search

AdguardTeam / AdguardForAndroid

Open bug tracker for Android version of AdGuard.
https://adguard.com/
1.22k stars 86 forks source link

Automatic Proxy stops working after a while, when AdGuard HTTPS certificate module is installed. #5350

Closed BatobolotovBato closed 5 days ago

BatobolotovBato commented 3 weeks ago

Please answer the following questions for yourself before submitting an issue

AdGuard version

4.4.189

Environment

HTTPS filtering

Root access

Integration with AdGuard VPN

Routing mode

Automatic proxy

Ad Blocking

AdGuard Base filter, AdGuard Mobile Ads filter, EasyList

Privacy

AdGuard Tracking Protection filter

Social

No response

Annoyances

AdGuard Annoyances filter, AdGuard Cookie Notices filter, AdGuard Popups filter

Security

Online Malicious URL Blocklist, NoCoin Filter List

Language-specific

AdGuard Russian filter

Other

Filter unblocking search ads and self-promotion, AdGuard DNS filter

Which DNS server do you use?

Cloudflare DNS

DNS protocol

DNS-over-HTTPS

Custom DNS

1.1.1.1

What Stealth Mode options do you have enabled?

Block trackers

Issue Details

Steps to reproduce:

  1. Install AdGuard HTTPS certificates
  2. Install AdGuard Certificate module
  3. Turn on Automatic Proxy
  4. Turn on Cloudflare WARP+
  5. Wait some time

Expected Behavior

AdGuard blocks ads through Automatic Proxy with no problem and Cloudflare WARP+ VPN works without any problems.

Actual Behavior

AdGuard stops filtering traffic after some time. Cloudflare WARP+ also doesn't work, shows SSL certificate error. But if I try to connect to WARP+ with disabled AdGuard protection, then WARP+ works without any problems.

Screenshots

AdGuard screenshot ![Screenshot_2024-06-04-19-04-53-634_com adguard android-edit](https://github.com/AdguardTeam/AdguardForAndroid/assets/105489367/8d19622c-0675-4e92-8231-25485e9c9000)
Cloudflare WARP+ screenshot ![Screenshot_2024-06-04-19-06-07-998_com cloudflare onedotonedotonedotonf-edit](https://github.com/AdguardTeam/AdguardForAndroid/assets/105489367/99ae8e14-600e-4ea5-908c-00a9c9f5071a)

Additional Information

No response

Rtizer-9 commented 3 weeks ago

@BatobolotovBato Did you whitelist warp from adguard routing? Because it most probably needs to. Also warp started pinning its ssl certificate since last few releases so without unpinning it just won't run with an interception app like adguard running simultaneously.

BatobolotovBato commented 3 weeks ago

@BatobolotovBato Did you whitelist warp from adguard routing? Because it most probably needs to. Also warp started pinning its ssl certificate since last few releases so without unpinning it just won't run with an interception app like adguard running simultaneously.

But if I will whitelist it, then traffic won't be routed through AdGuard anymore and ads will appear again. And wasn't Automatic Proxy created to be able to work with other VPN? Otherwise it's just a feature to play with

Rtizer-9 commented 3 weeks ago

Was it working perfectly with warp routed under adguard in previous versions? Normally it's suggested to whitelist a VPN app from ag routing. You can try checking the behaviour with including/excluding ag under warp routing.

There are lots of users wanting to use warp with ag but warp app simply doesn't play well with ag.

You can use some alternatives like singbox and it's several forks to use warp with ag although you may face some issues here and there.

Ag should definitely have compatibility with warp app or wireguard official app given that warp users are only increasing with time.

BatobolotovBato commented 3 weeks ago

Was it working perfectly with warp routed under adguard in previous versions? Normally it's suggested to whitelist a VPN app from ag routing. You can try checking the behaviour with including/excluding ag under warp routing.

There are lots of users wanting to use warp with ag but warp app simply doesn't play well with ag.

You can use some alternatives like singbox and it's several forks to use warp with ag although you may face some issues here and there.

Ag should definitely have compatibility with warp app or wireguard official app given that warp users are only increasing with time.

