TrackerControl / tracker-control-android

TrackerControl Android: monitor and control trackers and ads.
https://trackercontrol.org/
GNU General Public License v3.0
1.93k stars 82 forks source link

IP leak when using TC as device VPN and chaining with Orbot #359

Open Maio-msdos opened 1 year ago

Maio-msdos commented 1 year ago

Do you use TrackerControl from Google Play/F-Droid/other? Fdroid Version 2022.10.25-fdroid

Describe the bug IP leak when using TC as the VPN and chaining with Orbot using the TC Socks5 proxy and port forwarding configuration

In the first instance I configured TC to send TCP to the Orbot Socks5 proxy using port 9050 as well as port forwarded port 53 UDP to Orbot DNS port 5400, DNS leak test was fine and some IP tests were fine but I consistently got an IP leak when testing with whatsmyip.com

This led me to think that perhaps it was making a port 443 UDP request to dodge the Orbot Socks5 proxy, so I configured TC to port forward all UDP ports from 0-65535 to an unused port (29000) apart from port 53 which I left forwarding to 5400 and port 443 which I forwarded to 9050 (forwarding UDP 443 to 29000 would for some reason also mess with TCP breaking web browsing)

N.B I don't get IP leaks from whatsmyip.com when using Orbot as the VPN

To Reproduce Minimum steps to reproduce the behavior:

  1. Run TC as always on VPN and configure TC socks5 proxy to port 9050 and port forward TC UDP port 53 to port 5400
  2. Run Orbot with Sock5 proxy and Tor DNS enabled
  3. View TC traffic log
  4. Browse to whatsmyip.com, to see IP leak

Can send export of TC config if desired, for port forwarding all ports

guttermonk commented 1 year ago

I had the same issue with TC and Orbot. Then I tried Invizible Pro instead of Orbot, and still had the same problem.

Finally, I tried replacing TC with Netguard and configured it to use DNScrypt and Tor using Invizible Pro, per these instructions: https://invizible.net/en/invizible-and-netguard-firewall/

Since I use the default browser that comes with my custom ROM, I had to go into the Netguard settings and check "manage system apps". Apparently this was the source of my IP leak originally, because Netguard was able to manage my browser app while TC had a warning that I could not (even when I had checked "manage system apps" in the TC advanced settings).