::/48
2a01:b740:a42::/48
(default) Fallback domains:
intranet
internal
private
localdomain
domain
lan
home
host
corp
local
localhost
home.arpa
invalid
test
(not set) Daemon Teams Auth: false
(default) Disable Auto Fallback: false
(not set) Allow Updates: true
So it is all up and running, however I can not seems to get connection to the cloudflare dns tunel…

So the question is what needs to be contfigured so that the DNS requests go over the tunnel, what do I need to configure either locally on the raspberry pie or on Adguard to get the DNS traffic to use the tunnel which is up and running here….
Alexis
… On Oct 13, 2024, at 7:20 AM, ☣┌͜∩͜┐͜(͜◣͜_͜◢͜)͜┌͜∩͜┐☣ ***@***.***> wrote:
Github issues will be dead soon 😂 @aberthil <https://github.com/aberthil> use AI chats bro. Will explain any and anything 1000 times better than me or anyone. This is what I got from chatgpt. <https://chatgpt.com/>
Both WARP clients (Linux and app-based) establish their own independent, secure tunnels to Cloudflare's network. Here's a breakdown of how it works:
Independent WARP Connections:
WARP on Linux: When you install and enable WARP on a Linux machine using warp-cli, the system routes all internet traffic from that machine through Cloudflare's secure network. This helps mask your IP, encrypts your traffic, and improves performance via Cloudflare's backbone.
WARP App on Other Devices: Similarly, when you install the WARP app on a phone or another computer, that device creates a separate encrypted tunnel to Cloudflare. It operates similarly to the Linux setup, providing privacy and routing traffic through Cloudflare.
How They Work Together:
While both the Linux WARP client and the WARP apps on other devices don't connect to each other directly, they all benefit from the same secure Cloudflare network.
Each device (whether it's a Linux machine or a mobile phone running the WARP app) independently routes traffic through Cloudflare. The devices do not need to share a direct connection.
Ask AI more about these 2 methods
Method 1 - Create a Cloudflare Tunnel
Authenticate with Cloudflare
You need to create a Cloudflare Tunnel and authenticate it with your Cloudflare account.
Run the following command to log in and authenticate cloudflared with your Cloudflare account:
cloudflared tunnel login
This will open a URL in your browser for Cloudflare authentication. Select your domain (if you're hosting your services under a domain).
2.2 Create the Tunnel
Next, create a new tunnel:
cloudflared tunnel create <TUNNEL_NAME>
Replace <TUNNEL_NAME> with a name of your choice for the tunnel.
2.3 Configure the Tunnel to Run on a Specific Port
To make the tunnel accessible, configure it to route traffic to a specific service or port:
cloudflared tunnel route dns <TUNNEL_NAME> <DOMAIN>
For example, if you want to route DNS traffic, it could look like this:
cloudflared tunnel route dns mytunnel example.com
Method 2 - Cloudflare Zero Trust Account
Step 1: Create a Cloudflare Zero Trust Account
Go to the Cloudflare Zero Trust dashboard and create an account (if you don’t have one).
Once you're logged in, follow the instructions to set up Cloudflare for Teams for your network.
Step 2: Set Up a Private Network in Cloudflare Zero Trust
In the Zero Trust dashboard, go to Access > Tunnels.
Set up a private network and configure the network you want to tunnel through Cloudflare’s network using WireGuard.
Install the Cloudflare Tunnel daemon (cloudflared) on your server or network you want to secure.
Configure your private network and make it available via the tunnel.
Step 3: Generate WireGuard Configuration
Go to Settings > Network.
Find the WireGuard configuration section and generate a WireGuard configuration file.
Download the configuration file to use with your WireGuard client.
—
Reply to this email directly, view it on GitHub <#80 (comment)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/AR476WP4BV3S2GMVNMX57JDZ3J6UDAVCNFSM6AAAAABPOWQ76SVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDIMBYHE4TQNZWGQ>.
You are receiving this because you were mentioned.
|
Operating System
Raspberry Pi
Architecture
64-bit
Platform
Linux
Project
Stubby
Browser
Firefox
Issue
Not working
Issue Description
I have DoH working but not DoT see picture
I have configured unbound and stubby as described in your detailed process, but no luck there.
If I look at the unbound log, I get:
alexis@raspberrypi:~ $ sudo tail -f /var/log/dnscrypt-proxy/query.log
[2024-10-06 15:04:44] 127.0.0.1 105.152.8.17.in-addr.arpa PTR NXDOMAIN 22ms cloudflare
[2024-10-06 15:04:45] 127.0.0.1 ocsp.digicert.com HTTPS PASS 18ms cloudflare
[2024-10-06 15:04:45] 127.0.0.1 ocsp.digicert.com A PASS 21ms cloudflare
[2024-10-06 15:04:45] 127.0.0.1 fp2e7a.wpc.phicdn.net HTTPS PASS 17ms cloudflare
[2024-10-06 15:04:45] 127.0.0.1 108.211.229.192.in-addr.arpa PTR NXDOMAIN 15ms cloudflare
[2024-10-06 15:04:55] 127.0.0.1 googlehosted.l.googleusercontent.com A PASS 20ms cloudflare
[2024-10-06 15:04:55] 127.0.0.1 apidata.googleusercontent.com HTTPS PASS 54ms cloudflare
[2024-10-06 15:04:55] 127.0.0.1 apidata.googleusercontent.com A PASS 53ms cloudflare
[2024-10-06 15:04:55] 127.0.0.1 edge.gycpi.b.yahoodns.net A PASS 56ms cloudflare
[2024-10-06 15:04:55] 127.0.0.1 8.88.147.69.in-addr.arpa PTR PASS 45ms cloudflare
[2024-10-06 15:04:55] 127.0.0.1 googlehosted.l.googleusercontent.com HTTPS PASS 46ms cloudflare
[2024-10-06 15:04:55] 127.0.0.1 129.189.250.142.in-addr.arpa PTR PASS 42ms cloudflare
[2024-10-06 15:04:55] 127.0.0.1 97.164.217.172.in-addr.arpa PTR PASS 17ms cloudflare
^C
alexis@raspberrypi:~ $ sudo tail -f /var/log/unbound.log
[1728251326] unbound[837136:0] warning: subnetcache: prefetch is set but not working for data originating from the subnet module cache.
[1728251326] unbound[837136:0] info: start of service (unbound 1.17.1).
[1728251340] unbound[837136:0] error: ssl handshake failed crypto error:00000000:lib(0)::reason(0)
[1728251340] unbound[837136:0] error: ssl handshake failed crypto error:00000000:lib(0)::reason(0)
[1728251343] unbound[837136:0] error: ssl handshake failed crypto error:00000000:lib(0)::reason(0)
[1728251343] unbound[837136:0] error: ssl handshake failed crypto error:00000000:lib(0)::reason(0)
[1728252285] unbound[837136:0] error: ssl handshake failed crypto error:00000000:lib(0)::reason(0)
[1728252285] unbound[837136:0] error: ssl handshake failed crypto error:00000000:lib(0)::reason(0)
[1728252285] unbound[837136:0] error: ssl handshake failed crypto error:00000000:lib(0)::reason(0)
[1728252285] unbound[837136:0] error: ssl handshake failed crypto error:00000000:lib(0)::reason(0)
What do you suggest to do to fix the issue and get DoT to work?
In Adguard, I have setup the DNS as:
127.0.0.1:53
127.0.0.1:5333
127.0.0.1:8053
127.0.0.1:5053
The text was updated successfully, but these errors were encountered: