Orbot <=16.2.0-BETA-3 tor-<=0.4.2.7 VPN mode is not working on OnePlus2 using Android 10 distribution AOSP Extended (AEX)

[Kreyren]

Disclaimer: There seems to be lots of issues about this, but none that would fit into my device using this android distribution so i decided to make a new issue.

---

Description

I'm unable to use Orbot's VPN Mode on any application on my device.

Log (Private DNS automatic): https://gist.githubusercontent.com/Kreyren/b586cc0dea2b5f781fc5ee1f1194012b/raw/d5aacb3c1614892ace91054126bc1ba603cc16b4/gistfile1.txt

Expecting

Ability to use tor on:

1. Firefox
2. RevolutionIRC

System Info

Build Number: aosp_oneplus2-userdebug 10 QQ2A.200405.005 7bd3f90efc release-keys

Relevants

Android 10 has Private DNS option that i've understand may be problematic. This has been observed with it turned off and Automatic

Log with Private DNS turned off: https://gist.githubusercontent.com/Kreyren/e48a683308f6062cbd7eaf916726a982/raw/536588ca45f37185cd7c200393c18a1ea172f669/gistfile1.txt

References

Same issue with using 127.0.0.1:9050 SOCKS5 proxy on firefox https://github.com/guardianproject/orbot/issues/302#issuecomment-622322214

[pgerber]

So, just to make sure I understand this right. The screenshot posted here was taken while VPN mode was enabled, right?

A few more details that might help here:

• Did you use Full Device VPN or did you select certain apps to be routed through Orbot. See Tor-Enabled Apps section at the bottom of the main screen.
• Is the IP shown by check.torproject.org the same when VPN is enabled and disabled?

[Kreyren]

@pgerber

So, just to make sure I understand this right. The screenshot posted here was taken while VPN mode was enabled, right?

Correct

Did you use Full Device VPN or did you select certain apps to be routed through Orbot. See Tor-Enabled Apps section at the bottom of the main screen.

Both Full Device VPN and selecting certain apps has the same issue.

EDIT: FWIW The default browser provided by AEX (Via) is shown in Orbot, if i open it there it automatically opens check.torproject.org, Firefox has been opened outside of orbot, but with VPN mode enabled for it

Using Full Device VPN seems to make firefox to be unable to connect (tried 5 times).

Is the IP shown by check.torproject.org the same when VPN is enabled and disabled?

Yes

[pgerber]

Using Full Device VPN seems to make firefox to be unable to connect (tried 5 times).

What is the exact error message Firefox shows?

[Kreyren]

@pgerber This is Full Device VPN Mode

[pgerber]

Looks like a DNS failure to me.

[pgerber]

Would great to get the system logs. Do you have any experience with ADB / logcat?

[pgerber]

Another way to get to the logs is using Androids Bug Report feature. You don't want to post the full report here though. It contains sensitive data. Perhaps you're able to filter out anything not related to this issue. Alternately, you may be able to send it to @n8fr8 privately.

[Kreyren]

Would great to get the system logs. Do you have any experience with ADB / logcat?

I have experience with everything, but fishing! :p

output from adb logcat --clear main && adb logcat orbot | tee -a logcat with redacted confidential info and opening orbot, once loaded opened firefox and typed check.torproject.org: https://gist.githubusercontent.com/Kreyren/6dd039c1187cfb9d8c16da5d632af313/raw/f013ecf0734fab3175531dae81afb8c63ebbe365/gistfile1.txt

This seems relevant:

