v055d: IPv4 websites do not open in Auto mode

[Sinestr0]

Many weird things going on after latest update, v055d. after the latest update, dns+firewall mode was (is still) active, IP version was auto, no universal rules set (default setting), and many websites just stop opening like startpage.com and apps like session messenger stopped getting connected. Most of connections are showing up in logs as unknown. I tested by switching to netguard and everything again started working fine.

I am trying to further digging up by different settings in rethink app and will report here.

EDIT : Followings are my findings.

I tested on specifically website startpage.com and session app as they seemed to be not working properly as above i mentioned, both of them were working fine with netguard or without any firewall at that time. But many other websites like wikipedia were opening fine while having above mentioned issue.

Startpage.com and session messenger were working well with dns+firewall, dns, firewall modes with network set to ipv4.

Startpage.com with ipv6 and firewall mode was working well, but with ipv6 and dns mode, it couldn't get opened at all, either shows unreachable error or address not found error.

Session messenger with ipv6 didnt work at all with either dns or firewall mode.

Moreover, whenever any connection is made through ipv6, it shows "unknown" in "network" in logs.

I do not remember facing any such issues with previous version. Please verify or try to reproduce this issue.

Also another complaint for previous version (couldn't test properly for latest version), it uses too much battery, like around 40% in single charge and medium usage of phone with around 4 hours of screentime and single day use.

[AnonymousWP]

I'm suddenly having this issue too when using 5G instead of Wi-Fi (my Wi-Fi has its custom DNS set to Cloudflare, which is why it's working). It doesn't resolve anything. Even though I selected Cloudflare as custom DNS in the settings of Rethink.

[Sinestr0]

@AnonymousWP Please try to reproduce issue and verify my findings. Thank you.

[ignoramous]

I tested on specifically website startpage.com and session app as they seemed to be not working properly as above i mentioned... But many other websites like wikipedia were opening fine while having above mentioned issue.

Sorry. I didn't get. Does Wikipedia work or does it not work? Does startpage work or not? When?

Moreover, whenever any connection is made through ipv6, it shows "unknown" in "network" in logs.

What version of Android are you on? On Android 8 and below these bugs have been reported before:

• 821

it uses too much battery, like around 40% in single charge

Sounds bad, but I've heard one or two people say this. Typically, battery use shouldn't go beyond 15%. On my Androids, it hovers between 5% to 15% (never beyond that).

• Can you post a screenshot of the usage, if you're comfortable doing so?
• Does this happen consistently or just happened this one time?
• Force Stop Rethink and start it back up again, and see if this 40% usage persists?

Session messenger with ipv6 didnt work at all with either dns or firewall mode.

See if any of the domains used by the Session Messenger are blocked in DNS Logs due to user-set rules? If not, check Network Logs and see why the connections from the Session Messenger are failing:

• Search for the app from the search bar in Network Logs UI.
• See if the connections are blocked (these show up with a red colour left-hand side border).
• See if the connections are failing (zero upload / download) (tap on entries to reveal a bottomsheet; the footer of that bottomsheet would show the final status of the connection).

Startpage.com and session messenger were working well with dns+firewall, dns, firewall modes with network set to ipv4.

Continue using IPv4. It is hard for us to know what's going on on your network and Android unless you share more. If you're technical enough:

• Is there something specific to your networking setup or the network provider with regards to dual-stack (some network providers run 6to4 translations services, for example; and we don't know if Rethink breaks on such networks)?
• Logs captured via adb logcat from when this issue happens.

Note: Auto is experimental. I must say though, it works for me just fine.

[ignoramous]

I'm suddenly having this issue too when using 5G instead of Wi-Fi

We've seen reports of broken IPv6 before on earlier Rethink versions, too: #554

• If you're in Auto mode, is Perform connectivity checks enabled or disabled (in Configure -> Network)?
• When this issue happens, can you see if you're able to:
  • Visit ip6only.me in Chrome: If it doesn't load, do you see "resolution error" or any other error (such as "timeouts").
  • Visit ip6.me in Chrome: If it loads, do you see it show a IPv4 address or an IPv6 address?

[Sinestr0]

Technical details about my setup : I am on android 8.1 (stock) which does not support setting up custom DNS natively. I configured Rethink app with on-device blocklist with marking some domains/websites as "trusted" in Firewall-IP&Ports rules (using RethinkDNS Plus), mode set as DNS and Firewall (default) mode, blocked internet access for many apps in firewall, IP version as Auto. I was using app (with configuration mentioned above) in my main android user profile since release of v055c with no issues at all (except battery usage & IPv6 showing up as "unknown"in Network log UI). I am using mobile data and no router or wifi.

