diff --git a/README.md b/README.md index 09951b7f..37cf2d3a 100644 --- a/README.md +++ b/README.md @@ -133,6 +133,7 @@ $ subspace --http-host subspace.example.com | `SUBSPACE_THEME` | `green` | The theme to use, please refer to [semantic-ui](https://semantic-ui.com/usage/theming.html) for accepted colors | | `SUBSPACE_BACKLINK` | `/` | The page to set the home button to | | `SUBSPACE_DISABLE_DNS` | `false` | Whether to disable DNS so the client uses their own configured DNS server(s). Consider disabling DNS server, if supporting international VPN clients | +| `SUBSPACE_CLIENT_NAMESERVERS` | `false` | List of custom DNS servers to include in the user config | | `SUBSPACE_PERSISTENT_KEEPALIVE` | `0` | Whether PersistentKeepalive should be enabled for clients (seconds) | ### Run as a Docker container @@ -183,6 +184,8 @@ If you want to run the vpn on a different domain as the http host you can set `- Use `--env SUBSPACE_DISABLE_DNS=1` to make subspace generate WireGuard configs without the `DNS` option, preserving the user's DNS servers. +As an alternative, you can pass a list of preferred DNS servers in the `SUBSPACE_CLIENT_NAMESERVERS` variable (e.g. `--env SUBSPACE_CLIENT_NAMESERVERS="8.8.8.8,1.1.1.1"`). + ```bash # Your data directory should be bind-mounted as `/data` inside the container using the `--volume` flag. diff --git a/cmd/subspace/handlers.go b/cmd/subspace/handlers.go index ae7ff25e..7ff5c28b 100644 --- a/cmd/subspace/handlers.go +++ b/cmd/subspace/handlers.go @@ -462,6 +462,10 @@ func profileAddHandler(w *Web) { if shouldDisableDNS := getEnv("SUBSPACE_DISABLE_DNS", "0"); shouldDisableDNS == "1" { disableDNS = true } + clientNameServers := "" + if useClientNameServers := getEnv("SUBSPACE_CLIENT_NAMESERVERS", "nil"); useClientNameServers != "nil" { + clientNameServers = useClientNameServers + } persistentKeepalive := "0" if keepalive := getEnv("SUBSPACE_PERSISTENT_KEEPALIVE", "nil"); keepalive != "nil" { persistentKeepalive = keepalive @@ -483,7 +487,9 @@ WGPEER cat <clients/{{$.Profile.ID}}.conf [Interface] PrivateKey = ${wg_private_key} -{{- if not .DisableDNS }} +{{- if .ClientNameServers }} +DNS = {{.ClientNameServers}} +{{- else if not .DisableDNS }} DNS = {{if .Ipv4Enabled}}{{$.IPv4Gw}}{{end}}{{if .Ipv6Enabled}}{{if .Ipv4Enabled}},{{end}}{{$.IPv6Gw}}{{end}} {{- end }} Address = {{if .Ipv4Enabled}}{{$.IPv4Pref}}{{$.Profile.Number}}/{{$.IPv4Cidr}}{{end}}{{if .Ipv6Enabled}}{{if .Ipv4Enabled}},{{end}}{{$.IPv6Pref}}{{$.Profile.Number}}/{{$.IPv6Cidr}}{{end}} @@ -497,20 +503,21 @@ PersistentKeepalive = {{$.PersistentKeepalive}} WGCLIENT ` _, err = bash(script, struct { - Profile Profile - EndpointHost string - Datadir string - IPv4Gw string - IPv6Gw string - IPv4Pref string - IPv6Pref string - IPv4Cidr string - IPv6Cidr string - Listenport string - AllowedIPS string - Ipv4Enabled bool - Ipv6Enabled bool - DisableDNS bool + Profile Profile + EndpointHost string + Datadir string + IPv4Gw string + IPv6Gw string + IPv4Pref string + IPv6Pref string + IPv4Cidr string + IPv6Cidr string + Listenport string + AllowedIPS string + Ipv4Enabled bool + Ipv6Enabled bool + DisableDNS bool + ClientNameServers string PersistentKeepalive string }{ profile, @@ -527,6 +534,7 @@ WGCLIENT ipv4Enabled, ipv6Enabled, disableDNS, + clientNameServers, persistentKeepalive, }) if err != nil {