ProtonVPN / android-app

Official ProtonVPN Android app
https://protonvpn.com/download-android
GNU General Public License v3.0
2.32k stars 307 forks source link

Local network traffic seems to be routed through the VPN #51

Open h4ckemc2 opened 3 years ago

h4ckemc2 commented 3 years ago

Local network traffic seems to be routed through the VPN. For example, when trying to cast content to Chromecast devices located in the same local network as the Android device running the ProtonVPN app, cast cannot be performed. The VPN has to be shut down in order to be able to cast (e.g. casting video from streaming apps as Netflix or others). The VPN app should be able to identify whenever a local network connection is being established and not routing its traffic through the VPN, on the contrary, traffic going to the Internet should be tunneled through the VPN.

mateusz-markowicz commented 3 years ago

Hey, thanks for the report. We have a setting for bypassing VPN for local connections but only for OpenVPN at this moment. You need to disable Smart Protocol in settings, choose OpenVPN and set "Allow LAN connections".

cyclinggeorgian commented 3 years ago

Hey, thanks for the report. We have a setting for bypassing VPN for local connections but only for OpenVPN at this moment. You need to disable Smart Protocol in settings, choose OpenVPN and set "Allow LAN connections".

Hey Mateusz, indeed there is such an option and it works wonderfully. Although not when "Always on kill switch" is enabled too. And that switch, for me at least, is of paramount importance. I want all my traffic go through VPN connection or not at all. I didn't open new issue because i think it fits here too. But my issue is exactly that - With "Always on kill switch" even applications in the "allowed" list are "forced" over VPN. --edit-- Kind of felt like unfinished request... I was trying to say that even with "kill switch" i would like for Split Tunnelling still be able to work.

shahram10715 commented 3 years ago

Hey, thanks for the report. We have a setting for bypassing VPN for local connections but only for OpenVPN at this moment. You need to disable Smart Protocol in settings, choose OpenVPN and set "Allow LAN connections".

It did not work for me. Although I disabled "always on kill switch" I also have trouble with split tunneling wich I have mentioned in issue #46

Hielyr commented 2 years ago

I also use the kill switch and can confirm that when it is enabled, I am unable to access devices on my LAN. Only being able to use OpenVPN is one thing, but not being able to have the kill switch feature enabled is a pretty big negative in my book.

cthulhubuddha commented 2 years ago

Hey team! Any progress on this one? On Android you must disable Block connections without VPN (e.g. kill switch) to see your local LAN. Thanks!

some-username-here1 commented 2 years ago

Can confirm here as well, getting the same issue where I can't access or ping other devices on the same LAN. Disabling "Block connections without VPN" gets around it, but I'd like to have it always block any outgoing non-LAN connection too.

Phone is OnePlus 6T and OS is LineageOS 18.1 if needed.

EDIT: even with the protocol switched off from Smart with "Block connections without VPN" enabled, Wireguard, IKEv2 or OpenVPN doesn't work either.

frknltrk commented 2 years ago

Screenshot_20220502-193429_1 enabling the setting "LAN connections" worked for me.

jmcrey commented 2 years ago

I do not use the kill switch, so switching the protocol to OpenVPN and enabling LAN connections worked for me.

It does seem like a negative to not be able to use the other protocols. Is there any plan to enable this feature on the other protocols?

TARehman commented 2 years ago

I can verify this behavior as well. I have a local machine running on my network. To document the effect of various settings, see the table below. I am doing all of these tests on an Android phone.

VPN Connection Protocol LAN connections Always-on VPN Block connections without VPN Connection
On Smart (auto) Off Off Off Fails
On Smart (auto) On Off Off Succeeds
On Smart (auto) On On Off Succeeds
On Smart (auto) On On On Fails

It would appear that when the "Block connections without VPN" setting is On, Android / ProtonVPN interprets this quite literally as "do not allow any connection to go without VPN", even when you allow for LAN connections. On the one hand, this does sort of make sense - we did tell it to not allow any connections that aren't over VPN. On the other hand, though, I'd say this behavior is somewhat unexpected because you would think that it would only affect connections outside your network.

If, as I suspect, this is possibly an Android thing more than a ProtonVPN thing, perhaps it would be possible to "gray out" the switch for "LAN connections" in ProtonVPN when the "Block connections without VPN" setting is set in Android? That would make it clear to other users what is happening so they don't have to go through the above debugging steps.

mainrs commented 2 years ago

@TARehman I experience the exact same behaavior as you state in your table. Up until today, where I had to disable always-on to make my LAN connections work. Do you experience the same? Does it still work?

cpainchaud commented 1 year ago

It feels to me that it's Android feature "Block connections without VPN" that is causing the problem and that no VPN app can modify it's behavior to tell Android that some networks can be excluded

ahsvip commented 1 year ago

Does lan connection mean that we can create a local proxy for the Hot spot network and share it with other devices?

If so, please state the port number of this proxy and its protocol

mainrs commented 8 months ago

It feels to me that it's Android feature "Block connections without VPN" that is causing the problem and that no VPN app can modify it's behavior to tell Android that some networks can be excluded

Just to bring some clarity into this. This seems to be an issue within Android. There is already an open feature report to add the necessary API for unprivileged (VPN) apps to make this work properly.

Currently, said API resides in DevicePolicyManager. And this requires the app to be a work manager IIRC.