[CLOSED][APP][6.0+] NetGuard - No-root firewall

[M66B]

Just before you close the show I have a nasty edge case. I'm very pleased with the pro version, all is working well but there is a strange situation with the DNS settings. In NetGuard you can set the DNS which I did to 1.1.1.1 and 1.0.0.1. It works smooth as silk for cellular but when I connect to home Wi-Fi the DNS is forced to the providers DNS which I have spotted on dnsleaktest.com . Here comes the tricky part. In Android 9 there is an option to set up private dns in the settings. When I turn off NetGuard and turn it on and use 1dot1dot1dot1.cloudflare-dns.com it works both for cellular and my quirky home Wi-Fi. This is strange. Any hints why is that, and can something be done with NetGuard to act just like the stock Android setting and cover both the cellular and Wi-Fi?

You can't use private DNS and NetGuard at the same time, see the FAQ for more information.

 

[fw190]

You can't use private DNS and NetGuard at the same time, see the FAQ for more information.

I know that and that is not my point. Maybe I was not clear enough.

Setting up 1.1.1.1 in NetGuard settings gives Cloudflare DNS on dnsleaktest.com for cellular but not for Wi-Fi (obviously private DNS turned off in Android settings). Why is that?

Why can the private DNS option in Android settings provide Cloudflare both for cellular and Wi-fi and NetGuard can only do this for cellular for me?

 

[M66B]

I know that and that is not my point. Maybe I was not clear enough.

Setting up 1.1.1.1 in NetGuard settings gives Cloudflare DNS on dnsleaktest.com for cellular but not for Wi-Fi (obviously private DNS turned off in Android settings). Why is that?

Why can the private DNS option in Android settings provide Cloudflare both for cellular and Wi-fi and NetGuard can only do this for cellular for me?

You'll need to set exactly two custom DNS server addresses if you don't want other DNS addresses to be used.

 

[fw190]

You'll need to set exactly two custom DNS server addresses if you don't want other DNS addresses to be used.

I have set up in NetGuard 1.1.1.1 and 1.0.0.1 since the beginning as per the FAQ.

 

[M66B]

I have set up in NetGuard 1.1.1.1 and 1.0.0.1 since the beginning as per the FAQ.

Then NetGuard will set these addresses to be used to resolve domain names. However, NetGuard cannot force Android to use these addresses. Unfortunately, many Android version have VPN routing bugs

 

[fw190]

Then NetGuard will set these addresses to be used to resolve domain names. However, NetGuard cannot force Android to use these addresses. Unfortunately, many Android version have VPN routing bugs

I'm on Nokia 2.2. with Android 9 and July security patch (latest available). Interesting. Maybe some future update will iron this out.

 

[M66B]

I'm on Nokia 2.2. with Android 9 and July security patch (latest available). Interesting. Maybe some future update will iron this out.

The DNS logic was recently changed. I will double check this coming weekend.

 

[netguarduser]

Just before you close the show I have a nasty edge case. I'm very pleased with the pro version, all is working well but there is a strange situation with the DNS settings. In NetGuard you can set the DNS which I did to 1.1.1.1 and 1.0.0.1. It works smooth as silk for cellular but when I connect to home Wi-Fi the DNS is forced to the providers DNS which I have spotted on dnsleaktest.com . Here comes the tricky part. In Android 9 there is an option to set up private dns in the settings. When I turn off NetGuard and turn it on and use 1dot1dot1dot1.cloudflare-dns.com it works both for cellular and my quirky home Wi-Fi. This is strange. Any hints why is that, and can something be done with NetGuard to act just like the stock Android setting and cover both the cellular and Wi-Fi?

The same happened in my Nokia (another version) with Android 9 and those DNS servers. I did the same as you. I'll tell you when I can if it's happening again with another DNS server I changed.

---------- Post added at 03:48 PM ---------- Previous post was at 03:45 PM ----------

+1 time to close this thread

Is it a joke or are you seriously thinking to close this Forum?

