search

celzero / rethink-app

DNS over HTTPS / DNS over Tor / DNSCrypt client, WireGuard proxifier, firewall, and connection tracker for Android.
https://rethinkfirewall.com/
Apache License 2.0
2.82k stars 144 forks source link

A setting to let users exclude T-Mobile WiFi calling IPs #1438

Open ignoramous opened 4 months ago

ignoramous commented 4 months ago

A user writes,

I have tried setting Rethink's network to "Choose IP version: Auto," as I'd read something about T-Mobile's network dealing only with IP6, which I generally otherwise disable. However, the problem persists: I cannot activate Wi-Fi calling. In fact, no other configuration of the Rethink app's settings allows me to activate Wi-Fi calling. The only way I can activate Wi-Fi calling is to completely turn off the Rethink VPN in my Android settings, then activate Wi-Fi calling, and then turn Rethink back on. It appears that Wi-Fi calling then remains activated, but I'm not actually sure if my phone is truly using Wi-Fi calling to make calls in that situation.

Exclude T-Mobile IPs: https://github.com/M66B/NetGuard/blob/feef4c7b3beca3ed4b44250b580c637554a9d44f/app/src/main/java/eu/faircode/netguard/ServiceSinkhole.java#L1352-L1370

            // T-Mobile Wi-Fi calling
            if (config.mcc == 310 && (config.mnc == 160 ||
                    config.mnc == 200 ||
                    config.mnc == 210 ||
                    config.mnc == 220 ||
                    config.mnc == 230 ||
                    config.mnc == 240 ||
                    config.mnc == 250 ||
                    config.mnc == 260 ||
                    config.mnc == 270 ||
                    config.mnc == 310 ||
                    config.mnc == 490 ||
                    config.mnc == 660 ||
                    config.mnc == 800)) {
                listExclude.add(new IPUtil.CIDR("66.94.2.0", 24));
                listExclude.add(new IPUtil.CIDR("66.94.6.0", 23));
                listExclude.add(new IPUtil.CIDR("66.94.8.0", 22));
                listExclude.add(new IPUtil.CIDR("208.54.0.0", 16));
            }
h0t5p0t18 commented 3 months ago

For T-mobile:

epdg.epc.mnc001.mcc262.pub.3gppnetwork.org

it works for me with the following configuration:

Dns: any type Extended DNS filtering: false DNS enhancer: true

IP version: 4 or/and 6

mEpdgServerIpArray is: [epdg.epc.mnc001.mcc262.pub.3gppnetwork.org/109.237.187.158, epdg.epc.mnc001.mcc262.pub.3gppnetwork.org/109.237.187.153, epdg.epc.mnc001.mcc262.pub.3gppnetwork.org/109.237.187.145, epdg.epc.mnc001.mcc262.pub.3gppnetwork.org/109.237.187.150, epdg.epc.mnc001.mcc262.pub.3gppnetwork.org/109.237.187.151, epdg.epc.mnc001.mcc262.pub.3gppnetwork.org/109.237.187.155, epdg.epc.mnc001.mcc262.pub.3gppnetwork.org/109.237.187.157, epdg.epc.mnc001.mcc262.pub.3gppnetwork.org/109.237.187.147, epdg.epc.mnc001.mcc262.pub.3gppnetwork.org/109.237.187.146, epdg.epc.mnc001.mcc262.pub.3gppnetwork.org/109.237.187.154, epdg.epc.mnc001.mcc262.pub.3gppnetwork.org/109.237.187.149, epdg.epc.mnc001.mcc262.pub.3gppnetwork.org/109.237.187.159] mCurrentEpdgIpCounter is: 0returning result: true

For Vodafone:

With the same configuration, any DNS:

epdg.epc.mnc002.mcc262.pub.3gppnetwork.org

The is a CNAME record behind the domain, which doesn't resolve (epdg.epc.drz1.vodafone-ip.de).

This causes the mEpdgServerIpArray to stay empty.

EPDG -- SIM0 [EpdgServerSelection] DNS resolution failed for epdg serverjava.net.UnknownHostException: Unable to resolve host "epdg.epc.mnc002.mcc262.pub.3gppnetwork.org": No address associated with hostname

VpnLifecycle onResponse: DNSSummary{Type:DNS-over-HTTPS,ID:Preferred,Latency:0.08878823,QName:epdg.epc.mnc002.mcc262.pub.3gppnetwork.org,QType:1,RData:--,RCode:0,RTtl:42,Server:cloudflare-dns.com,RelayServer:,Status:1,Blocklists:,UpstreamBlocks:false,Msg:no error,}

GoLog wall.go:159: D wall: answer for epdg.epc.mnc002.mcc262.pub.3gppnetwork.org. not blocked req at least two answers

This seems to be a problem of com.sec.epdg and not of rethinkdns: I'm getting the same errors without VPN enabled.

But: dig epdg.epc.mnc002.mcc262.pub.3gppnetwork.org

; <<>> DiG 9.16.41 <<>> epdg.epc.mnc002.mcc262.pub.3gppnetwork.org ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 55138 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;epdg.epc.mnc002.mcc262.pub.3gppnetwork.org. IN A

;; ANSWER SECTION: epdg.epc.mnc002.mcc262.pub.3gppnetwork.org. 60 IN CNAME epdg.epc.drz1.vodafone-ip.de.

;; AUTHORITY SECTION: drz1.vodafone-ip.de. 1 IN SOA drns1.vodafone-ip.de. hostmaster.vodafone-ip.de. 2024052400 10800 3600 604800 60

;; Query time: 511 msec ;; SERVER: 8.8.8.8#53(8.8.8.8) ;; WHEN: Fri May 24 13:44:54 EEST 2024 ;; MSG SIZE rcvd: 255