Trafic not routing through firewall
I found a curious issue with NetGuard recently: the app appears to be relaying all traffic through firewall when it's indeed bypassing it.
I figured this out by accident, I was trying to figure out how much data some of my favorite websites download to my device. For that I started observing the VPN "always on" notification that indicates the traffic in/out and the connection time.
Sometimes while the connection timer was working, the data counter remained 0 bytes sent and 0 bytes received even during a high data consumption activity (browser, youtube, anything...). Putting the NetGuard app in the "lockdown traffic" mode didn't stopped the data flow. The system trafic log in Netguard was not recording anything either. Turning Netguard switch on/off didn't resolve the issue, it would keep bypassing the firewall and the VPN counters would be 0. I noticed this a few weeks ago and since then updated NetGuard to the latest versions available on GitHub but it din't solved.
Later I found that if I set the phone to airplane mode and then back online, the VPN starts working again as well as the filters and NetGuard protection.
I still don't know what causes this issue but I suspect it's related with switching from Wifi to 4G of from 4G to Wifi. Last week I was traveling internationally and the program worked as supposed for the entire week because I was only using it in Wifi mode. When I enabled 4G mobile data back on, the problem appeared randomly.
My first guess was that my phone had a problem with the internal VPN system or it's implementation so I first performed a test with OpenVPN connected for more than one day and It didn't failed once to route the traffic. Then I tested another private VPN that uses other protocol, no problems at all. Then switched back to NetGuard and the problem was back: VPN on, no filtering or logging, data 100% operational.
I think this is a severe security issue in the Android system. The OS makes you believe the VPN is ON and operational when in fact you are completely exposed and no traffic is routed.
About the phone... Samsung Galaxy S8 Exynos with Android Pie 9 and the latest April/2019 security update (not rooted). Current NetGuard version: 2.243, subnet routing off, internet access log on, filter traffic on, close connections on reload on, block domain names on (standard database), DNS servers 220.127.116.11 and 18.104.22.168 (Cloudflare).