[feature] client dns server

deploy/docker/Dockerfile

@@ -10,7 +10,7 @@ ENV TZ=Etc/UTC
 
 RUN apt-get update && \
     apt-get upgrade -y && \
-    apt-get install -y unbound iproute2 iptables supervisor wget dnsmasq && \
+    apt-get install -y unbound dnsmasq iproute2 iptables supervisor wget iputils-ping && \
     apt-get clean && \
     rm -rf /var/lib/apt/lists/*
 

deploy/docker/scripts/start-fptn.sh

@@ -18,4 +18,7 @@ exec /usr/local/bin/fptn-server \
     --remote-server-auth-host="$REMOTE_SERVER_AUTH_HOST" \
     --remote-server-auth-port="$REMOTE_SERVER_AUTH_PORT" \
     --max-active-sessions-per-user="$MAX_ACTIVE_SESSIONS_PER_USER" \
-    --server-external-ips="${SERVER_EXTERNAL_IPS}"
+    --server-external-ips="${SERVER_EXTERNAL_IPS}" \
+    --client-dns-server-ipv4="${CLIENT_DNS_SERVER_IPV4}" \
+    --client-dns-server-ipv6="${CLIENT_DNS_SERVER_IPV6}"
+

docker-compose/.env.demo

@@ -1,6 +1,11 @@
 # ============================================
 # FPTN SERVER
 # ============================================
+
+# Directory used by FPTN to store configuration and runtime data
+FPTN_CONFIGS_FOLDER=./fptn-server-data
+
+# Port for FPTN server
 FPTN_PORT=443
 
 # Comma-separated list of server's public IPv4 addresses.
@@ -54,6 +59,20 @@ PROMETHEUS_SECRET_ACCESS_KEY=
 # Maximum number of active sessions allowed per VPN user
 MAX_ACTIVE_SESSIONS_PER_USER=3
 
+# ============================================
+# CLIENT DNS (OVERRIDE)
+# ============================================
+# Optional: explicitly set DNS server addresses for VPN clients.
+#
+# Default (empty):
+#   - The TUN interface address is used as the DNS server for clients
+#   - This means the DNS server running inside the container (configured above) will be used
+#
+# If set:
+#   - The specified DNS server addresses will be used instead of the container DNS
+CLIENT_DNS_SERVER_IPV4=8.8.8.8
+CLIENT_DNS_SERVER_IPV6=
+
 # ============================================
 # DNS SERVER
 # ============================================

docker-compose/docker-compose.yml

@@ -16,12 +16,9 @@ services:
       net.ipv4.conf.all.rp_filter: "0"
       net.ipv4.conf.default.rp_filter: "0"
       # Network optimizations
+      net.ipv4.tcp_congestion_control: bbr
       net.ipv4.ip_local_port_range: "1024 65535"
-      #net.ipv4.tcp_tw_reuse: "1"
-      #net.ipv4.tcp_fin_timeout: "15"
       net.core.somaxconn: "65535"
-      #net.ipv4.tcp_max_syn_backlog: "16384"
-      #net.ipv4.tcp_slow_start_after_idle: "0"
     ulimits:
       nproc:
         soft: 524288
@@ -37,7 +34,7 @@ services:
     ports:
       - "${FPTN_PORT}:443/tcp"
     volumes:
-      - ./fptn-server-data:/etc/fptn
+      - ${FPTN_CONFIGS_FOLDER}:/etc/fptn
     environment:
       - ENABLE_DETECT_PROBING=${ENABLE_DETECT_PROBING}
       - DEFAULT_PROXY_DOMAIN=${DEFAULT_PROXY_DOMAIN}
@@ -49,6 +46,8 @@ services:
       - REMOTE_SERVER_AUTH_PORT=${REMOTE_SERVER_AUTH_PORT}
       - MAX_ACTIVE_SESSIONS_PER_USER=${MAX_ACTIVE_SESSIONS_PER_USER}
       - SERVER_EXTERNAL_IPS=${SERVER_EXTERNAL_IPS}
+      - CLIENT_DNS_SERVER_IPV4=${CLIENT_DNS_SERVER_IPV4:-}
+      - CLIENT_DNS_SERVER_IPV6=${CLIENT_DNS_SERVER_IPV6:-}
       - USING_DNS_SERVER=${USING_DNS_SERVER:-dnsmasq}
       - DNS_IPV4_PRIMARY=${DNS_IPV4_PRIMARY:-8.8.8.8}
       - DNS_IPV4_SECONDARY=${DNS_IPV4_SECONDARY:-8.8.4.4}

src/fptn-client/gui/tray/tray.cpp

@@ -810,6 +810,9 @@ bool TrayApp::startVpn(QString& err_msg) {
     return false;
   }
 