05-02 00:52:14.119 28164 28213 D OrbotVpnService: Stopping existing VPN interface
05-02 00:52:14.131 28164 28214 I OrbotVpnService: PDNSD: 0
05-02 00:52:14.131 28164 28214 D OrbotVpnService: tun2Socks has stopped
05-02 00:52:14.131 28164 28214 D OrbotVpnService: java.lang.IllegalStateException: Already closed
05-02 00:52:14.131 28164 28214 D OrbotVpnService:   at android.os.ParcelFileDescriptor.detachFd(ParcelFileDescriptor.java:721)
05-02 00:52:14.131 28164 28214 D OrbotVpnService:   at org.torproject.android.service.vpn.Tun2Socks.Start(Tun2Socks.java:92)
05-02 00:52:14.131 28164 28214 D OrbotVpnService:   at org.torproject.android.service.vpn.OrbotVpnManager$2.run(OrbotVpnManager.java:355)
05-02 00:52:14.151 28164 28213 D OrbotVpnService: pdsnd conf:global { perm_cache=0; cache_dir=/data/data/org.torproject.android/files; server_port = 8093; server_ip = REDACTED_SOME_INTERNAL_IP; query_method=udp_only; min_ttl=1m; max_ttl=1w; timeout=10; daemon=on; pid_file=/data/data/org.torproject.android/files/pdnsd.pid; } server { label= upstream; ip = 127.0.0.1; port = 49524; u

[pgerber]

Interesting:

05-01 21:53:27.006  5054  5255 W DnsManager: updatePrivateDns(101, PrivateDnsConfig{true:/[]})
05-01 21:53:27.006  5054  5255 D ConnectivityService: Setting DNS servers for network 101 to [/1.1.1.1]

Do you remember whether Private DNS was to off or automatic at the time?

[Kreyren]

Do you remember whether Private DNS was to off or automatic at the time?

It was set as automatic

[xtester5566]

Because of threads racing for a long time. You can see there are even tun0 and tun1 device setups in the logcat log. https://pastebin.com/4wqMsXfp patch maybe can address this.

p.s. This account maybe be flagged by github automatically soon.

[Kreyren]

Looks like a DNS failure to me. @pgerber

FWIW i can't force android 10 to use Tor DNS from GUI

[n8fr8]

@Kreyren that will not work, since Private DNS expects DNS-over-TLS and tor's DNS port is just plain DNS.

Anyhow, 16.2. RC-1 is posted. Please test and add any more feedback you can provide: https://github.com/guardianproject/orbot/releases/tag/16.2.0-RC-1-tor-0.4.2.7

[Kreyren]

