Update docs about tunnel stuff

2026-02-20 20:06:44 +00:00 · 2025-12-19 12:13:46 -05:00
parent ba84144970
commit 64885cca7d
3 changed files with 51 additions and 43 deletions
--- a/manage/clients/configure-client.mdx
+++ b/manage/clients/configure-client.mdx
@@ -21,15 +21,15 @@ Refer to the [documentation in the official repository](https://github.com/fosrl

 <ResponseField name="id" type="string" required>
  Olm ID generated by Pangolin to identify the client.
-  
+
  **Example**: `31frd0uzbjvp721`
 </ResponseField>

 <ResponseField name="secret" type="string" required>
  A unique secret used to authenticate the client ID with the websocket.
-  
+
  **Example**: `h51mmlknrvrwv8s4r1i210azhumt6isgbpyavxodibx1k2d6`
-  
+
  <Warning>
  Keep this secret private and secure. It's used for authentication.
  </Warning>
@@ -37,7 +37,7 @@ Refer to the [documentation in the official repository](https://github.com/fosrl

 <ResponseField name="endpoint" type="string" required>
  The endpoint where both Gerbil and Pangolin reside for websocket connections.
-  
+
  **Example**: `https://pangolin.example.com`
 </ResponseField>

@@ -51,81 +51,87 @@ Refer to the [documentation in the official repository](https://github.com/fosrl

 <ResponseField name="mtu" type="integer">
  MTU for the internal WireGuard interface.
-  
+
  **Default**: `1280`
 </ResponseField>

 <ResponseField name="dns" type="string">
  DNS server to use to resolve the endpoint.
-  
+
  **Default**: `8.8.8.8`
 </ResponseField>

 <ResponseField name="upstream-dns" type="string">
  Upstream DNS server(s), comma-separated.
-  
+
  **Default**: `8.8.8.8:53`
 </ResponseField>

 <ResponseField name="log-level" type="string">
  The log level to use for Olm output.
-  
+
  **Options**: `DEBUG`, `INFO`, `WARN`, `ERROR`, `FATAL`
-  
+
  **Default**: `INFO`
 </ResponseField>

 <ResponseField name="ping-interval" type="string">
  Interval for pinging the server.
-  
+
  **Default**: `3s`
 </ResponseField>

 <ResponseField name="ping-timeout" type="string">
  Timeout for each ping.
-  
+
  **Default**: `5s`
 </ResponseField>

 <ResponseField name="interface" type="string">
  Name of the WireGuard interface.
-  
+
  **Default**: `olm`
 </ResponseField>

 <ResponseField name="enable-api" type="boolean">
  Enable API server for receiving connection requests.
-  
+
  **Default**: `false`
 </ResponseField>

 <ResponseField name="http-addr" type="string">
  HTTP server address (e.g., ':9452').
-  
+
  **Default**: `:9452`
 </ResponseField>

 <ResponseField name="socket-path" type="string">
  Unix socket path (or named pipe on Windows).
-  
+
  **Default**: `/var/run/olm.sock` (Linux/macOS) or `olm` (Windows)
 </ResponseField>

 <ResponseField name="disable-holepunch" type="boolean">
  Disable hole punching.
-  
+
  **Default**: `false`
 </ResponseField>

 <ResponseField name="override-dns" type="boolean">
  Override system DNS settings.
-  
+
+  **Default**: `false`
+</ResponseField>
+
+<ResponseField name="tunnel-dns" type="boolean">
+  Force connectivity to the upstream DNS server to go via the tunnel to a resource.
+
  **Default**: `false`
 </ResponseField>

 <ResponseField name="disable-relay" type="boolean">
  Disable relay connections.
-  
+
  **Default**: `false`
 </ResponseField>

@@ -159,87 +165,87 @@ When both environment variables and CLI arguments are provided, CLI arguments ta

