Using Rethink DNS app btw, I want to use a firewall and VPN at the same time on Android. Wtf?!?
So my IP has somehow just been leaking all this time...
Edit: Typo
You can configure Rethink to use always on VPN inside the app.
this post was submitted on 11 Feb 2025
39 points (86.8% liked)
Privacy
34029 readers
560 users here now
A place to discuss privacy and freedom in the digital world.
Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.
In this community everyone is welcome to post links and discuss topics related to privacy.
Some Rules
- Posting a link to a website containing tracking isn't great, if contents of the website are behind a paywall maybe copy them into the post
- Don't promote proprietary software
- Try to keep things on topic
- If you have a question, please try searching for previous discussions, maybe it has already been answered
- Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
- Be nice :)
Related communities
much thanks to @gary_host_laptop for the logo design :)
founded 5 years ago
MODERATORS
you are doing nothing wrong. To my knowledge, there is no effective firewall app for android that doesn't occupy the VPN connection. From my understanding, you either have a VPN or a firewall. I have found no work around for both that was effective.
I mean, Rethink DNS was working, then it broke. 😓
I mean, I switched to a different wireguard config and it seems to work, I'll see if it breaks in a few days...
I have a strange bug where RethinkDNS wireguard session keeps failling after a while if my phone is not used for a while.
I have to reconnect my wireguard session or it just doesn't work. I need to ADB and check the logs to see what's happening and write some kind of bug report to rethink's DNS bug tracking support.
It's not the first time they have some kind of misbehave with their firewall and wireguard tunnel. Other than that, RethinkDNS rocks !!
yes, but actually no.
there are apps (like rethink DNS) that pack multiple functions in the app. if an app is being used to handle a VPN connection, it gets to process all your network traffic, see for each packet which app does it belong to, and can do both firewalling, split tunneling by app or type of traffic, and can also filter packets. most VPN apps just don't bother with it because its a complex task, and most users wouldn't use it anyway.
There's also AFWall+ that can configure the kernel's firewall with root permissions, without setting itself up to handle a V0N connection.
both of these apps are available on f-droid
Same, that's why I stopped using rethink a while ago, even though I loved it.
I use tasker. Is SSID name "my home SSID name"?
Yes: disable wireguard
No: enable wireguard
Always on vpn. I have no need to use these other VPNs like everyone else is, but if I were I'd set that up on my opnsense firewall at home. That way everything in my network, and my phone's when away from home, are all tunnelled through the VPN provider. Opnsense does all the content filtering and security stuff well enough for my needs.
Did you activate "block connections without vpn" aka kill switch?
There's only one vpn slot on android. How do you tunnel the connection without a second device?
Did you activate "always on vpn"?
I do, along with "block connections without VPN", but traffic goes through either way 🤷♂️
Tgen it's a bug. Can you reproduce it? Which os?
Samsung "One UI 6.1" / Android 14
On the latest January 1 2025 System and "Google Play System" updates.
Latest version of Rethink DNS v0.5.5n
Its was a multi-hop Wireguard config Switzerland --> Canada
I used two different Switerland --> Canada combination of servers and they both crashed after a few days, and existing and re-adding the certificate doesnt work either.
I'm now using Switzerland --> UK and see if it breaks in a few days...
I have a way to solve your problem only thing is it's going to kill your battery life.
Apps I used to have 2 "vpns"
First Insular or Shelter use one of them to create a work profile.
Apps inside of The Work Profile Exclave VPN APP of choice for example MullvadVPN
Apps outside of The Work Profile Tracker Control PersonalDNSfilter
What I did is that i configured Tracker Control to send all DNS requests to the locally running DNS service that Personal DNS Filter creates as well as telling Tracker controll to not capture trafic from Personal DNS Filter. I also then configured Personal DNS Filter to use Mullvad DNS witg DoH or DoT. Then i configured Tracker control to send all traffic to a socks5 proxy (that is created by Exclave) that way the traffic from a app goes like this.
All traffic that isn't DNS App ---> Tracker contol ---> Exclave ---> MullvadVPN
DNA traffic App ---> Tracker control ---> Personal DNS Filter ---> Mullvad DNS
Look I had this for a while and I don't recommend it due to the battery drain. Remember this setup will use 2 VPN slots run 4 services. A DNS proxy, a full socks5 and A wireguard VPN at the same time as a complete work profile. Good luck tho!
must be firewall > socks > wireguard > vpn
2nd question on netGuard FAQ https://github.com/M66B/NetGuard/blob/master/FAQ.md
Oh, you got to use the always-on vpn setting on android. I don't even trust that not to leak, but it's a must.
I did, also the "Block Connections without VPN", idk what happened. The VPN logo (the little key looking symbol) is showing up, so its not the Android system leaking it, something is buggy with the Rethink DNS app. Oh well, its FOSS, I can't blame anyone.
That's a real bad bug if the failure condition is to bypass your system security settings.
I saw after I commented that you had already configured it to block. Didnt feel necessary to correct it..
Funny thing is, DNS shows as Mullvad (because I manually set it in the Rethink DNS app), but IP is not Mullvad's
What happens when you let mullvad handle your dns?
So these are the 3 options. Default is using "Rethink DNS" I don't want to use that, because I'm already having to trust Mullvad, so might as well use their DNS too. "System DNS" is just using the DNS of my ISP. So I have to manually put in Mullvad's DNS.
I mean not using whatever app your trying to pass mullvads dns through. Trying to see if it is the OS, or the other (firewall?) app causing your issue. That way you can file a bug report to the right place. If its your not your OS and mullvad works as expected its the other app. Might not be worth using depending on what applications your trying to lock away from the internet.
On my computer I had firefox set using cloudflare dns and also had mullvad handling my dns causing leakage. Well not really but I has two ip show up in dnsleaktest. One cloudflare and the other mullvad. Is your browser the issue here, can you set dns in the browser settings?
are you using DNS-over-TLS?
i don't use nextDNS app. Is nextDNS app using nextDNS by default?
i had to try different configurations to get what you're trying to get (firewall + vpn without leaks)
are you using DNS-over-TLS?
I manually copy pasted mullvad's DNS into DNS over TLS
which vpn are you using?
Mullvad
you should contact their support because it seems to be the vpn connection that fails
there must be something wrong with your config. When my VPN connection fails, i have a network error and no connection
I mean, when I use the official Mullvad app, this doesn't happen, but only when I use Rethink DNS app.
I would just use the official app, but Android only allows one VPN at a time, and "Firewall" apps count as a VPN, so... Rethink DNS is the only app that combines both... 🤷♂️
you don't need to "combine both", like i wrote under a different comment here, you can use a firewall and connect it to your vpn through SOCKS5
2nd question on netGuard FAQ https://github.com/M66B/NetGuard/blob/master/FAQ.md
I have this exact same issue with Proton VPN using RethinkDNS...my Wireguard proxy works for a while but then randomly cuts out (on my second user profile). In my case it looks like there's a kill switch when that happens at least but still...can't find any reason why it keeps dropping.
You want two VPN connection at the same time? I'm not sure it's possible
Um, no that's not what I meant.
Its one VPN, but any "Firewall" apps in Android also use the "VPN" function. And you can't have both on android.
So the only app that does both at the same time is Rethink DNS, and the problem with this app is: ⬆️
If you're using Mulvad it has DNS content block