Custom client nameservers

README.md

@@ -133,6 +133,7 @@ $ subspace --http-host subspace.example.com
 | `SUBSPACE_THEME`            | `green`             | The theme to use, please refer to [semantic-ui](https://semantic-ui.com/usage/theming.html) for accepted colors                                      |
 | `SUBSPACE_BACKLINK`         | `/`                 | The page to set the home button to                                                                                                                   |
 | `SUBSPACE_DISABLE_DNS`      | `false`             | Whether to disable DNS so the client uses their own configured DNS server(s). Consider disabling DNS server, if supporting international VPN clients |
+| `SUBSPACE_CLIENT_NAMESERVERS` | `false` | List of custom DNS servers to include in the user config |
 | `SUBSPACE_PERSISTENT_KEEPALIVE`      | `0`             | Whether PersistentKeepalive should be enabled for clients (seconds) |
 
 ### Run as a Docker container
@@ -183,6 +184,8 @@ If you want to run the vpn on a different domain as the http host you can set `-
 
 Use `--env SUBSPACE_DISABLE_DNS=1` to make subspace generate WireGuard configs without the `DNS` option, preserving the user's DNS servers.
 
+As an alternative, you can pass a list of preferred DNS servers in the `SUBSPACE_CLIENT_NAMESERVERS` variable (e.g. `--env SUBSPACE_CLIENT_NAMESERVERS="8.8.8.8,1.1.1.1"`).
+
 ```bash
 
 # Your data directory should be bind-mounted as `/data` inside the container using the `--volume` flag.

cmd/subspace/handlers.go

@@ -462,6 +462,10 @@ func profileAddHandler(w *Web) {
 	if shouldDisableDNS := getEnv("SUBSPACE_DISABLE_DNS", "0"); shouldDisableDNS == "1" {
 		disableDNS = true
 	}
+	clientNameServers := ""
+	if useClientNameServers := getEnv("SUBSPACE_CLIENT_NAMESERVERS", "nil"); useClientNameServers != "nil" {
+		clientNameServers = useClientNameServers
+	}
 	persistentKeepalive := "0"
 	if keepalive := getEnv("SUBSPACE_PERSISTENT_KEEPALIVE", "nil"); keepalive != "nil" {
 		persistentKeepalive = keepalive
@@ -483,7 +487,9 @@ WGPEER
 cat <<WGCLIENT >clients/{{$.Profile.ID}}.conf
 [Interface]
 PrivateKey = ${wg_private_key}
-{{- if not .DisableDNS }}
+{{- if .ClientNameServers }}
+DNS = {{.ClientNameServers}}
+{{- else if not .DisableDNS }}
 DNS = {{if .Ipv4Enabled}}{{$.IPv4Gw}}{{end}}{{if .Ipv6Enabled}}{{if .Ipv4Enabled}},{{end}}{{$.IPv6Gw}}{{end}}
 {{- end }}
 Address = {{if .Ipv4Enabled}}{{$.IPv4Pref}}{{$.Profile.Number}}/{{$.IPv4Cidr}}{{end}}{{if .Ipv6Enabled}}{{if .Ipv4Enabled}},{{end}}{{$.IPv6Pref}}{{$.Profile.Number}}/{{$.IPv6Cidr}}{{end}}
@@ -497,20 +503,21 @@ PersistentKeepalive = {{$.PersistentKeepalive}}
 WGCLIENT
 `
 	_, err = bash(script, struct {
-		Profile      		Profile
-		EndpointHost 		string
-		Datadir      		string
-		IPv4Gw       		string
-		IPv6Gw       		string
-		IPv4Pref     		string
-		IPv6Pref     		string
-		IPv4Cidr     		string
-		IPv6Cidr     		string
-		Listenport   		string
-		AllowedIPS   		string
-		Ipv4Enabled  		bool
-		Ipv6Enabled  		bool
-		DisableDNS   		bool
+		Profile             Profile
+		EndpointHost        string
+		Datadir             string
+		IPv4Gw              string
+		IPv6Gw              string
+		IPv4Pref            string
+		IPv6Pref            string
+		IPv4Cidr            string
+		IPv6Cidr            string
+		Listenport          string
+		AllowedIPS          string
+		Ipv4Enabled         bool
+		Ipv6Enabled         bool
+		DisableDNS          bool
+		ClientNameServers   string
 		PersistentKeepalive string
 	}{
 		profile,
@@ -527,6 +534,7 @@ WGCLIENT
 		ipv4Enabled,
 		ipv6Enabled,
 		disableDNS,
+		clientNameServers,
 		persistentKeepalive,
 	})
 	if err != nil {