It was working perfectly before, I don't really remember since when problem occured, but that's definitely after AdGuard update. I never updated WARP+ as this is clone with Endpoint enabled. I still prefer WARP+ as this is the only VPN, which doesn't slow down my already pretty slow Internet connection.

Rtizer-9 commented 3 weeks ago

Surprising, it never worked for others including me. You can try turning off ipv6 because it lets the domains bypass the filtering but then you'll lose ipv6 connectivity.

You can use warp+ as I mentioned above through several forks of singbox family. You just need to export your warp+ profile using something like wgcf.

BatobolotovBato commented 3 weeks ago

Surprising, it never worked for others including me. You can try turning off ipv6 because it lets the domains bypass the filtering but then you'll lose ipv6 connectivity.

You can use warp+ as I mentioned above through several forks of singbox family. You just need to export your warp+ profile using something like wgcf.

Well, tried it, generated config, imported my license key and then used Wireguard. And suddenly, WARP+ worked! With AdGuard! I was like "Finally everything works". But on the next day Wireguard stopped working. And it wasn't working even with AdGuard disabled. I don't know what happened this time. Really strange

Rtizer-9 commented 3 weeks ago

Give me your tg id.

maxikuzmin commented 2 weeks ago

@Rtizer-9 thank you for your help, it's very helpful!

@BatobolotovBato did you manage to find any solution for AdGuard + WARP synchronization?

Rtizer-9 commented 2 weeks ago

@maxikuzmin I request you to look into this. It's been a long time all of us warp users are unable to integrate ag with either warp app or official wireguard app and all other issues created by warp users on this repo are still unresolved.

They work perfectly individually but not together and almost everyone needs VPN now or then but we are unable to do so because warp app doesn't play nice with adguard.

maxikuzmin commented 2 weeks ago

@Rtizer-9 @BatobolotovBato I found mention of a similar issue

have you tried configuring apps this way?

Add AdGuard to the list of the excluded apps in WARP application. Settings -> Advanced -> Connection options -> Manage excluded apps

Disable DNS protection module in AdGuard. Keep ad blocking, annoyance blocking and tracking protection modules enabled for the best results.

Rtizer-9 commented 2 weeks ago

If configured this way, adguard doesn't capture all requests and only shows dns requests in its log instead of those domain/path requests. So cosmetic filtering stops completely because no path is being dealt with, only domains.

playaz44 commented 2 weeks ago

I use adguard proxy mode + warp with root, just disable https filtering for warp. Sometimes the warp app disables the vpn by itself, you have to manually enable it or you can switch to cloudflare zero trust where you can set the vpn to automatically reconnect. Probably sometimes when turning on warp with adguard already enabled in proxy mode you will experience no internet access, in this case you need to restart adguard because it has a bug in adguard due to which after disabling and enabling vpn adguard does not reconfigure network routes which I reported over 2 weeks ago and so far has not been fixed.

BatobolotovBato commented 2 weeks ago

@Rtizer-9 thank you for your help, it's very helpful!

@BatobolotovBato did you manage to find any solution for AdGuard + WARP synchronization?

Yes i did found a solution, but only partially. I used WARP+ Wireguard profile, but with my endpoint. It works with AdGuard, but only with Wi-Fi. It's still doesn't work with cellular data

BatobolotovBato commented 2 weeks ago

I use adguard proxy mode + warp with root, just disable https filtering for warp. Sometimes the warp app disables the vpn by itself, you have to manually enable it or you can switch to cloudflare zero trust where you can set the vpn to automatically reconnect. Probably sometimes when turning on warp with adguard already enabled in proxy mode you will experience no internet access, in this case you need to restart adguard because it has a bug in adguard due to which after disabling and enabling vpn adguard does not reconfigure network routes which I reported over 2 weeks ago and so far has not been fixed.

I tried that, didn't work for me

maxikuzmin commented 1 week ago

@BatobolotovBato I configured AdGuard + WARP, disabled filtering for WARP in AdGuard, added DNS in AdGuard "1.1.1.1", enabled Automatic Proxy mode. During the day both apps work correctly and do not stop working. I'm using a WiFi connection

How often did you have the apps stop work?