I will open new issue just for battery issue.

My assumption is, the issue is not caused by any blocklists or firewall as everything was working well in v055c.

I shared logs and relevant screenshots with @ignoramous by email.

So, everything was working fine in v055c. I updated to v055d and noticed some apps couldn't get connected while others worked fine, some websites not working while others were working fine. There was no sign of blocking any app or website in Network log UI by either firewall or DNS. If I switched to netguard or no firewall at all, everything seemed to working as expected.

I also tried to make startpage.com as trusted domain, set Session app to bypass firewall and DNS, but that didn't seem to have any difference.

I could reproduce this issue on different device with fresh install of rethink-app (with all by-default configuration).

Steps to reproduce the issue :

1. Set only DNS mode for rethink app. Keep all other configuration as default.
2. Click on configure > Networks > Choose IP Version and set it to IPv6.
3. Open Browser.
4. Go to website startpage.com and observe.
5. Go to website wikipedia.org and observe.
6. Open Session messenger and observe.

I force closed browser(s), Rethink app and session messenger after trying each case and restarted them for next case. My results for following cases, note that wikipedia is working in all below cases :

1. Only firewall mode + network set to IPv6 = Startpage works fine. But session app doesn't work (I am not sure if it is showing up into Network logs UI, as everything is marked as "unknown", but nothing seems to be blocked by firewall).

2. Only DNS mode + network set to IPv6 = Startpage doesn't work, shows unreachable or address not found error (tried more than one browser to make sure it is not browser specific issue). But session app doesn't work (session doesn't appear in Network logs UI at all in this case, My guess is, it is because session uses their own dns or i2p? not sure.).

3. Only firewall mode + network set to IPv4 = Startpage works fine. Session also works fine and shows up in Netwok logs UI.

4. Only DNS mode + network set to IPv4 = Startpage works fine. Session also works fine.

[ignoramous]

Thank you for your detailed reply 🙏

---

DNS-only mode seems broken. I can verify that. Unsure why, but we are looking.

As for the email, I haven't got any. In your email, please mention this GitHub issue. My email is, mz at celzero dot com.

As for your other issues, it seems like the websites that don't work with Rethink in IPv6 mode are IPv4-only websites (startpage.com). This is expected.

You can test your network by visiting from a browser:

• ip4.me: Loads only if there's IPv4 connectivity
• ip6.me: Loads if there's IPv4 or IPv6 connectivity.
• ip6only.me: Loads only if there's IPv6 connectivity.

[Sinestr0]

What is exactly function of Auto in Configure > Networks > Choose IP Version? Does it automatically decide if the connection should be IPv4 or IPv6?

I initially had it set to Auto long before the issue started in 055d and I don't remember getting any error for startpage in v055c, so my guess is, if it automatically decides what IP version should be used for specific connection or website, then everything should be loading without issue, but while having auto, if it can not get connected to IPv4, then problem might be there?? I do not exactly have any technical background, this is just my assumption.

As for your other issues, it seems like the websites that don't work with Rethink in IPv6 mode are IPv4-only websites (startpage.com). This is expected.

And if my above assumption is not correct, then I guess above quoted statement of yours is the solution to this issue already! I was not aware of what you said in above quote earlier. I still don't know which websites I use daily are IPv4-only.

You can test your network by visiting from a browser: ip4.me: Loads only if there's IPv4 connectivity ip6.me: Loads if there's IPv4 or IPv6 connectivity. ip6only.me: Loads only if there's IPv6 connectivity.

I actually tried this with all kind of firewalls/VPN turned off, just to check what my ISP provides and it seems like connecting successfully to ip4.me, ip6.me and ip6only.me which means I have IPv6 connectivity already right?

What is exactly function of Auto in Configure > Networks > Choose IP Version? Does it automatically decide if the connection should be IPv4 or IPv6?

And with Rethink app in mode DNS + Firewall, and this above network type set as Auto and if I try to visit ip4.me, ip6.me and ip6only.me then only ip6.me and ip6only.me works but ip4.me shows either connection time out or endlessly loading.

[ignoramous]

Auto in Configure > Networks > Choose IP Version? Does it automatically decide if the connection should be IPv4 or IPv6?

