lux CONNECT through port 80?

Hi,

I am really grateful for you project. I was searching something like this since years.

But I think I got an issue. I am trying to connect through a squid proxy. The browser works well. But another applications, like Microsoft Store not. Analyzing the squid logs, I got that Lux is trying to make a CONNECT in port 80.

I think the correct is to make a query in port 80, but without SSL, so it will be redirected.

Into the app log, I get this:

I am using the Lux with System Mode. Maybe it is a miss configuration.

Regards, Daniel

Jul 01 '25 00:07 dlc-letelier

It's the limitation of UWP apps. There are two ways to solve this problem:

1. Unlimit the loopback for UWP apps.

Install LoopbackManager
Run LoopbackManager as administrator
Select apps you want to unlimit and Save. I suggest that you select all apps

It works on my Windows.

2. Use Tun mode

Tun mode uses a virtual network adapter, which is not limited by loopback. See Use With Other VPN first if your server is localhost or 127.0.0.1.

Jul 01 '25 10:07 igoogolx

Thanks, it really works.

Like a proposal feature, if this can be integrated inside Lux, would be the final solution. Because not all proxies supports the Tun mode.

Jul 01 '25 12:07 dlc-letelier

LGTM. Enable loopback for UWP apps will be a feature. BTW, all proxies are supported by System Proxy and Tun at the same time on design. Does your proxy not support Tun?

Jul 01 '25 15:07 igoogolx

I suppose that Tun is Socks5. Unfortunately, there is some works to support it, but still no ETA.

https://wiki.squid-cache.org/Features/Socks

Jul 04 '25 16:07 dlc-letelier

Well, I don't know what's happened, but I've just make a test in Tun mode, and works well. The only thing that is a problem, is that in this mode, the DNS is resolved through the the proxy, and it doesn't allow DNS queries (it is an working environment, so no external DNS queries are allowed).

I will check how to enable https queries in the internal DNS and check.

Just another suggestion: with the support of UWP apps, I think you also refers to another apps like Whatsapp, Teams, etc. ?Because using the LoopBackManager, I could redirect all those apps through the proxy, using the authentication (that's very fine, because those application never authenticate).

Jul 04 '25 17:07 dlc-letelier

Actually, you can set the remote DNS with your address. However, the problem is DNS over UDP is not supported by the remote DNS because not all proxies support UDP. Anyway, you can try to add your DNS options in Setting -> Customized DNS Options like: tcp://8.8.8.8:53, then save and select the option in the remote DNS selector. Just remember that DNS over UDP is not supported by the remote DNS now.
Even though apps are installed from the Microsoft Store, it doesn't mean those are UWP apps. For Apps like Teams, I guess you can configure System Proxy in the app's Setting. That's why Tun mode is recommended for you.

Jul 06 '25 07:07 igoogolx

Thats Ok. The problem is that Squid proxy doesn't allow TCP queries through the proxy, because it isn't http traffic. So that's why only DoH will work in my case. It just gives me a protocol error. And without DNS query, nothing works.
Teams doesn't have any proxy configuration inside the App. The same as Whatsapp. Both they try to connect directly to their servers, so that's why the don't use authentication. But for an Enterprise Network, is an issue. With the LoopBack Manager, the apps works like a charm: they use Lux, so I can force the authentication.

So: Loopback Manager (as in the photo) + Tun = Works fine.

And here goes the suggestion: have the possibility to select which applications will use the LoopBack, all in the same place.

Jul 06 '25 14:07 dlc-letelier

I guess that DNS over UDP is not supported by Squid either. It seems that only DNS over HTTPS can work. Is that right?
I didn't get it. With Tun, Loopback Manager doesn't make sense because it only works for System Proxy. WhatsApp works for me in Tun without Loopback Manager. Did I miss something?