@n8fr8 Doesn't work on VPN mode in firefox using Full Device VPN

https://gist.github.com/Kreyren/30ed534f33be0bb464c2eb0664b36890

Same issue using 127.0.0.1:9050 in firefox's about:config

logcat

```console kreyren@leonid:~$ adb logcat --clear main && adb logcat orbot | tee -a logcat --------- beginning of main 05-04 20:53:32.628 5952 5952 D QtiCarrierConfigHelper: Invalid phone ID: -1 05-04 20:53:32.945 4512 4512 I adbd : : already offline --------- beginning of system 05-04 20:53:33.507 4840 4909 W BroadcastQueue: Background execution not allowed: receiving Intent { act=org.torproject.android.intent.action.STATUS flg=0x10 (has extras) } to org.sufficientlysecure.keychain/.network.orbot.OrbotStatusReceiver 05-04 20:53:33.622 4873 4873 I MSM-irqbalance: Decided to move IRQ163 from CPU0 to CPU2 05-04 20:53:33.628 12069 12069 D InterruptionStateProvider: No heads up: unimportant notification: 0|org.torproject.android|1|null|10013 05-04 20:53:33.653 12069 12069 I chatty : uid=10140(com.android.systemui) identical 2 lines 05-04 20:53:33.655 12069 12069 D InterruptionStateProvider: No heads up: unimportant notification: 0|org.torproject.android|1|null|10013 05-04 20:53:38.629 5952 5952 D QtiCarrierConfigHelper: Invalid phone ID: -1 05-04 20:53:39.922 13747 13787 D OrbotVpnService: setting VPN ports 05-04 20:53:39.929 13747 13787 I chatty : uid=10013(org.torproject.android) pool-1-thread-3 identical 1 line 05-04 20:53:39.930 13747 13787 D OrbotVpnService: setting VPN ports 05-04 20:53:40.042 12069 12069 D InterruptionStateProvider: No heads up: unimportant notification: 0|org.torproject.android|1|null|10013 05-04 20:53:40.044 12069 12069 D InterruptionStateProvider: No heads up: unimportant notification: 0|org.torproject.android|1|null|10013 05-04 20:53:40.412 13747 13808 W project.androi: resources.arsc in APK '/data/app/org.torproject.torbrowser--jUJAcmPt83n6islvO_oDA==/base.apk' is compressed. 05-04 20:53:40.759 4840 24419 D VpnJni : Address added on tun0: 192.168.200.1/32 05-04 20:53:40.762 4840 24419 D Vpn : setting state=CONNECTING, reason=establish 05-04 20:53:40.254 4840 4909 W BroadcastQueue: Background execution not allowed: receiving Intent { act=org.torproject.android.intent.action.STATUS flg=0x10 (has extras) } to org.sufficientlysecure.keychain/.network.orbot.OrbotStatusReceiver 05-04 20:53:40.764 4840 24419 D ConnectivityService: registerNetworkAgent NetworkAgentInfo{ ni{[type: VPN[], state: CONNECTING/CONNECTING, reason: (unspecified), extra: (none), failover: false, available: false, roaming: false]} network{116} nethandle{501621903373} lp{{InterfaceName: tun0 LinkAddresses: [ 192.168.200.1/32 ] DnsAddresses: [ /1.1.1.1 ] Domains: MTU: 0 Routes: [ 0.0.0.0/0 -> 0.0.0.0 tun0,1.1.1.1/32 -> 0.0.0.0 tun0,::/0 unreachable,192.168.200.1/32 -> 0.0.0.0 tun0 ]}} nc{[ Transports: WIFI|VPN Capabilities: INTERNET&NOT_RESTRICTED&TRUSTED&NOT_ROAMING&FOREGROUND&NOT_CONGESTED&NOT_SUSPENDED LinkUpBandwidth>=1048576Kbps LinkDnBandwidth>=1048576Kbps Uid: 10160 EstablishingAppUid: 10013]} Score{101} everValidated{false} lastValidated{false} created{false} lingering{false} explicitlySelected{false} acceptUnvalidated{false} everCaptivePortalDetected{false} lastCaptivePortalDetected{false} captivePortalValidationPending{false} partialConnectivity{false} acceptPartialConnectivity{false} clat{mBaseIface: null, mIface: null, mState: IDLE} } 05-04 20:53:40.765 4840 24419 D Vpn : setting state=CONNECTED, reason=agentConnect 05-04 20:53:40.765 4840 24419 I Vpn : Established by org.torproject.android on tun0 