Advanced Features

Advanced Tunnel Features

Overview

doxx.net tunnels offer a rich set of advanced features for security, performance monitoring, and network control. This guide explains each feature in detail to help you configure your tunnels optimally.

Monitoring Features

Bandwidth Statistics

• Parameter: bandwidth_stats
• Values: 0 (disabled) or 1 (enabled)
• Description: Enables real-time bandwidth monitoring for your tunnel
• Features:
  • Upload/download speed tracking
  • Data transfer volume monitoring
  • No data retention
  • Performance analytics
  • Avaliable in all tunnel types

Security Statistics

• Parameter: security_stats
• Values: 0 (disabled) or 1 (enabled)
• Description: Provides detailed security event monitoring and analysis
• Features:
  • Real-time threat detection
  • Attack attempt logging
  • Security event categorization
  • Interactive security dashboard
  • Avaliable in all tunnel types

Security Features

DNS Protection

• Parameter: block_bad_dns
• Values: 0 (disabled) or 1 (enabled)
• Description: Actively blocks known malicious DNS queries
• Protection Against:
  • Phishing domains
  • Malware command & control servers
  • Known botnet infrastructure
  • Cryptocurrency mining pools
• Updates: Real-time threat database updates
  • Avaliable in all tunnel types
  • Must use the 10.10.10.10 dns server or have dnssnarf enabled to block malicious dns queries.

Firewall

• Parameter: firewall
• Values: 0 (disabled) or 1 (enabled)
• Description: Implements an intelligent packet filtering system
• Features:
  • Stateful packet inspection
  • Port scan protection
  • DDoS mitigation
  • Custom rule support
  • Avaliable in all tunnel types

Network Control Features

SSH Connection Management

• Parameter: keep_established_ssh
• Values: 0 (disabled) or 1 (enabled)
• Description: Maintains SSH connection stability during tunnel updates
• Benefits:
  • Prevents SSH session drops
  • Maintains remote access stability
  • Reduces connection interruptions
  • Avaliable in doxx.net clients only

Default Route Control

• Parameter: kill_default_route
• Values: 0 (disabled) or 1 (enabled)
• Description: Controls system-wide routing behavior
• When Enabled:
  • Forces all traffic through the tunnel
  • Prevents IP leaks
  • Blocks non-tunnel traffic
  • Avaliable in doxx.net clients only

Auto-Reconnection

• Parameter: auto_reconnect
• Values: 0 (disabled) or 1 (enabled, default)
• Description: Automatically restores tunnel connectivity
• Features:
  • Smart retry logic
  • Exponential backoff
  • Connection health monitoring
  • Avaliable in doxx.net clients only

Routing Features

Network Routing

• Parameter: enable_routing
• Values: 0 (disabled) or 1 (enabled, default)
• Description: Controls tunnel routing capabilities
• Features:
  • Multi-subnet support
  • Route propagation
  • Split tunneling capability
  • Avaliable in doxx.net clients only
• Use Case: Complex network topologies

DNS Interception

• Parameter: snarf_dns
• Values: 0 (disabled) or 1 (enabled, default)
• Description: Controls DNS query handling
• Features:
  • DNS leak prevention
  • Custom DNS resolution
  • Domain-based routing
  • Avaliable in doxx.net clients only
• Security Benefit: Enhanced privacy protection

Best Practices

Security-First Configuration

{
  "bandwidth_stats": 1,
  "security_stats": 1,
  "block_bad_dns": 1,
  "firewall": 1,
  "snarf_dns": 1,
  "enable_routing": 1
}

High-Availability Setup

{
  "auto_reconnect": 1,
  "keep_established_ssh": 1,
  "enable_routing": 1
}

Performance Considerations

• Enable monitoring features selectively based on needs
• Auto-reconnection helps maintain stable connections

Security Recommendations

1. Enable block_bad_dns for basic threat protection
2. Use firewall on public endpoints
3. Enable kill_default_route for maximum security
4. Keep snarf_dns enabled to prevent DNS leaks
5. Monitor security events with security_stats