search

guardianproject / orbot

The Github home of Orbot: Tor on Android (Also available on gitlab!)
https://gitlab.com/guardianproject/orbot
Other
2.26k stars 336 forks source link

Properly handle clearnet connections in VPN mode with "Block connections without VPN" #555

Open scallyob opened 2 years ago

scallyob commented 2 years ago

Steps

Android 12 with Orbot 16.4.1 Orbot VPN Mode is ON "Block connections without VPN" is ON in Android Settings->Network->VPN->Orbot

AppX is unchecked in "Tor-Enabled Apps" in Orbot AppY is checked in "Tor-Enabled Apps" in Orbot

Expected Behavior

AppX connects via clearnet regardless of whether Orbot is connected or not AppY connects via Tor when Orbot is on and is blocked from network access when Orbot is not on

Problem

AppX never connects to the network

Nickoriginal commented 2 years ago

It works as expected. When you turn on "Block connections without VPN", it means, that all external internet connections, including apps must go (and be approved by) VPN app, so in this case you choice between "allow app connections via Orbot when it is enabled" and "entirely block app connections by unchecking it in Tor-Enabled apps"

scallyob commented 2 years ago

Right, so AppX should pass through Orbot and Orbot should direct to the clearnet, right?

Otherwise, the only way to use some apps on Tor and some off Tor is to turn OFF "Block connections without VPN". And in that case, every time Orbot crashes all your torified apps start connecting via clearnet.

Nickoriginal commented 2 years ago

Right, so AppX should pass through Orbot and Orbot should direct to the clearnet, right?

No because, as you mentioned above,

AppX is unchecked in "Tor-Enabled Apps" in Orbot

but your expected behaviour for the AppX is:

AppX connects via clearnet regardless of whether Orbot is connected or not

with "Block connections without VPN". This is an expected behaviour of the Android and apps when this option is enabled, so you better to address your issue to Google.

Otherwise, the only way to use some apps on Tor and some off Tor is to turn OFF "Block connections without VPN".

Sure. Android restricts app connections only through VPN apps when you enables "Block connections without VPN", but you can disable it.

And in that case, every time Orbot crashes all your torified apps start connecting via clearnet.

This is NOT Orbot's fault. Every app is affected to connect through clearnet when every other VPN app is crashed. Or not connect at all with "Block connections without VPN".