05-04 20:53:40.767 4840 5359 I EthernetTracker: maybeTrackInterface tun0 05-04 20:53:40.768 13747 13808 D OrbotVpnService: pdsnd conf:global { perm_cache=0; cache_dir=/data/data/org.torproject.android/files; server_port = 8092; server_ip = 192.168.200.1; query_method=udp_only; min_ttl=1m; max_ttl=1w; timeout=10; daemon=on; pid_file=/data/data/org.torproject.android/files/pdnsd.pid; } server { label= upstream; ip = 127.0.0.1; port = 41582; uptest = none; } rr { name=localhost; reverse=on; a=127.0.0.1; owner=localhost; soa=localhost,root.localhost,42,86400,900,86400,86400; } 05-04 20:53:40.773 13747 13747 E Orbot : onBind 05-04 20:53:40.773 13747 13747 E Orbot : android.net.VpnService 05-04 20:53:40.777 4840 5296 D ConnectivityService: NetworkAgentInfo [VPN () - 116] EVENT_NETWORK_INFO_CHANGED, going from null to CONNECTING 05-04 20:53:40.778 4840 4900 I EthernetTracker: interfaceLinkStateChanged, iface: tun0, up: false 05-04 20:53:40.779 4636 4636 I netd : networkCreateVpn(116, "true") <0.66ms> 05-04 20:53:40.779 4840 4900 I EthernetTracker: interfaceLinkStateChanged, iface: tun0, up: true 05-04 20:53:40.780 4636 4800 I netd : createNetworkCache(116) <0.46ms> 05-04 20:53:40.785 4636 5458 I netd : networkAddUidRanges(116) <3.49ms> 05-04 20:53:40.787 4636 19257 E Netd : getIfIndex: cannot find interface tun0 05-04 20:53:40.787 4636 19257 W TrafficController: UID ingress interface filtering not possible without BPF owner match 05-04 20:53:40.787 4636 19257 I netd : firewallAddUidInterfaceRules("tun0", [10160]) -> ServiceSpecificException(95, "[Operation not supported on transport endpoint] : eBPF not supported") <0.33ms> 05-04 20:53:40.788 4840 5296 D ConnectivityService: NetworkAgentInfo [VPN () - 116] EVENT_NETWORK_INFO_CHANGED, going from CONNECTING to CONNECTED 05-04 20:53:40.789 4840 5296 W DnsManager: updatePrivateDns(116, PrivateDnsConfig{true:/[]}) 05-04 20:53:40.789 4840 5296 D ConnectivityService: Setting DNS servers for network 116 to [/1.1.1.1] 05-04 20:53:40.789 4840 5296 D DnsManager: setDnsConfigurationForNetwork(116, [1.1.1.1], [], 1800, 25, 8, 64, 0, 0, , [1.1.1.1]) 05-04 20:53:40.791 4636 19256 I netd : DnsResolverService::setResolverConfiguration(116, [1.1.1.1], [], 1800, 25, 8, 64, 0, 0, [1.1.1.1], []) -> (0) (1ms) 05-04 20:53:40.792 4636 19256 I netd : setResolverConfiguration() <1.77ms> 05-04 20:53:40.794 4840 5296 D ConnectivityService: Adding iface tun0 to network 116 05-04 20:53:40.799 4636 4636 I netd : networkAddInterface(116, "tun0") <4.52ms> 05-04 20:53:40.800 4636 4800 W TrafficController: UID ingress interface filtering not possible without BPF owner match 05-04 20:53:40.800 4636 4800 I netd : firewallAddUidInterfaceRules("tun0", [10160]) -> ServiceSpecificException(95, "[Operation not supported on transport endpoint] : eBPF not supported") <0.08ms> 05-04 20:53:40.801 4636 5458 I netd : networkAddRoute(116, "tun0", "0.0.0.0/0", "") <0.33ms> 05-04 20:53:40.802 4636 19257 I netd : networkAddRoute(116, "tun0", "1.1.1.1/32", "") <0.29ms> 05-04 20:53:40.803 13747 13808 I OrbotVpnService: PDNSD: 0 05-04 20:53:40.803 13747 13808 D Tun2Socks: NOTICE(tun2socks): initializing BadVPN tun2socks 1.999.129 05-04 20:53:40.803 13747 13808 D Tun2Socks: NOTICE(tun2socks): entering event loop 05-04 20:53:40.804 4636 19256 I netd : networkAddRoute(116, "tun0", "::/0", "unreachable") <0.26ms> 05-04 20:53:40.804 13814 13814 I pdnsd : pdnsd-1.2.9a-par starting. 