+  SPDLOG_INFO("DNS configuration loaded: IPv4='{}', IPv6='{}'",
+      dns_server_ipv4.ToString(), dns_server_ipv6.ToString());
+
   const auto blacklist_domains = settings_->BlacklistDomains();
   const auto exclude_networks = settings_->ExcludeTunnelNetworks();
   const auto include_networks = settings_->IncludeTunnelNetworks();
@@ -819,9 +822,16 @@ bool TrayApp::startVpn(QString& err_msg) {
 
   // route manager
   route_manager_ = std::make_unique<fptn::routing::RouteManager>(
-      network_interface, tun_interface_name, server_ip, dns_server_ipv4,
-      dns_server_ipv6, gateway_ip, gateway_ipv6, tun_interface_address_ipv4,
-      tun_interface_address_ipv6
+      /* tun */
+      network_interface, tun_interface_name,
+      /* server  */
+      server_ip,
+      /* dns */
+      dns_server_ipv4, dns_server_ipv6,
+      /* gateway */
+      gateway_ip, gateway_ipv6,
+      /* tun address */
+      tun_interface_address_ipv4, tun_interface_address_ipv6
 #if _WIN32
       ,
       settings_->EnableAdvancedDnsManagement()
@@ -898,7 +908,6 @@ bool TrayApp::startVpn(QString& err_msg) {
     }
     route_manager_->AddIncludeNetworks(include_networks_std);
   }
-
   return true;
 }
 

src/fptn-server/config/command_line_config.cpp

@@ -127,6 +127,18 @@ CommandLineConfig::CommandLineConfig(int argc, char* argv[])
           "   - Client SNI in list -> proxy to client's SNI\n"
           "   - Client SNI not in list -> proxy to --default-proxy-domain")
       .default_value("");
+  // DNS settings for client
+  args_.add_argument("--client-dns-server-ipv4")
+      .help(
+          "Sets the IPv4 DNS server address used by the client. "
+          "If not provided, the TUN interface IPv4 address will be used.")
+      .default_value("");
+
+  args_.add_argument("--client-dns-server-ipv6")
+      .help(
+          "Sets the IPv6 DNS server address used by the client. "
+          "If not provided, the TUN interface IPv6 address will be used.")
+      .default_value("");
   // Prevent self-proxy
   args_.add_argument("--server-external-ips")
       .help(
@@ -251,4 +263,22 @@ std::string CommandLineConfig::ServerExternalIPs() const {
   return args_.get<std::string>("--server-external-ips");
 }
 
+[[nodiscard]]
+IPv4Address CommandLineConfig::ClientDnsServerIPv4() const {
+  const auto param = args_.get<std::string>("--client-dns-server-ipv4");
+  if (!param.empty()) {
+    return IPv4Address(param);
+  }
+  return TunInterfaceIPv4();
+}
+
+[[nodiscard]]
+IPv6Address CommandLineConfig::ClientDnsServerIPv6() const {
+  const auto param = args_.get<std::string>("--client-dns-server-ipv6");
+  if (!param.empty()) {
+    return IPv6Address(param);
+  }
+  return TunInterfaceIPv6();
+}
+
 }  // namespace fptn::config

src/fptn-server/config/command_line_config.h

@@ -57,6 +57,9 @@ class CommandLineConfig {
 
   [[nodiscard]] std::string ServerExternalIPs() const;
 
+  [[nodiscard]] IPv4Address ClientDnsServerIPv4() const;
+  [[nodiscard]] IPv6Address ClientDnsServerIPv6() const;
+
  private:
   int argc_;
   char** argv_;

src/fptn-server/fptn-server.cpp

@@ -105,8 +105,11 @@ int main(int argc, char* argv[]) {
     /* Init webserver */
     auto web_server = std::make_unique<fptn::web::Server>(config.ServerPort(),
         nat_table, user_manager, token_manager, prometheus,
-        config.PrometheusAccessKey(), config.TunInterfaceIPv4(),
-        config.TunInterfaceIPv6(),
+        config.PrometheusAccessKey(),
+        /* DNS IPv4 */
+        config.ClientDnsServerIPv4(),
+        /* DNS IPv6 */
+        config.ClientDnsServerIPv6(),
         /* probing */
         config.EnableDetectProbing(), config.DefaultProxyDomain(),
         config.AllowedSniList(),

src/fptn-server/routing/iptables.cpp

@@ -145,11 +145,10 @@ bool RouteManager::Apply() {  // NOLINT(bugprone-exception-escape)
 #else
 #error "Unsupported system!"
 #endif
-  SPDLOG_INFO("=== Setting up routing ===");
   try {
     for (const auto& cmd : commands) {
       if (!RunCommand(cmd)) {
-        SPDLOG_ERROR("COMMAND ERROR: {}", cmd);
+        SPDLOG_WARN("COMMAND ERROR: {}", cmd);
       }
     }
   } catch (const std::exception& e) {
@@ -159,7 +158,6 @@ bool RouteManager::Apply() {  // NOLINT(bugprone-exception-escape)
     SPDLOG_ERROR("Unknown exception occurred while applying routing.");
     return false;
   }
-  SPDLOG_INFO("=== Routing setup completed successfully ===");
   return true;
 }