FORUMS
Remove All Ads from XDA

 View Poll Results: What are you mainly using NetGuard for?

Reducing data usage
 
324 Vote(s)
31.24%
Saving battery
 
225 Vote(s)
21.70%
Increasing privacy
 
498 Vote(s)
48.02%
Blocking ads
 
685 Vote(s)
66.06%

[APP][6.0+] NetGuard - No-root firewall

17,158 posts
Thanks Meter: 35,250
 
By M66B, Recognized Developer on 25th October 2015, 01:33 PM
Post Reply Email Thread
13th May 2019, 04:59 PM |#9091  
Junior Member
Thanks Meter: 2
 
More
Quote:
Originally Posted by M66B

Try to disable ad blocking if you have this enabled.

Background: if you allow LAN traffic, the traffic of the local DNS server will not be routed into the VPN too, so there is an exception for this in NetGuard, else ad blocking won't work.

I do not have ad-blocking enabled. I use only the log to monitor connections.
As far as I know, something either an update or whatever broke it because I don't think I changed anything once I got everything set up the way I need it and it always worked very nicely for blocking or allowing LAN traffic.


I tried installing earlier version too and this bug made its way into those as well.
 
 
13th May 2019, 05:02 PM |#9092  
M66B's Avatar
OP Recognized Developer
Thanks Meter: 35,250
 
More
Quote:
Originally Posted by Janne12

I do not have ad-blocking enabled. I use only the log to monitor connections.
As far as I know, something either an update or whatever broke it because I don't think I changed anything once I got everything set up the way I need it and it always worked very nicely for blocking or allowing LAN traffic.


I tried installing earlier version too and this bug made its way into those as well.

There was nothing changed to how the LAN setting works in recent versions:

https://github.com/M66B/NetGuard/com...eSinkhole.java
13th May 2019, 05:05 PM |#9093  
gangrenius's Avatar
Senior Member
Thanks Meter: 197
 
More
Quote:
Originally Posted by M66B

If you want to test a build of NetGuard for Android Q, please contact me via here:

https://contact.faircode.eu/?product=other

This is open to anyone who want to give it a try.

Note that although I did the necessary changes, I am not able to test this myself because I don't own a device that can run Android Q yet.

Have a question, why do I have to fill out all that for a test build of Q.
13th May 2019, 06:08 PM |#9094  
M66B's Avatar
OP Recognized Developer
Thanks Meter: 35,250
 
More
Quote:
Originally Posted by gangrenius

Have a question, why do I have to fill out all that for a test build of Q.

Because I don't want to publish a build that I don't know of if it works properly. Moreover, there might be a few tries needed to get it working. So, I need your email address to send you a link and for follow up. Rest assured that your contact data is safe with me.
The Following User Says Thank You to M66B For This Useful Post: [ View ]
13th May 2019, 07:33 PM |#9095  
Member
Thanks Meter: 29
 
More
Quote:
Originally Posted by Janne12

I do not have ad-blocking enabled. I use only the log to monitor connections.
As far as I know, something either an update or whatever broke it because I don't think I changed anything once I got everything set up the way I need it and it always worked very nicely for blocking or allowing LAN traffic.

I tried installing earlier version too and this bug made its way into those as well.

No source code change in that area for long.
I remember some time ago you accidentally had the 'Allow tethering' setting disabled. Does that setting make a difference wrt. your current problem?
13th May 2019, 11:55 PM |#9096  
Senior Member
Thanks Meter: 60
 
More
I'm having an issue with this and am not sure if there is a setting which would prevent it. I use netguard for the adblocking feature. The trouble I have is that when I am on a wifi network and walk out of range of it (for example leaving home and getting into a car), netguard blocks all traffic as soon as wifi disconnects from my home network. The phone picks up the carrier's data signal but no apps that need an internet connection work until I toggle netguard on and off. It always reports blocking all apps when this happens. Then after toggling, it starts showing the normal allowed app count.

Is there away to have the app not require me to toggle it on and off to get traffic working again?
14th May 2019, 01:35 AM |#9097  
danpeig's Avatar
Junior Member
Thanks Meter: 0
 
More
Trafic not routing through firewall
I found a curious issue with NetGuard recently: the app appears to be relaying all traffic through firewall when it's indeed bypassing it.

I figured this out by accident, I was trying to figure out how much data some of my favorite websites download to my device. For that I started observing the VPN "always on" notification that indicates the traffic in/out and the connection time.

Sometimes while the connection timer was working, the data counter remained 0 bytes sent and 0 bytes received even during a high data consumption activity (browser, youtube, anything...). Putting the NetGuard app in the "lockdown traffic" mode didn't stopped the data flow. The system trafic log in Netguard was not recording anything either. Turning Netguard switch on/off didn't resolve the issue, it would keep bypassing the firewall and the VPN counters would be 0. I noticed this a few weeks ago and since then updated NetGuard to the latest versions available on GitHub but it din't solved.

Later I found that if I set the phone to airplane mode and then back online, the VPN starts working again as well as the filters and NetGuard protection.

I still don't know what causes this issue but I suspect it's related with switching from Wifi to 4G of from 4G to Wifi. Last week I was traveling internationally and the program worked as supposed for the entire week because I was only using it in Wifi mode. When I enabled 4G mobile data back on, the problem appeared randomly.