05-04 20:53:40.805 4636 4636 I netd : networkAddRoute(116, "tun0", "192.168.200.1/32", "") <0.28ms> 05-04 20:53:40.805 4840 5296 D ConnectivityService: Setting DNS servers for network 116 to [/1.1.1.1] 05-04 20:53:40.806 4840 5296 D DnsManager: setDnsConfigurationForNetwork(116, [1.1.1.1], [], 1800, 25, 8, 64, 0, 0, , [1.1.1.1]) 05-04 20:53:40.806 13814 13814 I pdnsd : Server status thread started. 05-04 20:53:40.806 4636 4800 I netd : DnsResolverService::setResolverConfiguration(116, [1.1.1.1], [], 1800, 25, 8, 64, 0, 0, [1.1.1.1], []) -> (0) (0.2ms) 05-04 20:53:40.806 4636 4800 I netd : setResolverConfiguration() <0.35ms> 05-04 20:53:40.806 13814 13814 I pdnsd : TCP server thread started. 05-04 20:53:40.807 13814 13814 I pdnsd : UDP server thread started. 05-04 20:53:40.814 13747 13808 D Tun2Socks: INFO(tun2socks): Attempting to process DNS packets: 40 bytes 05-04 20:53:40.814 13747 13808 D Tun2Socks: INFO(tun2socks): UDP: from device 40 bytes 05-04 20:53:40.814 13747 13808 D Tun2Socks: INFO(tun2socks): Attempting to process DNS packets: 175 bytes 05-04 20:53:40.814 4636 13812 W DnsTlsSocket: SSL_connect error 5, errno=104 05-04 20:53:40.814 13747 13808 D Tun2Socks: INFO(tun2socks): UDP: from device 175 bytes 05-04 20:53:40.815 4636 5458 I netd : tetherGetStats() <2.69ms> 05-04 20:53:40.824 4840 5296 D ConnectivityService: Sending CONNECTED broadcast for type 17 NetworkAgentInfo [VPN () - 116] isDefaultNetwork=false 05-04 20:53:40.842 5873 13811 D NetworkMonitor/116: Network would not satisfy default request, resolving private DNS 05-04 20:53:40.857 4840 5296 D ConnectivityService: NetworkAgentInfo [VPN () - 116] validation passed 05-04 20:53:40.858 4840 5296 D ConnectivityService: Setting DNS servers for network 116 to [/1.1.1.1] 05-04 20:53:40.861 4840 5296 D DnsManager: setDnsConfigurationForNetwork(116, [1.1.1.1], [], 1800, 25, 8, 64, 0, 0, , [1.1.1.1]) 05-04 20:53:40.862 4636 19257 I netd : DnsResolverService::setResolverConfiguration(116, [1.1.1.1], [], 1800, 25, 8, 64, 0, 0, [1.1.1.1], []) -> (0) (0.5ms) 05-04 20:53:40.862 4636 19257 I netd : setResolverConfiguration() <0.61ms> 05-04 20:53:40.867 4636 19256 I netd : bandwidthRemoveInterfaceQuota("rmnet_data0") <4.52ms> 05-04 20:53:40.873 4636 4636 I netd : bandwidthSetInterfaceQuota("rmnet_data0", 9223372036854775807) <5.28ms> 05-04 20:53:40.874 4636 4800 I netd : bandwidthSetInterfaceQuota("tun0", 9223372036854775807) <0.33ms> 05-04 20:53:40.875 4636 5458 I netd : bandwidthSetGlobalAlert(2097152) <0.20ms> 05-04 20:53:40.880 13747 13808 D Tun2Socks: INFO(tun2socks): Attempting to process DNS packets: 60 bytes 05-04 20:53:40.881 13747 13808 D Tun2Socks: INFO(tun2socks): UDP: from device 60 bytes 05-04 20:53:40.881 13747 13808 D Tun2Socks: INFO(tun2socks): Attempting to process DNS packets: 40 bytes 05-04 20:53:40.881 13747 13808 D Tun2Socks: INFO(tun2socks): UDP: from device 40 bytes 05-04 20:53:40.883 13747 13808 D Tun2Socks: INFO(tun2socks): Attempting to process DNS packets: 175 bytes 05-04 20:53:40.883 13747 13808 D Tun2Socks: INFO(tun2socks): UDP: from device 175 bytes 05-04 20:53:40.899 12069 12069 W View : requestLayout() improperly called by com.android.systemui.statusbar.policy.NetworkTrafficSB{12458dd V.ED..... ......ID 0,3-229,69} during layout: running second layout pass 05-04 20:53:41.021 12069 12069 D InterruptionStateProvider: No heads up: unimportant notification: 0|org.torproject.android|1|null|10013 05-04 20:53:41.024 12069 12069 D InterruptionStateProvider: No heads up: unimportant notification: 0|org.torproject.android|1|null|10013 05-04 20:53:41.585 13747 13808 D Tun2Socks: INFO(tun2socks): SOCKS up 05-04 20:53:42.138 12069 12069 D