Hotspot does not work with FW enabled

StarGW-net / karma-firewall

Apache License 2.0

123 stars 11 forks source link

Hotspot does not work with FW enabled #13

Open MrPixelized opened 1 year ago

MrPixelized commented 1 year ago

I wish I could make you a nice issue, but all the information I have is in the title.

StarGW-net commented 1 year ago

Unfortunately any traffic via the Hotspot ignores the active VPN. Using a VPN is how we implement the Firewall on a non rooted device. This is a limitation of Android.

gbdomubpkm commented 1 year ago

Unfortunately any traffic via the Hotspot ignores the active VPN. Using a VPN is how we implement the Firewall on a non rooted device. This is a limitation of Android.

However, there is a setting on Android that allows 'hotspot clients to use VPNs', which works very well for me with Proton VPN (and split tunneling used). My smartphone is not routed. Android 11 or 12 AOSP. Does not work with Karma-Firewall.

burner1024 commented 1 year ago

Same for me. That's the setting, for the reference

hotspot

StarGW-net commented 1 year ago

Very interesting. That option is not available on my Samsung A40 and A54 in either Android 12 or 13:

hotspot

But on phones where it is available I am not sure how it would work for Karma.

Karma Firewall works by blocking apps using the UID android assigns to them. Traffic coming via the hotspot would have no UID, or would just have the UID of the Hotspot System App. Therefore all the traffic would be lumped together so would be all blocked or all allowed. No granularity.

Its only by inspecting the traffic that Karma could allow some Hotspot traffic and not others. As you know our philosophy is to never inspect traffic.

burner1024 commented 1 year ago

Allowing all hotspot traffic is perfectly fine, nothing more is expected. I couldn't find the uid though.

StarGW-net commented 1 year ago

The way Karma works, is allow ALL traffic unless the UID of an App is added to the block list. So by default the Hotspot traffic should be allowed. And indeed this is how it works on my Samsungs. Karma enabled and hotspot shared with my laptop. Traffic allowed.

Even if I block all System Traffic on Karma, HotSpot traffic is still allowed.

For sharing VPN see:

https://protonvpn.com/support/share-vpn-connection-android-hotspot/

What phone and OS are you guys using?

gbdomubpkm commented 1 year ago

As i said vpn tethering works on Volla phone https://www.indiegogo.com/projects/volla-phone-free-your-mind-protect-your-privacy#/updates/all with Proton vpn . Volla phone works with volla os (android 12 aosp currently).

burner1024 commented 1 year ago

my is lineage os 20