v1.1.75 sometimes does not start when 8.8.8.8:443 is blocked

[RonKhondji]

Please answer the following question for yourself before submitting an issue

• I checked to make sure that this issue has not already been filed

AdGuard VPN CLI version

1.1.75

Environment

Ubuntu 24.04.1 LTS

Issue Details

I updated with adguardvpn-cli update.
After that the vpn service won't start in the background.

Then I rebooted with sudo reboot now.

After that the vpn service still won't start in the background.

Expected Behavior

A working VPN.

Actual Behavior

A not working VPN

Screenshots

Screenshot 1


Additional Information

No response

[sfionov]

@RonKhondji Hello! Thank you for your report.

Can you please do adguardvpn-cli config set-debug-logging on, reproduce problem, collect the logs using adguardvpn-cli export-logs and send them to [email protected]? In title, please specify this issue.

[RonKhondji]

Done.
The service did start once after turning on the debug logging. After that it kept on failing again.

[RonKhondji]

Ok I found something.
I'm running my own AdGuardHome dns server and have firewall rules for everything on my local lan to only use that. So 8.8.8.8 and 1.1.1.1 are not accessable from within my lan.

Looking at the logs I think I see adguardvpn-cli trying to connect to 8.8.8.8 instead of using the system dns, so I turned of the firewall rule for a little while. Without that rule the vpn connects fine.

Now I'm just an amateur but it looks like adguardvpn-cli should use the system dns server as the upstream dns and not simply use google or cloudflare.

If I'm wrong, please ignore this :)

[sfionov]

@RonKhondji Yes, this is DNS related problem.

AG VPN CLI uses both DNS-over-HTTPS and system DNS to resolve its servers. However, when tunnel is already running, it is possible that system DNS loops into AG VPN CLI itself, so DoH is only reliable solution.

We'll look why regular DNS fails during connect in this particular case.