Yes.

which means I have IPv6 connectivity already right?

Yes.

if it can not get connected to IPv4, then problem might be there

Yes.

works but ip4.me shows either connection time out or endlessly loading

This seems similar to the issue also discussed at #554

• Is Rethink in VPN Lockdown mode (that is, is Block connections without VPN from Android Settings app turned ON)?
• Is Perform connectivity checks (in Configure -> Network) enabled when in Auto mode?
  • If not, enable it and see if ip4.me loads?
  • If so, disable it, and see if ip4.me loads?
• Would you know how to grab output from adb logcat?
• And execute adb shell commands?

I presume this happens on Mobile and not Wifi?

[Sinestr0]

Is Rethink in VPN Lockdown mode (that is, is Block connections without VPN from Android Settings app turned ON)?

No. Just only always-on VPN is turned ON.

Is Perform connectivity checks (in Configure -> Network) enabled when in Auto mode? If not, enable it and see if ip4.me loads? If so, disable it, and see if ip4.me loads?

I am not sure if it was ON by default or not as I switched back to IPv4 to avoid day to day life problems. With it turned on and off, ip4.me doesn't work, shows error "This site can't be reached".

I presume this happens on Mobile and not Wifi?

Actually it happens in both. I used my own mobile data (from the phone I tested all these) and I also used wifi (hotspot from another phone).

Would you know how to grab output from adb logcat? And execute adb shell commands?

I actually already sent you (on mz@celzero.com) adb logs and screenshot by email (sent from github.6w51w@slmails.com). Please check spam. If you still haven't received them, please inform me.

[Sinestr0]

I want to report something. Current mode is Firewall + DNS mode, Network type is set to auto and Perform connectivity checks is ON too. I am not sure what else I did. I was just turning off on-device blocklist for the battery usage test but then turned it on again when I figured out I can visit ip4.me on Firefox (previously it was just showing me error "The address not found" or similar one) (it works in both case on-device blocklist ON and OFF).

So now ip4.me works on firefox, but somehow on brave, it shows error for connection timeout or it is just loading endlessly. in Network logs UI, footnote for brave connection of ip4.me shows "80: connect: connection timed out".

I tried different website on brave at same time (ipv6test.app) and it shows ipv4, ipv6, dualstack page as well without any issue.

[ignoramous]

"80: connect: connection timed out"

• What was the destination IP address in the status?
• Do you see logs with 64:... destination IPs for websites that don't load?

somehow on brave, it shows error for connection timeout or it is just loading endlessly

Browsers have a DNS cache of their own. Sometimes, force stopping them and restarting them back up makes them whole.

I am not sure what else I did. I was just turning off on-device blocklist for the battery usage test but then turned it on again when I figured out I can visit ip4.me

So: I guess this problem isn't there anymore... like at all? Then, it might be related to #1330 / #991 related error (it can manifest in strange ways).

[Sinestr0]

Browsers have a DNS cache of their own. Sometimes, force stopping them and restarting them back up makes them whole.

My bad, I am aware of that but I just forgot to force stop before opening ip4.me. It works for me now successfully.

I can confirm from my side that I am no longer able to reproduce the issue. It works as intended in DNS + Firewall mode, IP version auto with no issue.

it might be related to https://github.com/celzero/rethink-app/issues/1330

Is that fix already implemented? if yes, then this issue was related to that. I was able to open ip4.me in the morning today successfully.

[AnonymousWP]

I've been very busy the last few days, so sorry for the late reply. I still need to read everything in this thread. If possible (in case my logs/info isn't necessary anymore) I'd prefer to try to fix it without me. If that's not possible, let me know.

[ignoramous]

Is that fix already implemented? if yes, then this issue was related to that

It has been, but your version doesn't yet have it. Also, the bug #1330 manifests in weird ways with Auto mode and DNS blocklists. And I think it is the cause of what you saw, as well.

We'll release v055e shortly fixing just that bug.

---

@AnonymousWP Understandable. Do not share if you don't want to. No pressure. And probably wait for v055e which may potentially fix the issue you're seeing.

[Sinestr0]

@ignoramous Feel free to close the issue if it is already fixed for others as well. As I mentioned earlier, I am not able to reproduce it from my side anymore and as I can check v055e already published.

[ignoramous]

Thanks. I'll close this.

Others: Please feel to reopen if you see similar symptoms to what's discussed here (it has been a long discussion).