From f5362ce009d182d28a075e37b789ecff020640db Mon Sep 17 00:00:00 2001 From: Jamil Date: Wed, 9 Oct 2024 12:31:38 -0700 Subject: [PATCH] docs: Remove known DoH issue with Firefox (#6832) This has been a long-standing issue. The base PR fixes the issue for Firefox, and apparently all other browsers will _not_ change your DNS server, only opportunistically enable DoH if it finds your current servers to support it. --- rust/gui-client/docs/intended_behavior.md | 1 - rust/gui-client/docs/vm_testing.md | 1 - .../kb/administer/troubleshooting/readme.mdx | 36 ------------------- .../kb/client-apps/android-client/readme.mdx | 2 -- .../app/kb/client-apps/ios-client/readme.mdx | 2 -- .../client-apps/linux-gui-client/readme.mdx | 6 ---- .../kb/client-apps/macos-client/readme.mdx | 7 ---- .../kb/client-apps/windows-client/readme.mdx | 6 ---- 8 files changed, 61 deletions(-) diff --git a/rust/gui-client/docs/intended_behavior.md b/rust/gui-client/docs/intended_behavior.md index f8aa2f531..05917e18d 100644 --- a/rust/gui-client/docs/intended_behavior.md +++ b/rust/gui-client/docs/intended_behavior.md @@ -19,7 +19,6 @@ Best performed on a clean VM 1. Open the Settings window and change to staging if needed 1. Click "Sign in" 1. Expect a browser to open -1. Disable DoH in Firefox if needed (20.04 and 22.04 both have it, in different places) https://www.firezone.dev/kb/administer/troubleshooting#some-browsers-break-dns-routing 1. Sign in 1. Expect Firefox to show "Allow this site to open the link with Firezone?" modal 1. Check "Always..." and click "Open link" diff --git a/rust/gui-client/docs/vm_testing.md b/rust/gui-client/docs/vm_testing.md index bfe7472f7..bee54d841 100644 --- a/rust/gui-client/docs/vm_testing.md +++ b/rust/gui-client/docs/vm_testing.md @@ -50,7 +50,6 @@ The Windows license is valid for 180 days 1. In the Server Manager, click "Manage", click "Server Manager Properties", check "Do not start Server Manager automatically at logon", and click "OK". Close Server Manager. 1. Make any quality-of-life changes you want such as fixing the taskbar 1. Open `https://ifconfig.net/` in Edge and clear out the Edge first-time setup -1. In `edge://settings/privacy`, [disable secure DNS](https://www.firezone.dev/kb/administer/troubleshooting#some-browsers-break-dns-routing) 1. Run Windows Update 1. In the VirtualBox menu, click "Devices", click "Insert Guest Additions CD image", and then install the VirtualBox guest additions, so you can drag-and-drop files into the VM easily. 1. Perform a clean shutdown from within the Windows VM. diff --git a/website/src/app/kb/administer/troubleshooting/readme.mdx b/website/src/app/kb/administer/troubleshooting/readme.mdx index 4667c5caa..d23b8ae47 100644 --- a/website/src/app/kb/administer/troubleshooting/readme.mdx +++ b/website/src/app/kb/administer/troubleshooting/readme.mdx @@ -63,40 +63,4 @@ sudo journalctl -u firezone-gateway.service -## Some browsers break DNS routing - -Some web browsers enable DNS-over-HTTPS by default, which can interfere with -Firezone's DNS-based routing system. If you're experiencing issues connecting to -DNS Resources in your browser, or notice that DNS resources aren't being routed -through a Firezone Gateway when they should be, try disabling DNS-over-HTTPS -using the appropriate method below. - -### Firefox - -1. Go to `about:preferences#privacy` in the address bar. -1. Scroll down to the "DNS over HTTPS" section. -1. Ensure that "Off" is selected. - -Firefox DNS-over-HTTPS settings - -### Chrome - -1. Go to `chrome://settings/security` in the address bar. -1. Scroll down to the "Advanced" section. -1. Ensure that "Use secure DNS" is disabled. - -Firefox DNS-over-HTTPS settings - diff --git a/website/src/app/kb/client-apps/android-client/readme.mdx b/website/src/app/kb/client-apps/android-client/readme.mdx index f8140a7a9..ffd5baa44 100644 --- a/website/src/app/kb/client-apps/android-client/readme.mdx +++ b/website/src/app/kb/client-apps/android-client/readme.mdx @@ -91,8 +91,6 @@ We will add troubleshooting steps here in the future. - ChromeOS devices