InterruptionStateProvider: No heads up: unimportant notification: 0|org.torproject.android|1|null|10013 05-04 20:53:42.141 12069 12069 D InterruptionStateProvider: No heads up: unimportant notification: 0|org.torproject.android|1|null|10013 05-04 20:53:42.241 13747 13808 D Tun2Socks: INFO(tun2socks): Attempting to process DNS packets: 40 bytes 05-04 20:53:42.241 13747 13808 D Tun2Socks: INFO(tun2socks): UDP: from device 40 bytes 05-04 20:53:42.241 13747 13808 D Tun2Socks: INFO(tun2socks): Attempting to process DNS packets: 40 bytes 05-04 20:53:42.241 13747 13808 D Tun2Socks: INFO(tun2socks): UDP: from device 40 bytes 05-04 20:53:42.260 13747 13808 D Tun2Socks: INFO(tun2socks): Attempting to process DNS packets: 133 bytes 05-04 20:53:42.261 13747 13808 D Tun2Socks: INFO(tun2socks): UDP: from device 133 bytes 05-04 20:53:42.306 13747 13808 D Tun2Socks: INFO(tun2socks): Attempting to process DNS packets: 125 bytes 05-04 20:53:42.306 13747 13808 D Tun2Socks: INFO(tun2socks): UDP: from device 125 bytes 05-04 20:53:42.441 12069 12069 W View : requestLayout() improperly called by com.android.systemui.statusbar.policy.NetworkTrafficSB{12458dd V.ED..... ......ID 0,3-205,69} during layout: running second layout pass 05-04 20:53:43.013 13747 13808 D Tun2Socks: INFO(tun2socks): Attempting to process DNS packets: 71 bytes 05-04 20:53:43.013 13747 13808 D Tun2Socks: INFO(tun2socks): UDP: from device 71 bytes 05-04 20:53:43.014 13747 13808 D Tun2Socks: INFO(tun2socks): Attempting to process DNS packets: 40 bytes 05-04 20:53:43.015 13747 13808 D Tun2Socks: INFO(tun2socks): UDP: from device 40 bytes 05-04 20:53:43.015 13747 13808 D Tun2Socks: INFO(tun2socks): client closed 05-04 20:53:43.044 4636 19257 I netd : tetherGetStats() <5.02ms> 05-04 20:53:43.057 13747 13808 D Tun2Socks: INFO(tun2socks): Attempting to process DNS packets: 40 bytes 05-04 20:53:43.057 13747 13808 D Tun2Socks: INFO(tun2socks): UDP: from device 40 bytes 05-04 20:53:43.146 12069 12069 D InterruptionStateProvider: No heads up: unimportant notification: 0|org.torproject.android|1|null|10013 05-04 20:53:43.149 12069 12069 D InterruptionStateProvider: No heads up: unimportant notification: 0|org.torproject.android|1|null|10013 05-04 20:53:43.629 4873 4873 I MSM-irqbalance: Decided to move IRQ224 from CPU2 to CPU1 05-04 20:53:43.932 12069 12069 W View : requestLayout() improperly called by com.android.systemui.statusbar.policy.NetworkTrafficSB{12458dd V.ED..... ......ID 0,3-181,69} during layout: running second layout pass 05-04 20:53:44.136 12069 12069 D InterruptionStateProvider: No heads up: unimportant notification: 0|org.torproject.android|1|null|10013 05-04 20:53:44.144 12069 12069 D InterruptionStateProvider: No heads up: unimportant notification: 0|org.torproject.android|1|null|10013 05-04 20:53:44.650 5952 5952 D QtiCarrierConfigHelper: Invalid phone ID: -1 05-04 20:53:45.128 12069 12069 D InterruptionStateProvider: No heads up: unimportant notification: 0|org.torproject.android|1|null|10013 05-04 20:53:45.131 12069 12069 D InterruptionStateProvider: No heads up: unimportant notification: 0|org.torproject.android|1|null|10013 05-04 20:53:45.438 12069 12069 W View : requestLayout() improperly called by com.android.systemui.statusbar.policy.NetworkTrafficSB{12458dd V.ED..... ......ID 0,3-181,69} during layout: running second layout pass 05-04 20:53:46.957 12069 12069 I chatty : uid=10140(com.android.systemui) identical 1 line 05-04 20:53:48.480 12069 12069 W View : requestLayout() improperly called by com.android.systemui.statusbar.policy.NetworkTrafficSB{12458dd