diff --git a/boltconn/src/app.rs b/boltconn/src/app.rs
index 1f2bedc..7ae08d5 100644
--- a/boltconn/src/app.rs
+++ b/boltconn/src/app.rs
@@ -125,6 +125,7 @@ impl App {
             let tun_configure = Arc::new(std::sync::Mutex::new(TunConfigure::new(
                 fake_dns_server,
                 tun.get_name(),
+                &outbound_iface,
             )));
             if will_enable_tun {
                 tun_configure
diff --git a/boltconn/src/network/configure.rs b/boltconn/src/network/configure.rs
index dc279b9..bf009c9 100644
--- a/boltconn/src/network/configure.rs
+++ b/boltconn/src/network/configure.rs
@@ -8,15 +8,17 @@ use std::net::Ipv4Addr;
 pub struct TunConfigure {
     dns_addr: Ipv4Addr,
     device_name: String,
+    outbound_name: String,
     dns_handle: Option<SystemDnsHandle>,
     routing_table_flag: bool,
 }
 
 impl TunConfigure {
-    pub fn new(dns_addr: Ipv4Addr, device_name: &str) -> Self {
+    pub fn new(dns_addr: Ipv4Addr, device_name: &str, outbound_name: &str) -> Self {
         Self {
             dns_addr,
             device_name: device_name.to_string(),
+            outbound_name: outbound_name.to_string(),
             dns_handle: None,
             routing_table_flag: false,
         }
@@ -46,7 +48,11 @@ impl TunConfigure {
 
     fn enable_dns(&mut self) -> io::Result<()> {
         if self.dns_handle.is_none() {
-            self.dns_handle = Some(SystemDnsHandle::new(self.dns_addr)?)
+            self.dns_handle = Some(SystemDnsHandle::new(
+                self.dns_addr,
+                &self.device_name,
+                &self.outbound_name,
+            )?)
         }
         Ok(())
     }
diff --git a/boltconn/src/network/windows_tun.rs b/boltconn/src/network/windows_tun.rs
index f685e25..1d0599d 100644
--- a/boltconn/src/network/windows_tun.rs
+++ b/boltconn/src/network/windows_tun.rs
@@ -45,29 +45,12 @@ impl TunInstance {
         self.adapter.set_address(addr.addr()).map_err(|e| match e {
             wintun::Error::Io(e) => e,
             _ => io_err("Failed to set address"),
-        })
+        })?;
+        self.adapter
+            .set_netmask(addr.netmask())
+            .map_err(|e| match e {
+                wintun::Error::Io(e) => e,
+                _ => io_err("Failed to set netmask"),
+            })
     }
-
-    // pub async fn send_outbound(pkt: &IPPkt, gw_name: &str, ipv6_enabled: bool) -> io::Result<()> {
-    //     let addr = get_iface_address(gw_name)?;
-    //     match pkt {
-    //         IPPkt::V4(_) => {
-    //             let sock = socket2::Socket::new(
-    //                 socket2::Domain::IPV4,
-    //                 socket2::Type::RAW,
-    //                 Some(socket2::Protocol::from(IPPROTO_IP.0)),
-    //             )?;
-    //             sock.bind(&SocketAddr::new(addr, 0).into())?;
-    //             todo!()
-    //         }
-    //         IPPkt::V6(_) => {
-    //             if ipv6_enabled {
-    //                 todo!()
-    //             } else {
-    //                 tracing::trace!("Drop IPv6 packets: IPv6 disabled");
-    //             }
-    //         }
-    //     }
-    //     Ok(())
-    // }
 }
diff --git a/boltconn/src/platform/sys/linux_sys.rs b/boltconn/src/platform/sys/linux_sys.rs
index 87602be..7cd17cf 100644
--- a/boltconn/src/platform/sys/linux_sys.rs
+++ b/boltconn/src/platform/sys/linux_sys.rs
@@ -117,7 +117,7 @@ pub struct SystemDnsHandle {}
 impl SystemDnsHandle {
     const PATH: &'static str = "/tmp/fake_resolv.conf";
     const RESOLV: &'static str = "/etc/resolv.conf";
-    pub fn new(ip: Ipv4Addr) -> io::Result<Self> {
+    pub fn new(ip: Ipv4Addr, _tun_name: &str, _outbound_name: &str) -> io::Result<Self> {
         let mut output = File::create(Self::PATH).unwrap_or(
             OpenOptions::new()
                 .read(true)
diff --git a/boltconn/src/platform/sys/macos_sys.rs b/boltconn/src/platform/sys/macos_sys.rs
index 5d3b22e..0e9e653 100644
--- a/boltconn/src/platform/sys/macos_sys.rs
+++ b/boltconn/src/platform/sys/macos_sys.rs
@@ -172,7 +172,7 @@ pub struct SystemDnsHandle {
 }
 
 impl SystemDnsHandle {
-    pub fn new(ip: Ipv4Addr) -> io::Result<Self> {
+    pub fn new(ip: Ipv4Addr, _tun_name: &str, _outbound_name: &str) -> io::Result<Self> {
         let services: Vec<String> =
             get_command_output("networksetup", ["-listallnetworkservices"])?
                 .split('\n')
diff --git a/boltconn/src/platform/sys/windows_sys.rs b/boltconn/src/platform/sys/windows_sys.rs
index aae3550..0841d94 100644
--- a/boltconn/src/platform/sys/windows_sys.rs
+++ b/boltconn/src/platform/sys/windows_sys.rs
@@ -82,7 +82,7 @@ pub struct SystemDnsHandle {
 }
 
 impl SystemDnsHandle {
-    pub fn new(dns_addr: Ipv4Addr) -> io::Result<Self> {
+    pub fn new(dns_addr: Ipv4Addr, _tun_name: &str, outbound_name: &str) -> io::Result<Self> {
         // From https://github.com/dandyvica/resolver/blob/main/src/lib.rs
         let mut list: Vec<DnsRecord> = Vec::new();
 
@@ -119,6 +119,12 @@ impl SystemDnsHandle {
                         let iface_name = (*p).FriendlyName.display().to_string();
                         let iface_index = (*p).Ipv6IfIndex;
 
+                        // skip non-outbound interfaces
+                        if !(iface_name == outbound_name) {
+                            p = (*p).Next;
+                            continue;
+                        }
+
                         // now get all DNS ips for this interface
                         let mut ip_list: Vec<IpAddr> = Vec::new();
                         let mut p_dns = (*p).FirstDnsServerAddress;