My first guess was that my phone had a problem with the internal VPN system or it's implementation so I first performed a test with OpenVPN connected for more than one day and It didn't failed once to route the traffic. Then I tested another private VPN that uses other protocol, no problems at all. Then switched back to NetGuard and the problem was back: VPN on, no filtering or logging, data 100% operational.

I think this is a severe security issue in the Android system. The OS makes you believe the VPN is ON and operational when in fact you are completely exposed and no traffic is routed.

About the phone... Samsung Galaxy S8 Exynos with Android Pie 9 and the latest April/2019 security update (not rooted). Current NetGuard version: 2.243, subnet routing off, internet access log on, filter traffic on, close connections on reload on, block domain names on (standard database), DNS servers 1.1.1.1 and 1.0.0.1 (Cloudflare).
14th May 2019, 10:28 AM |#9098  
M66B's Avatar
OP Recognized Developer
Thanks Meter: 35,250
 
More
Quote:
Originally Posted by lazer155

I'm having an issue with this and am not sure if there is a setting which would prevent it. I use netguard for the adblocking feature. The trouble I have is that when I am on a wifi network and walk out of range of it (for example leaving home and getting into a car), netguard blocks all traffic as soon as wifi disconnects from my home network. The phone picks up the carrier's data signal but no apps that need an internet connection work until I toggle netguard on and off. It always reports blocking all apps when this happens. Then after toggling, it starts showing the normal allowed app count.

Is there away to have the app not require me to toggle it on and off to get traffic working again?

This is mostly caused by a bug in Android where the VPN failover hangs.
Unfortunately, this cannot be fixed or worked around by NetGuard.
14th May 2019, 10:32 AM |#9099  
M66B's Avatar
OP Recognized Developer
Thanks Meter: 35,250
 
More
Quote:
Originally Posted by danpeig

I found a curious issue with NetGuard recently: the app appears to be relaying all traffic through firewall when it's indeed bypassing it.

I figured this out by accident, I was trying to figure out how much data some of my favorite websites download to my device. For that I started observing the VPN "always on" notification that indicates the traffic in/out and the connection time.

Sometimes while the connection timer was working, the data counter remained 0 bytes sent and 0 bytes received even during a high data consumption activity (browser, youtube, anything...). Putting the NetGuard app in the "lockdown traffic" mode didn't stopped the data flow. The system trafic log in Netguard was not recording anything either. Turning Netguard switch on/off didn't resolve the issue, it would keep bypassing the firewall and the VPN counters would be 0. I noticed this a few weeks ago and since then updated NetGuard to the latest versions available on GitHub but it din't solved.

Later I found that if I set the phone to airplane mode and then back online, the VPN starts working again as well as the filters and NetGuard protection.

I still don't know what causes this issue but I suspect it's related with switching from Wifi to 4G of from 4G to Wifi. Last week I was traveling internationally and the program worked as supposed for the entire week because I was only using it in Wifi mode. When I enabled 4G mobile data back on, the problem appeared randomly.

My first guess was that my phone had a problem with the internal VPN system or it's implementation so I first performed a test with OpenVPN connected for more than one day and It didn't failed once to route the traffic. Then I tested another private VPN that uses other protocol, no problems at all. Then switched back to NetGuard and the problem was back: VPN on, no filtering or logging, data 100% operational.

I think this is a severe security issue in the Android system. The OS makes you believe the VPN is ON and operational when in fact you are completely exposed and no traffic is routed.

About the phone... Samsung Galaxy S8 Exynos with Android Pie 9 and the latest April/2019 security update (not rooted). Current NetGuard version: 2.243, subnet routing off, internet access log on, filter traffic on, close connections on reload on, block domain names on (standard database), DNS servers 1.1.1.1 and 1.0.0.1 (Cloudflare).

If Android doesn't route traffic into the VPN, NetGuard will obviously not work.
There is little that can be done by NetGuard to fix this.
14th May 2019, 02:39 PM |#9100  
danpeig's Avatar
Junior Member
Thanks Meter: 0
 
More
Quote:
Originally Posted by M66B

If Android doesn't route traffic into the VPN, NetGuard will obviously not work.
There is little that can be done by NetGuard to fix this.

Why this only happens with NetGuard? I am testing the 4th VPN app and for days I didn't had any traffic bypass issue. I turn NetGuard and it starts bypassing traffic after a few hours.

Is there any VPN diagnostic log available in the Android file system that I could use to debug this issue?

Regards,
14th May 2019, 04:20 PM |#9101  
M66B's Avatar
OP Recognized Developer
Thanks Meter: 35,250
 
More
Quote:
Originally Posted by danpeig

Why this only happens with NetGuard? I am testing the 4th VPN app and for days I didn't had any traffic bypass issue. I turn NetGuard and it starts bypassing traffic after a few hours.

Is there any VPN diagnostic log available in the Android file system that I could use to debug this issue?

Probably because NetGuard is using Android VPN handover feature to not leak traffic, which is known to hang on some devices / Android versions.

You can find the NetGuard logging in the Android logcat.

Edit: for more information on the handover feature, please see here:
https://developer.android.com/refere...ml#establish()
Post Reply Subscribe to Thread

Guest Quick Reply (no urls or BBcode)
Message:
Previous Thread Next Thread
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes