Please restart your device for VPN tethering to work

[soccerboys2008]

When trying to use the repeater on version 2.17.4-g I'm met with this error

tried restarting my device, clearing the app storage, and reinstalling the app

nothing worked till I downgraded to 2.16.11 and everything was fine (then disabled auto update in play store, probably got auto updated from really old version)

Device info:

[Mygod]

Hi what VPN are you using? Can you export debug information on v2.17 and send it to me?

[hellobbn]

Hi, I am having the same problem. Here is the debug log.

I toggled the Repeater switch on and off, and captured the log. The VPN I have been using is sing-box (https://play.google.com/store/apps/details?id=io.nekohasekai.sfa)

vpnhotspot-2535350892380703906.log

[Mygod]

Hi @hellobbn does rebooting solve the issue?

[Mygod]

Make sure you are reporting after you see this prompt again after reboot. Do not uninstall the app.

[hellobbn]

Hi @Mygod , I can confirm that rebooting does not solve the issue.

[Mygod]

@hellobbn Does the following steps help?

1. Disable VPN.
2. Reboot the device.
3. Start VPN tethering.
4. Enable VPN.

[hellobbn]

Hi, if I start VPN tethering before enabling VPN, the error message no longer shows. However, it seems the traffic is not going through VPN, either.

[Mygod]

@hellobbn Okay, are you saying you did those steps without rebooting the device and the error no longer shows? Can you export debug information while VPN and tethering are all active? Also was v2.16 working for you before?

[soccerboys2008]

i use pia, however pia is currently having a nationwide issue in us starting about 4 - 6 hours ago

however i can use the repeater without a vpn until they get there stuff figured out

i will upgrade the app quick and grab the debug info

[Mygod]

This warning should only pop up if you use a VPN along with tethering but you can try that and see how it goes too.

[soccerboys2008]

hmm, just noticed that verison works without the vpn (naked as i like to call it), but when connected to pia (even though it currently has network issues) the issue reappears

thats probably why reboot didn't work, cause every time you connect the vpn the error appears

exported debug (before reboot): vpnhotspot-7265846459898467798_021801.log.txt

just tried reboot and same issue, no error naked though

exported degug (after reboot, before running naked was included): vpnhotspot-5674043189770050290_023006.log.txt

exported degug (after reboot, after/during running naked was included): vpnhotspot-2945051092799165850_022935.log.txt

i'll need to downgrade again once pia gets there issues resolved (can connect but spotty connections / slow internet, not related to this app)

[soccerboys2008]

until pia is fixed i wont be able to test this:

@hellobbn Does the following steps help?

1. Disable VPN.

2. Reboot the device.

3. Start VPN tethering.

4. Enable VPN.

usually the order i use is this:

1. reboot (no vpn active)
2. enable vpn
3. start vpn tethering

(in the past starting vpn tethering before enabling the vpn always lead to no internet access (devices connect to the network but receive no internet access, so i always stuck to the order above))

again once pia is fixed ill test the order you provided (can't test for internet access with vpn that has spotty internet access)

[soccerboys2008]

also the reason i had to downgrade last night (before these vpn issues), is i was getting no network access following the order i usually use (which gave the error message). after the downgrade everything worked again

[Mygod]

@soccerboys2008 Thanks for the logs! It appears that in the last log you sent everything seems working fine. If you try my order now, does the error message reappear? (Disregard the connectivity issue since you said your VPN is not working.)

EDIT: What I mean is that 1. start VPN tethering 2. start VPN 3. turn off VPN tethering and on again 4. export debug information.

[soccerboys2008]

@soccerboys2008 Thanks for the logs! It appears that in the last log you sent everything seems working fine. If you try my order now, does the error message reappear? (Disregard the connectivity issue since you said your VPN is not working.)

EDIT: What I mean is that 1. start VPN tethering 2. start VPN 3. turn off VPN tethering and on again 4. export debug information.

rebooted device and did that in that exact order (same issue), here log: vpnhotspot-2936274959345153651_025703.log.txt

[hellobbn]

I tried the following:

On new version: Disable VPN -> Reboot -> Enable VPN Tethering -> Enable VPN: No warning, VPN not seem to work properly Log(Please ignore the crashed vibrator thing in the logs) new.log

On Old version v2.16.11: Disable VPN -> Reboot -> Enable VPN Tethering -> Enable VPN: Working properly old.log

Not sure if it is the same problem. If not, I can open a new issue.

[soccerboys2008]

when i said same issue, it appeared at step 3 "3. turn off VPN tethering and on again" (specifically when it was turned on again)

[soccerboys2008]

pia is back online, i restarted and grabbed one more log following these steps (jic you want it), before i downgrade again:

@soccerboys2008 Thanks for the logs! It appears that in the last log you sent everything seems working fine. If you try my order now, does the error message reappear? (Disregard the connectivity issue since you said your VPN is not working.)

EDIT: What I mean is that 1. start VPN tethering 2. start VPN 3. turn off VPN tethering and on again 4. export debug information.

let me know if you want that one too

[Mygod]

      10198  HAPPY_BOX_MATCH RESTRICTED_MATCH IIF_MATCH tun0

Okay I feel like the issue here is that the uids_allowed_on_restricted_networks global setting is somehow not being used/respected by system, causing system to block DNS traffic from VPN Hotspot. 🤔 (Since v2.17, VPN Hotspot handles tethering DNS instead of offloading it to the primary DNS server.)

@hellobbn What is your device? I can see that you are running Android 14. Is it stock or custom ROM?

[soccerboys2008]

i have another oneplus 5 thats on lineageos 21 (android 14), with everything installed if it can help

(the oneplus 5 in the screenshots i've been too lazy to update, which is why its on lineage os 20 (android 13)) (this is the device all the logs came from)

[Mygod]

Hi can you guys try this apk? It should hopefully work on Android 13+.

EDIT: Sorry this apk is buggy. Please hold.

[Mygod]

Fixed some bugs and should hopefully work on any Android version: https://github.com/Mygod/pogoplusle/releases/download/debug/vpnhotspot-v2.17.5-debug2.apk

[soccerboys2008]

new error appeared (no internet access, and no internet access from connected devices)

here's the debug log: vpnhotspot-2389545170582576160_094038.log.txt

[Mygod]

Hmm I couldn't download the log...

[soccerboys2008]

ill try again then:

vpnhotspot-2389545170582576160_094038.log.txt

[Mygod]

Did you download and install the debug2 version?

[soccerboys2008]

yes, im getting same error on the link i just sent imma upload a google drive link:

https://drive.google.com/file/d/1XgnTuTGpJJslxNGtf4NaRRJo0AFhB6a5/view?usp=sharing

[Mygod]

Thanks for the logs but I am pretty sure that's not debug2 version. Try this apk? https://github.com/Mygod/pogoplusle/releases/download/debug/vpnhotspot-v2.17.5-debug2.apk

(I will double check this apk meanwhile.)

EDIT: Yes I think this is the right apk.

[soccerboys2008]

ok it seems the first one i installed was only 3mb (probably an incomplete download leading to that error) anyway here is the log and screenshots (same as the original error): vpnhotspot-8812612977146599456_100343.log.txt

p.s. i'm getting an issue with viewing the log with 404 not found using the preview if you have an error let me know and ill send a drive link

[Mygod]

Great please google drive the logs :)

[soccerboys2008]

https://drive.google.com/file/d/1XiTqTeG77vnROjzuXAq3LE3yym6DROJc/view?usp=sharing

[Mygod]

Hmm I think your ROM might be not fully upgraded to Android 13 and that could be causing the issue. Do you have the file /apex/com.android.tethering/javalib/service-connectivity.jar and if so, can you send it to me?

