[Feature request] Per app proxy for socks/http proxy

[gili-gili]

Since Rethink DNS supports per app proxy for Orbot, why doesn't support for socks/http proxy, too 🤔

[ignoramous]

Are there usecases for split tunnels on Android? I ask genuinely because most folks said they have no use for multiple wireguard upstreams, and that it only confuses them that this is even possible.

[gili-gili]

Hey sir, thanks for your quick reply! I do not mean to support multiple proxy servers, what I mean is to use a proxy for the desired application, not for all the applications. I have to say, per app proxy is very useful for people who live in countries with strong censorship. They need to access censored websites (Google, Wikipedia, etc.) with browser, while they want to chat with friends with chat apps, like QQ and WeChat, These apps do not need proxy.

[gili-gili]

Although some of the unpoisoned DoH servers were not blocked in these countries, but they were also interfered with, which caused DNS lookups from a single server to be slow from time to time. So I hope Rethink DNS can support doing lookup on multiple servers at the same time, just like AdGuardHome. That's very useful!

[BienGudBoy]

I ran into this use case as well. I managed to route my entire phone to a Cloudflare WARP proxy (with killswitch as well to prevent leaks), but it wasn't able to route my local network (Nextcloud, RSS, etc.) What I noticed is that the exclude option in SOCKS5 proxy menu was first showing None and I couldn't pick any apps, and after I enabled the proxy, the option was grayed out, so I couldn't even open the menu itself to exclude any app from proxy.

[ignoramous]

So I hope Rethink DNS can support doing lookup on multiple servers at the same time, just like AdGuardHome

This is a privacy risk. I don't see us implementing this feature.

[ignoramous]

but it wasn't able to route my local network (Nextcloud, RSS, etc.)

For a workaround, enable Configure -> Network -> Do not route Private IPs to see these apps then work with proxy enabled?

[BienGudBoy]

but it wasn't able to route my local network (Nextcloud, RSS, etc.)

For a workaround, enable Configure -> Network -> Do not route Private IPs to see these apps then work with proxy enabled?

That requires "Block connections without VPN" disabled, which isn't ideal because in case my phone reboots, or Rethink DNS app somehow stops working (force clsoe for example) it'll leak traffic from apps... With it disabled though local network works, which is to be expected. What's interesting is that, when VPN lockdown is enabled, connection directly to local network IP does not work (192.168.1.1 for example), but if there's a domain with that IP, it'll work fine, even with lockdown enabled. That's how I got Nextcloud and RSS stuff working with VPN lockdown. Turning SOCKS5 proxy on currently however routes every traffic to the proxy (WARP in my case), and because I have lockdown for it as well, local network no longer connects properly...

[gili-gili]

So I hope Rethink DNS can support doing lookup on multiple servers at the same time, just like AdGuardHome

This is a privacy risk. I don't see us implementing this feature.

Well, DoH is safe enough to defend MITM attack, and users have the responsibility to choose proper DNS servers that won't sell their data. In despite of the doubled risk of DNS attacks, it's still worth to do that for users who living in the hell of freedom and liberty. If you still think this idea is against the beginning propose of this app, please, at least consider allow users to add a DoH server as backup DNS server, since the current Rethink DNS version only supports plain DNS server.

[gili-gili]

A workaround is "exclude" apps in the Rethink DNS built-in app connection manager(I just want to describe it properly), but sadly this also expose plain DNS requests sent by these apps...

[BienGudBoy]

@ignoramous It seems like connections to LAN is still possible, even with "Block connections without VPN" enabled. Using the SagerNet app (a VPN/proxy routing app), there's an option for Bypassing LAN, and it actually worked with network lockdown.

Maybe it can be implemented in the next Rethink version?

[ignoramous]

If you still think this idea is against the beginning propose of this app, please, at least consider allow users to add a DoH server as backup DNS server, since the current Rethink DNS version only supports plain DNS server.

Yes, from v055b, the Fallback DNS is used as "backup".

there's an option for Bypassing LAN, and it actually worked with network lockdown.

This has been implemented in v055b (unreleased) #393

---

(please consider creating new issues to discuss feature requests irrelevant to this particular issue).

[gili-gili]

Tried using WireGuard proxy and, yes, that's what I actually want. Just add or remove apps that you wanted route through WireGuard, while Rethink can still handle the unselected apps traffic. Fantastic :D

[m2acgi]

Pls add the feature of per app proxy for socks proxy

[plkonbklo]

I'm also requesting the feature to be able to configure apps to use specific SOCKS5 server the same way it works for Wireguard for use with sing-box.