 

[rolko]

Hi,

After updating to Netguard 2.261 apps with blocked internet access were not able to reach resources in the local network anymore, so I downgraded to get it working again and stopped updates for the moment. Has this by chance already been fixed in a newer version? I operate Netguard on an Android 8.1 phone.

Thanks in advance!

 

[M66B]

Hi,

After updating to Netguard 2.261 apps with blocked internet access were not able to reach resources in the local network anymore, so I downgraded to get it working again and stopped updates for the moment. Has this by chance already been fixed in a newer version? I operate Netguard on an Android 8.1 phone.

Thanks in advance!

I am not aware of such a (new) problem.

You can try to enable lan access in the network settings.

I will need more details to look into this.

 

[rolko]

What kind of details do you need? I blocked internet access via WLAN for these apps, because I do not want them to phone home, but I enabled subnet routing and LAN access, because they shall be able to reach services within my LAN. Up to Netguard 2.260 this worked out perfectly for me. Could the problem be linked to the change in 2.261 allowing LAN access for apps with enabled internet access via WLAN?

 

[Ikearat]

Forgive me for being slow... this is just how I am.
How did you block access to part of the network while allowing other parts?
I understand "WLAN" to imply Metered network(s) and "LAN" to mean Un-metered networks. Whenever I try to control which route, WLAN or LAN, all I can do is put the phone in Airplane before unlocking anything or the app will use Metered just like it uses Un-metered. There's nothing that says "use WiFi for this URL but don't use cell data for the same URL".

 

[mechell]

Hi, I wonder what this HOPO6 address is and why is blocked? I can't select it to unblock or anything...

 

[Invincible-Venom]

Please reduce Background processes of App and make it more lightweight. Also if possible only a single service running to restrict Apps

 

[M66B]

What kind of details do you need? I blocked internet access via WLAN for these apps, because I do not want them to phone home, but I enabled subnet routing and LAN access, because they shall be able to reach services within my LAN. Up to Netguard 2.260 this worked out perfectly for me. Could the problem be linked to the change in 2.261 allowing LAN access for apps with enabled internet access via WLAN?

I don't think this change will cause this problem. I will double check things later this weekend.

 

[M66B]

Forgive me for being slow... this is just how I am.
How did you block access to part of the network while allowing other parts?
I understand "WLAN" to imply Metered network(s) and "LAN" to mean Un-metered networks. Whenever I try to control which route, WLAN or LAN, all I can do is put the phone in Airplane before unlocking anything or the app will use Metered just like it uses Un-metered. There's nothing that says "use WiFi for this URL but don't use cell data for the same URL".

There is a network setting to allow LAN traffic, which is not equal to WiFi traffic.

 

[M66B]

Hi, I wonder what this HOPO6 address is and why is blocked? I can't select it to unblock or anything...

Please see the FAQ about this.

 

[M66B]

Please reduce Background processes of App and make it more lightweight. Also if possible only a single service running to restrict Apps

There is just one single service filtering the internet traffic.

 

[rolko]

I don't think this change will cause this problem. I will double check things later this weekend.

Thanks! I appreciate this!

 

[netguarduser]

Just before you close the show I have a nasty edge case. I'm very pleased with the pro version, all is working well but there is a strange situation with the DNS settings. In NetGuard you can set the DNS which I did to 1.1.1.1 and 1.0.0.1. It works smooth as silk for cellular but when I connect to home Wi-Fi the DNS is forced to the providers DNS which I have spotted on dnsleaktest.com . Here comes the tricky part. In Android 9 there is an option to set up private dns in the settings. When I turn off NetGuard and turn it on and use 1dot1dot1dot1.cloudflare-dns.com it works both for cellular and my quirky home Wi-Fi. This is strange. Any hints why is that, and can something be done with NetGuard to act just like the stock Android setting and cover both the cellular and Wi-Fi?

As I told you I changed the DNS servers and tried again.
It's the opposite in my case: at home with my WIFI connection it shows correctly the DNS I changed in Netguard, but if I turn off WIFI and use only 4g then the DNS,s of the Mobile company are shown.
But I found the solution: Enabling Traffic filter and Filter UDP traffic (with the DNS daemon allowed too).
Try with your DNS servers and let me know if it works.