[Mygod]

Meanwhile this might fix the issue: https://github.com/Mygod/pogoplusle/releases/download/debug/vpnhotspot-v2.17.5-debug3.apk

[soccerboys2008]

just sending drive links now, not gonna try to send attachments

https://drive.google.com/file/d/1--mc25VqTd5W9DsNwT0YAF9RBo3kv0X7/view?usp=sharing

[soccerboys2008]

this made me remember that pia manages its own dns (may play a part (as in conflict of interest) or maybe not)

      10198  HAPPY_BOX_MATCH RESTRICTED_MATCH IIF_MATCH tun0

Okay I feel like the issue here is that the uids_allowed_on_restricted_networks global setting is somehow not being used/respected by system, causing system to block DNS traffic from VPN Hotspot. 🤔 (Since v2.17, VPN Hotspot handles tethering DNS instead of offloading it to the primary DNS server.)

@hellobbn What is your device? I can see that you are running Android 14. Is it stock or custom ROM?

anyway imma test debug 3 now

[Mygod]

That doesn't matter. :)

[soccerboys2008]

https://drive.google.com/file/d/1-NsTCYZGTlNG6IrlWVLY_S8_H65uJNEh/view?usp=sharing

[soccerboys2008]

does my service-connectivity.jar file look ok

[Mygod]

Yeah this was my fault. I wrote a bug. debug4: https://github.com/Mygod/pogoplusle/releases/download/debug/vpnhotspot-v2.17.5-debug4.apk

[soccerboys2008]

fixed

[soccerboys2008]

works on android 14 too (different oneplus 5 with lineage 21)

[hellobbn]

Hi, I can confirm this works.

And I am also using Lineage OS, so I suspect this is something related to the OS, because it does introduced something like firewall in the connectivity apex.

If this problem is ROM's side, can you provide some more detailed information about the issue?

[Mygod]

Sure. Essentially I am trying to grant this app restricted network permission which allows it to serve downstream DNS traffic bypassing Android VPN firewall. The way the app does this is essentially running settings put global uids_allowed_on_restricted_networks <app uid>.

Looking at your logs, it seems like the global settings was updated properly and looking at the system jar from @soccerboys2008, the system does look at this settings key. However, somehow the permission is still not granted to the app for some reason. 🤔

[hellobbn]

Thanks for the information!

I have reported the issue to the developers and the issue is tracked here: https://gitlab.com/CalyxOS/calyxos/-/issues/2192

[Mygod]

Yeah that is definitely responsible. Why would they do this?

[soccerboys2008]

i run plain lineage os (lineageos.org), so theres probably an upstream issue

[soccerboys2008]

its upstream: https://review.lineageos.org/c/LineageOS/android_packages_modules_Connectivity/+/369208

[hellobbn]

The firewall feature is "ported" from the CalyxOS to LineageOS. And here is the word from the developer which may answer @Mygod :

hey, thanks for sharing this. i'm 90% sure it's a bug in the firewall implementation. that uids_allowed_on_restricted_networks list was previously used by the firewall implementation (too) to track whether or not to allow network access for an application. the new implementation uses a uid policy instead, POLICY_REJECT_ALL, for that. it's very likely there was an oversight on my part in the new implementation that causes it to not even pay attention to uids_allowed_on_restricted_networks at all anymore. i'll need to mess with it a bit, but i do think it's something that i want to get fixed actually, not sure yet, but this commit might be responsible (on the calyxos side anyway): https://review.calyxos.org/c/CalyxOS/platform_packages_modules_Connectivity/+/21480/7 it was created for a good reason in the previous implementation - to prevent apps from being given too much permission simply for being allowed to use the internet. but it may not be applicable with the new implementation. i'll have to check.

[Mygod]

@Uldiniad Please explain your commit? How does LineageOS/CalyxOS even pass CTS tests with this? Do you guys even run CTS tests? 🤔

[Uldiniad]

@Uldiniad Please explain your commit? How does LineageOS/CalyxOS even pass CTS tests with this? Do you guys even run CTS tests? 🤔

We don't test CTS and have no reason to