Tri-Factor Routing Modes

Core proxy mechanics execute across three configuration layouts depending on active configuration parameters:

1. DNS Only (Local Interception)

The architecture behaves natively as an on-device local firewall sinkhole. Sockets isolate incoming requests routed over Port 53, executing immediate lookups via the localized compilation table. Prohibited requests terminate immediately, while secure flows jump to the designated upstream secure resolver.

2. Full VPN (DNS Capture + WireGuard)

A dual-tier configuration framework. DNS evaluation executes strictly inside the local Geauxhole parser to minimize outbound data transmission. Verified target routes then exit directly out of the runtime space through encrypted endpoints over custom WireGuard configurations.

3. WireGuard Only

The layout operates as a standard high-performance proxy framework. Local rule parsing scales down completely, turning standard system constraints over directly to tunnel handlers.

Engine Settings

The backend core processes traffic visibility rules directly through real-time telemetry filters:

Block High-Entropy Domains (AI)

An on-the-fly mathematical checking layer. Instead of scaling allocation sizes to handle infinitely compounding dynamic flat lists, the system passes targets through a zero-RAM inline Shannon Entropy algorithm. Domain strings resembling high-randomness string generation (e.g., botnet seeds like x8z9q1p.com) are parsed as structural risk patterns and dropped inside memory loops before causing lookup latency.

Hide Local Discovery Traffic

Toggling this setting prevents internal device broadcasts—such as local Bonjour protocol loops, mDNS traffic, and DNS-SD queries—from filling structural logging registers or flooding active tracking databases.

DNS Configuration

Manages resolution options for non-malicious payloads hitting network interfaces:

Force DNS Rewrite

Actively intercepts hardcoded outbound target configurations (e.g., standard Google 8.8.8.8 overrides embedded inside specific apps). When working inside WireGuard configurations, it forces translation directly to the target environment's specific server array.

Smart Cache Duration

Adjusts the duration criteria for the Layer 1 local storage pool. Options map incrementally from 0 Seconds up to 24 Hours. Increasing limits scales down active interface execution, offering measurable battery overhead reductions on repetitive network actions.

Upstream Resolvers

The proxy supports secure translation directly across both standard DNS-over-HTTPS (DoH) and encoded DNSCrypt frameworks. It includes native provisions for Anonymized Relays, masking downstream client IPs completely from target DNS endpoints.

WireGuard Tunnel Layouts

To securely interface with custom networks, structural endpoints resolve target connections using clean .conf syntax metrics. Configurations parse key definitions directly into local interfaces:

[Interface]
PrivateKey = [Client Private Key File String]
Address = 240.0.0.2/32, fd00::2/128
MTU = 1420 (or Auto MTU on Cellular overrides)

[Peer]
PublicKey = [Server Cryptographic Endpoint Key]
Endpoint = VPN_Gateway_Host:Endpoint_Port
AllowedIPs = 0.0.0.0/0, ::/0
PersistentKeepalive = 25

Automated MTU Controls

When running under fluctuating cellular networks, turning on autoMTU automatically shifts interface constraints down to safe packet limits. This keeps underlying routes clear without causing fragmentation over unstable transport frames.

Contact & Support

If you need assistance, have feature requests, or want to report a bug, there are several ways to get in touch with the project developer.

Direct Support

• Email: webmaster@geaux.app
• Community Group: Join the Geaux Signal Support Group

Bug Reports

To report routing issues, unexpected network drops, or application crashes, please utilize the official open-source issue tracker:

• GitHub Tracker: Geaux GitHub Issues

Support the Project

If you find Geaux useful and want to support its ongoing development, consider buying the developer a coffee. Your support directly helps keep the application ad-free and tracking-free.

☕ Buy Me a Coffee

Privacy Policy

Geaux is designed from the ground up as a privacy-first, locally hosted network interception tool. This policy outlines exactly how your network flow data is handled.

On-Device Evaluation

Geaux operates primarily as a local tollbooth. When using DNS Only or Full VPN routing modes, all DNS sinkhole evaluations happen natively on your local hardware. We do not pipe your DNS request history or evaluation queries to external cloud instances for processing.

Data Collection & Telemetry

Geaux does not collect, log, or transmit telemetry, analytics, or personal data back to the developer. The live traffic monitor and network flow history visible in the app are stored exclusively on your device inside a local SQLite database and can be permanently wiped at any time via the "Danger Zone" section in the app settings.

Third-Party Services

Depending on your personal configuration, Geaux may interface directly with third-party networks:

• Upstream Resolvers: Allowed DNS queries are forwarded to the upstream DNS provider you select (e.g., Cloudflare, NextDNS). Their respective privacy policies apply to those outbound queries.
• Blocklists: The app downloads custom blocklists directly from the text URLs you configure.
• WireGuard Tunnels: In Full VPN or WireGuard Only modes, your IP traffic is routed through the server profile you provide. We have no visibility into the traffic passing through your active tunnel.
• Crash Reporting: The application utilizes Apple's native MetricKit framework to catch and log crash diagnostics directly to the operating system.

Terms & Disclaimer

This application is currently in early Beta testing. Bugs and unexpected issues are to be expected. The application is provided "AS IS", without warranty of any kind. The developer takes no responsibility for any network breakages, blocked traffic, or device issues resulting from the use of the app. There are no explicit privacy or security guarantees. If you experience any issues, please discontinue use of the application immediately.