Add ability to define hosts for VPN connection

[koalaeagle]

Hello,

Firstly, thanks for this wonderful app.

I currently use this app with a split-tunnel configuration so that I can access my local network without affecting internet performance. I have a reverse proxy with vhosts ending in ".lan" that I access internally.

Is it possible to add the ability to define custom host records for the VPN connection? For instance fileserver.lan. I could of course define a DNS server on my internal network to resolve these hosts, however, that has the potential to slow down internet performance. It seems that this could be possible with the Android VPN API (maybe someone familiar with this API could confirm?). I could not find a specific reference, however, there are custom hosts apps in the play store that seem to make use of an Android vpn connection (I can find an example if needed).

Thanks for the consideration.

[pacien]

Hi, I'm glad that you like the app.

Android doesn't seem to offer any API to make this easy. I've taken a look at other apps and they seem to scan through all the network traffic to intercept DNS queries and inject responses. This would be quite complicated to implement in Tinc App.

On the other hand, the DNS protocol is quite efficient and responses are cached locally. Using your own DNS server on your private network shouldn't have a big performance impact. This is the solution I chose for my own private network.

[pacien]

I could maybe embed a dnsmasq instance in the app itself.
That's ridiculous but that would be quite convenient, allowing precise custom DNS forwarding to be configured.

[zcattacz]

I am just curious, even with dnsmasq how would you plan to bind port 53 to vpn interface ? personalDNSfilter can run with VPN feature disable while listening on port 5300 on non-root device. But I can't find a way to setup the system to use a dns server on port 5300

[pacien]

The app would probably need to intercept all packets going to some special address targetting UDP port 53 and redirect them to an internal dnsmasq instance. I do not like this solution too much because it requires adding yet another layer of processing for all the network packets, which may impact performance and battery usage. Any suggestions for better ways to implement this are welcome!