Rtizer-9 commented 1 week ago

@maxikuzmin is cosmetic filtering working for you in the setup you described above?

Rtizer-9 commented 1 week ago

I just checked and the problem remains the same for me : with warp ,cosmetic filtering completely stops working because with warp turned on, adguard is unable to capture the requests beyond the domains. So adguard works but it becomes a dns based blocker, no cosmetic filtering with mitm capability of injecting/modifying requests/userscripts tracking protection everything stops working.

And just like before, turning off ipv6 filtering in low level settings make this whole setup work perfectly but then you lose ipv6 connectivity completely.

You can check.

Rtizer-9 commented 1 week ago

Update: cosmetic filtering works for some apps but not for some.

maxikuzmin commented 1 week ago

@Rtizer-9 yes, tracking protection works in my case. Could you please clarify if you have the certificate displayed by AdGuard?

I suspect this is a long-standing problem with IPv6. Try checking the filtering on forbes.com for example? In my case, when checking, cosmetic filtering is applied

maxikuzmin commented 1 week ago

@Rtizer-9 @BatobolotovBato we discovered that IPv6 filtering in Automatic proxy is broken. We will fix it in the next update. Issue #5370 After fixing IPv6 cosmetic filtering should work fully in Automatic proxy mode

maxikuzmin commented 1 week ago

@BatobolotovBato anyway, your initial problem is AdGuard disabling after some time. It would be nice to get your logs, respectively if it is repeated only with wifi network, please check with wifi.

Settings -> General -> Advanced -> Logging level -> Debug

Settings -> General -> Advanced -> Export logs and system info

mention the 5350 number in the subject specify the exact time when the issue occurred

maxikuzmin commented 1 week ago

@BatobolotovBato any news?

maxikuzmin commented 5 days ago

@BatobolotovBato for the moment, I'm closing this issue. I hope that once issue #5370 is resolved, the problem will be resolved

If after resolving the IPv6 issue, the problem still recurs, please reopen the issue or create a new one.

BatobolotovBato commented 3 days ago

@BatobolotovBato I configured AdGuard + WARP, disabled filtering for WARP in AdGuard, added DNS in AdGuard "1.1.1.1", enabled Automatic Proxy mode. During the day both apps work correctly and do not stop working. I'm using a WiFi connection

How often did you have the apps stop work?

That method worked for me also, until some point

BatobolotovBato commented 3 days ago

@maxikuzmin is cosmetic filtering working for you in the setup you described above?

Only if blocking trackers and AdGuard extra script. Even with them turned off it's still doesn't work

BatobolotovBato commented 3 days ago

@Rtizer-9 @BatobolotovBato we discovered that IPv6 filtering in Automatic proxy is broken. We will fix it in the next update. Issue #5370 After fixing IPv6 cosmetic filtering should work fully in Automatic proxy mode

Ip6 filtration was and is turned off

BatobolotovBato commented 3 days ago

@BatobolotovBato anyway, your initial problem is AdGuard disabling after some time. It would be nice to get your logs, respectively if it is repeated only with wifi network, please check with wifi.

  • Enable debug logging:

Settings -> General -> Advanced -> Logging level -> Debug

  • Reproduce steps, then remember the exact time when it happened
  • Collect logs:

Settings -> General -> Advanced -> Export logs and system info

mention the 5350 number in the subject specify the exact time when the issue occurred

Well, that problem disappeared after some updates. But there is another problem: broken Internet connection with some apps, when I have Proxy turned on. VPN mode is not having these problems

BatobolotovBato commented 3 days ago

@BatobolotovBato any news?

That's all the news. Sorry for late reply, I don't use Github nor Gmail that often

BatobolotovBato commented 3 days ago

@BatobolotovBato for the moment, I'm closing this issue. I hope that once issue #5370 is resolved, the problem will be resolved

If after resolving the IPv6 issue, the problem still recurs, please reopen the issue or create a new one.

I'm not sure if these problems related to each other...

maxikuzmin commented 5 hours ago

@BatobolotovBato you are right. Please open a new issue with the problem about proxy. Don't forget to describe all steps to repeat the issue, and also send logs at once, as indicated in the instructions above