 <ResponseField name="MTU" type="integer">
  MTU for the internal WireGuard interface (equivalent to `--mtu`)
-  
+
  **Default**: `1280`
 </ResponseField>

 <ResponseField name="DNS" type="string">
  DNS server to use to resolve the endpoint (equivalent to `--dns`)
-  
+
  **Default**: `8.8.8.8`
 </ResponseField>

 <ResponseField name="UPSTREAM_DNS" type="string">
  Upstream DNS server(s), comma-separated (equivalent to `--upstream-dns`)
-  
+
  **Default**: `8.8.8.8:53`
 </ResponseField>

 <ResponseField name="LOG_LEVEL" type="string">
  Log level (equivalent to `--log-level`)
-  
+
  **Default**: `INFO`
 </ResponseField>

 <ResponseField name="PING_INTERVAL" type="string">
  Interval for pinging the server (equivalent to `--ping-interval`)
-  
+
  **Default**: `3s`
 </ResponseField>

 <ResponseField name="PING_TIMEOUT" type="string">
  Timeout for each ping (equivalent to `--ping-timeout`)
-  
+
  **Default**: `5s`
 </ResponseField>

 <ResponseField name="INTERFACE" type="string">
  Name of the WireGuard interface (equivalent to `--interface`)
-  
+
  **Default**: `olm`
 </ResponseField>

 <ResponseField name="ENABLE_API" type="boolean">
  Enable API server for receiving connection requests (equivalent to `--enable-api`)
-  
+
  Set to "true" to enable
-  
+
  **Default**: `false`
 </ResponseField>

 <ResponseField name="HTTP_ADDR" type="string">
  HTTP server address (equivalent to `--http-addr`)
-  
+
  **Default**: `:9452`
 </ResponseField>

 <ResponseField name="SOCKET_PATH" type="string">
  Unix socket path or Windows named pipe (equivalent to `--socket-path`)
-  
+
  **Default**: `/var/run/olm.sock` (Linux/macOS) or `olm` (Windows)
 </ResponseField>

 <ResponseField name="DISABLE_HOLEPUNCH" type="boolean">
  Disable hole punching (equivalent to `--disable-holepunch`)
-  
+
  Set to "true" to disable
-  
+
  **Default**: `false`
 </ResponseField>

 <ResponseField name="OVERRIDE_DNS" type="boolean">
  Override system DNS settings (equivalent to `--override-dns`)
-  
+
  Set to "true" to enable
-  
+
  **Default**: `false`
 </ResponseField>

 <ResponseField name="DISABLE_RELAY" type="boolean">
  Disable relay connections (equivalent to `--disable-relay`)
-  
+
  Set to "true" to disable
-  
+
  **Default**: `false`
 </ResponseField>

@@ -249,7 +255,7 @@ When both environment variables and CLI arguments are provided, CLI arguments ta

 ### Loading secrets from files

-You can use `CONFIG_FILE` to define a location of a config file to store the credentials between runs. 
+You can use `CONFIG_FILE` to define a location of a config file to store the credentials between runs.

 ```
 $ cat ~/.config/olm-client/config.json
@@ -276,9 +282,9 @@ $ cat ~/.config/olm-client/config.json
 }
 ```

-This file is also written to when olm first starts up. So you do not need to run every time with --id and secret if you have run it once! 
+This file is also written to when olm first starts up. So you do not need to run every time with --id and secret if you have run it once!

-Default locations: 
+Default locations:

 - **macOS**: `~/Library/Application Support/olm-client/config.json`
 - **Windows**: `%PROGRAMDATA%\olm\olm-client\config.json`
@@ -286,4 +292,4 @@ Default locations:

 ### API

-Olm can be started with a HTTP or socket API to configure and manage it. See the [API documentation](https://github.com/fosrl/olm/blob/main/API.md) for more details.
+Olm can be started with a HTTP or socket API to configure and manage it. See the [API documentation](https://github.com/fosrl/olm/blob/main/API.md) for more details.