using the Android 9 compatibility layer don't work with Firezone. Android 11 and newer do work. [#3620](https://github.com/firezone/firezone/issues/3620) -- Some apps do not use Firezone's SplitDNS and so cannot access DNS Resources. - [#4834](https://github.com/firezone/firezone/issues/4834) - Disconnecting the VPN from the System Settings does not work [#5413](https://github.com/firezone/firezone/issues/5413) diff --git a/website/src/app/kb/client-apps/ios-client/readme.mdx b/website/src/app/kb/client-apps/ios-client/readme.mdx index a470adf7c..4e3994ebe 100644 --- a/website/src/app/kb/client-apps/ios-client/readme.mdx +++ b/website/src/app/kb/client-apps/ios-client/readme.mdx @@ -100,7 +100,5 @@ We will add troubleshooting steps here in the future. - If another VPN app is running on the system, Firezone will not work. [#4733](https://github.com/firezone/firezone/issues/4733) -- Some browsers (e.g. Safari) break DNS routing - [#6375](https://github.com/firezone/firezone/issues/6375). diff --git a/website/src/app/kb/client-apps/linux-gui-client/readme.mdx b/website/src/app/kb/client-apps/linux-gui-client/readme.mdx index 0611c3b6f..e3af9b0f0 100644 --- a/website/src/app/kb/client-apps/linux-gui-client/readme.mdx +++ b/website/src/app/kb/client-apps/linux-gui-client/readme.mdx @@ -203,12 +203,6 @@ the tunnel, and a GUI which allows the user to control Firezone. ## Known issues -- **DNS Resources**: Web browsers that enable "Secure DNS" or DNS-over-HTTPS by - default may interfere with DNS resolution because they force all DNS traffic - through the browser's configured resolvers. See - [Administer / Troubleshooting / Some browsers break DNS routing](/kb/administer/troubleshooting#some-browsers-break-dns-routing) - to disable DNS-over-HTTPS if you're experiencing issues connecting to DNS - Resources within your browser. - The GUI Client does not run on Ubuntu 24.04 yet [#4883](https://github.com/firezone/firezone/issues/4883) - If you update Firezone while the GUI is running, you must manually restart the diff --git a/website/src/app/kb/client-apps/macos-client/readme.mdx b/website/src/app/kb/client-apps/macos-client/readme.mdx index d1364b69f..1eceb7cc6 100644 --- a/website/src/app/kb/client-apps/macos-client/readme.mdx +++ b/website/src/app/kb/client-apps/macos-client/readme.mdx @@ -126,13 +126,6 @@ Normal system DNS: Host * ServerAliveInterval 240 ``` -- **DNS Resources**: Web browsers that enable "Secure DNS" or DNS-over-HTTPS by - default may interfere with DNS resolution because they force all DNS traffic - through the browser's configured resolvers. See - [Administer / Troubleshooting / Some browsers break DNS routing](/kb/administer/troubleshooting#some-browsers-break-dns-routing) - to disable DNS-over-HTTPS if you're experiencing issues connecting to DNS - Resources within your browser - [#6375](https://github.com/firezone/firezone/issues/6375). - **Cloudflare WARP client conflicts with other VPN apps**: The Cloudflare WARP client may interfere with Firezone's ability to initialize its tunnel interface or resolve DNS resources. Ensure the Cloudflare WARP client is diff --git a/website/src/app/kb/client-apps/windows-client/readme.mdx b/website/src/app/kb/client-apps/windows-client/readme.mdx index 427ada2b8..f0d1176b5 100644 --- a/website/src/app/kb/client-apps/windows-client/readme.mdx +++ b/website/src/app/kb/client-apps/windows-client/readme.mdx @@ -190,12 +190,6 @@ the tunnel, and a GUI which allows the user to control Firezone. ## Known issues -- **DNS Resources**: Web browsers that enable "Secure DNS" or DNS-over-HTTPS by - default may interfere with DNS resolution because they force all DNS traffic - through the browser's configured resolvers. See - [Administer / Troubleshooting / Some browsers break DNS routing](/kb/administer/troubleshooting#some-browsers-break-dns-routing) - to disable DNS-over-HTTPS if you're experiencing issues connecting to DNS - Resources within your browser. - Firezone does not register itself with Windows as a VPN [#2875](https://github.com/firezone/firezone/issues/2875)