V.ED..... ......ID 0,3-181,69} during layout: running second layout pass 05-04 20:53:48.625 4873 4873 I MSM-irqbalance: Decided to move IRQ48 from CPU2 to CPU1 05-04 20:53:49.030 12069 12069 D InterruptionStateProvider: No heads up: unimportant notification: 0|org.torproject.android|1|null|10013 05-04 20:53:49.037 12069 12069 D InterruptionStateProvider: No heads up: unimportant notification: 0|org.torproject.android|1|null|10013 05-04 20:53:49.982 12069 12069 W View : requestLayout() improperly called by com.android.systemui.statusbar.policy.NetworkTrafficSB{12458dd V.ED..... ......ID 0,3-181,69} during layout: running second layout pass 05-04 20:53:50.638 5952 5952 D QtiCarrierConfigHelper: Invalid phone ID: -1 05-04 20:53:53.629 4873 4873 I MSM-irqbalance: Decided to move IRQ304 from CPU2 to CPU1 05-04 20:53:57.552 12069 12069 W View : requestLayout() improperly called by com.android.systemui.statusbar.policy.NetworkTrafficSB{12458dd V.ED..... ......ID 0,3-181,69} during layout: running second layout pass 05-04 20:53:58.629 4873 4873 I MSM-irqbalance: Decided to move IRQ163 from CPU2 to CPU1 05-04 20:53:59.057 12069 12069 W View : requestLayout() improperly called by com.android.systemui.statusbar.policy.NetworkTrafficSB{12458dd V.ED..... ......ID 0,3-181,69} during layout: running second layout pass 05-04 20:54:00.077 12069 12069 D InterruptionStateProvider: No heads up: unimportant notification: 0|org.torproject.android|1|null|10013 05-04 20:54:01.106 12069 12069 I chatty : uid=10140(com.android.systemui) identical 2 lines 05-04 20:54:01.113 12069 12069 D InterruptionStateProvider: No heads up: unimportant notification: 0|org.torproject.android|1|null|10013 05-04 20:54:02.640 5952 5952 D QtiCarrierConfigHelper: Invalid phone ID: -1 05-04 20:54:03.631 4873 4873 I MSM-irqbalance: Decided to move IRQ240 from CPU2 to CPU1 05-04 20:54:08.641 5952 5952 D QtiCarrierConfigHelper: Invalid phone ID: -1 05-04 20:54:11.135 12069 12069 D InterruptionStateProvider: No heads up: unimportant notification: 0|org.torproject.android|1|null|10013 05-04 20:54:12.126 12069 12069 I chatty : uid=10140(com.android.systemui) identical 2 lines 05-04 20:54:12.130 12069 12069 D InterruptionStateProvider: No heads up: unimportant notification: 0|org.torproject.android|1|null|10013 05-04 20:54:14.134 12069 12069 W View : requestLayout() improperly called by com.android.systemui.statusbar.policy.NetworkTrafficSB{12458dd V.ED..... ......ID 0,3-181,69} during layout: running second layout pass 05-04 20:54:14.640 5952 5952 D QtiCarrierConfigHelper: Invalid phone ID: -1 05-04 20:54:18.632 4873 4873 I MSM-irqbalance: Decided to move IRQ57 from CPU2 to CPU0 05-04 20:54:20.669 5952 5952 D QtiCarrierConfigHelper: Invalid phone ID: -1 ```

[n8fr8]

It does work on my Pixel 3A using the settings as shown in the screenshot.

[pgerber]

@n8fr8, I don't think the setting in the screenshot work as expected. Could it be that you had VPN mode enabled?

Correct settings:

Name	Value	Comment
network.proxy.socks	localhost	this is the host and not a true/false value as shown in the screenshot
network.proxy.socks_port	9050
network.proxy.socks_remote_dns	true	we want Tor to handle DNS, not Android
network.proxy.type	1	use manual configuration (the setting above) rather than system default

Use this setup for testing only, it does not provide good privacy protection. Use a browser like Tor Browser that has been designed to provide privacy on the Tor network.

[Kreyren]

@pgerber Provided configuration works on my end