Jul 06 '25 15:07 igoogolx

Regarding point 1, I think it is the limitation of HTTP Proxy, which can only handle HTTP traffic. If that, Tun does have the problem of DNS. I missed that. Fake IP is a solution but is not supported by Lux now. So DOH is the only way to use Tun for you now.

Jul 06 '25 15:07 igoogolx

System Proxy can work fine because it sends the domain to Squid instead of the IP. However, Tun must query the domain to get the IP for Suqid. It's a bug in Tun with HTTP Proxy not only for Suqid.

Jul 06 '25 15:07 igoogolx

You are all right. I just configured a local DoH, disable the LoopBack Manager, except for Microsoft Store, and works.

Just another question: testing Whatsapp Desktop in Mixed mode, I cannot make calls, just stayed silence: the voice does not works. I've checked the log and there this:

Seems that Lux is trying to pass UDP, even when it is not supported. I think the desired action is to handle the connection outside the Tun.

Using the System mode, works.

There is already a UDP test, so can be used to automatically set an exception if UDP is not supported by the remote proxy.

Thanks again. This project is really useful.

Jul 06 '25 17:07 dlc-letelier

Hi! Fake Ip has been supported in v1.34.2-beat.0, which can solve the DNS problem in Tun with HTTP proxy. With Fake Ip, you can remove local DOH because remote DNS will be forwarded to the proxy. If something is wrong, plz let me know.

Go Setting -> Fake Ip (Experimental) and enable it.

Jul 07 '25 15:07 igoogolx

Hi,

Just to give you a feedback: it worked. So, with Tun or Mixed mode, I can take the DNS configured by DHCP, without need of DoH.

Just the issue about the UDP/Whatsapp call, mentioned in the last message, still not working. But I think you did not make any change yet.

Jul 07 '25 18:07 dlc-letelier

Hi, Coming around the WhatsApp Desktop againt, the attachments (files, voice messages, etc.) only works with Tun mode activated.

While using Tun mode, the log shows:

But, in Mixed or System modes, I couldn't found any reference in the logs. Not sure what can make this happens.

Jul 09 '25 13:07 dlc-letelier

Hi! I can't tell why now. Weirdly, WhatsApp can't even work with System Proxy on my Windows, but Tun and Mixed are okay. Please follow these steps to find the reason.

In System Proxy, go to Data, and search WhatsApp to see the result
In Tun or Mixed, same as step 1
Exit Lux. Is WhatsApp working properly without Lux?

Jul 10 '25 12:07 igoogolx

Hi!

So, here you are:

First, with System Mode: the photo doesn't go.

And with Tun mode:

It passed.

Without Lux, it doesn't work, because the proxy needs authentication to allow the connection. I can authenticate with the mac address, but I want to avoid that, because is much hard to control.

Jul 10 '25 17:07 dlc-letelier

I've just reboot the computer, and Lux give me this message. Maybe is useful to debug de problem:

Jul 12 '25 11:07 dlc-acnsf

Thanks for your feedback, but it should be unrelated to our problem. I still don't understand why your WhatsApp can work with System Proxy.

What's version of your Windows? Going to System -> About and copying Windows specifications works on my Windows 11.
Can your other apps from the Microsoft Store, like Teams, work with System Proxy?

Jul 13 '25 09:07 igoogolx

Regarding the UDP problem, I think there is no way to make UDP work in Tun with HTTP proxy now. The possible way is to let WhatsApp use TCP instead of UDP, which is how System Proxy works now, I guess.

Jul 13 '25 10:07 igoogolx

Here is the Windows Version:

Strange, but I tried in another computer and had the same result. For example, if I try to register Whatsapp Desktop, is doesn't works in System Proxy. But, in Tun/Mixed, works.

About Teams, yes, it works using System Proxy. Here is an example:

Well, and a last thing. Not sure it has any relation, but I activate the Whatsapp in the Loopback, and worked. Seems like Whatsapp needs the Loopback in System Proxy.

Jul 13 '25 13:07 dlc-letelier