EDIT: just to clarify VPN-Mode still doesn't work

[n8fr8]

@pgerber strange... yeah, hmm. I do not have Firefox in my app list. Let me double check. How the heck did that work if I had so many settings wrong?

Anyhow, agreed that Tor Browser for Android is the solution here. Orbot VPN is meant for apps that don't have proxy features or alternatives that are tor enabled. Still, I DO use Firefox Focus / Klar with Orbot VPN mode for browsing news and it works well.

[Kreyren]

How the heck did that work if I had so many settings wrong? @n8fr8

Seems that you had the VPN mode enabled for testing of non-VPN connection ?

[n8fr8]

Okay, tested again, no VPN, and proper settings. Working as expected.

On Mon, May 4, 2020, at 6:24 PM, Kreyren wrote:

How the heck did that work if I had so many settings wrong? @n8fr8 https://github.com/n8fr8

Seems that you had the VPN mode enabled for testing of non-VPN connection ?

image https://user-images.githubusercontent.com/11302521/81019309-b1dbc580-8e66-11ea-9b20-546c078ffe74.png

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/guardianproject/orbot/issues/328#issuecomment-623740028, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAAHRA7Z4ZRTW3T6EU2K3TLRP46DVANCNFSM4MXLJMIQ.

[n8fr8]

[Kreyren]

Any info new info on the VPN mode ?

[n8fr8]

We did just put out a new beta, so that is always worth a shot.

Otherwise, we haven't tested with your specific device and OS configuration. I do have a OnePlus device, and so can try to get it up and running to debug. It has Lineage on it currently.

[bitmold]

16.3.1-BETA-1-tor-0.4.2.7 / 4 August 2020: https://github.com/guardianproject/orbot/releases/tag/16.3.1-BETA-1-tor-0.4.2.7 is the latest, it also incorporates a previous release dating back to early May

[Kreyren]

Seems to have same issue using beta version https://dpaste.com/9GE69VDVA.txt

[Kreyren]

FWIW i found this app https://github.com/Gedsh/InviZible which has working Tor support to get tor connection in apps that doesn't support proxying e.g. RevolutionIRC.

Maybe the maintainer (Gedsh) might be able to provide inside to how to resolve this issue?

[Kreyren]

Btw. the issue is still ongoing.. Using the 16.3.2-RC-1-tor-0.4.3.6 seems to be able to get the VPN working, but it's unable to resolve any domains.. (1.1.1.1 worked for me)

[n8fr8]

I'm running OnePlus 5T With Lineage Android 10 build, and it is working here.

If you have private DNS enabled, then domain resolution may not work, since the DNS lookups are encrypted, and Tor cannot intercept them appropriately to route through Tor's DNS.

[Kreyren]

@n8fr8 Sorry missed the reply, doesn't work on my end when resolving a domain e.g. loading https://check.torproject.org fails, but opening 1.1.1.1 works.

Private DNS is turned off.

Version 16.3.3-RC-1-tor-0.4.3.6 (Tor 0.4.3.6-openssl1.1.1g)

[Kreyren]

closed by mistake

[n8fr8]

Hey, you are aware that turned on DoT since Android 9 blocks access to hidden survices, both v2 and v3? This is bad. Tor on clear net works.

If you set the Private VPN feature to "Auto" or "Off" even, it is still possible. You might also instead use something like RethinkDNS, which secures your DNS, adds an app firewall option, AND integrates nicely with Orbot. https://rethinkdns.com/

Obviously VPN should force DNS on itself, somehow it does not do it for .onion (no dnsleak, so otherwise all good). Guys??

Which apps are you trying to use over the VPN with onion services? Chrome and Brave Browser do work still with onion address. Firefox browsers do not.