search

ivpn / android-app

Official IVPN Android app
https://www.ivpn.net/apps-android
GNU General Public License v3.0
290 stars 53 forks source link

DNS over HTTPS support #322

Closed mjdNjhNJ closed 3 months ago

mjdNjhNJ commented 4 months ago

DNS over HTTPS support

Description

There is no possibility to use DNS with HTTPS encryption on the mobile version of the application while desktop allows it.

Describe the solution you'd like

Have the same options as on desktop application.

Describe alternatives you've considered

Currenctly using custom DNS server specified by IPv4 address.

codenyte commented 3 months ago

Duplicate of #123

mjdNjhNJ commented 3 months ago

Reopened this issue cuz the linked duplicate is closed.

codenyte commented 3 months ago

I think it's good practice to ask the person who closed the previous issue to reopen it, instead of creating a new one. Devs don't want to deal with the same issue in multiple places.

mjdNjhNJ commented 3 months ago

Right. I have tagged the OP and awaiting the response.

jurajhilje commented 3 months ago

Secure DNS settings for VPN tunnels are tricky on Android. At this point (at least that I'm aware of) there's no official API to implement secure custom DNS for VPN directly in the app. Current workaround is to use DNS-over-TLS via Android native Private DNS feature.

mjdNjhNJ commented 3 months ago

I'm able to set custom secure DNS on Vanadium (Chromium based browser). Couldn't be the same approach used for IVPN as well?

codenyte commented 3 months ago

Doesn't the iOS app have a custom implementation of DoH?

jurajhilje commented 3 months ago

Doesn't the iOS app have a custom implementation of DoH?

Yes it does, because Apple added support for DoH and DoT in their APIs for configuring VPN tunnel in iOS 14.

jurajhilje commented 3 months ago

I'm able to set custom secure DNS on Vanadium (Chromium based browser). Couldn't be the same approach used for IVPN as well?

I don't see how. You can check the docs to see what APIs are available for configuration: https://developer.android.com/reference/android/net/VpnService.Builder

codenyte commented 3 months ago

Doesn't the iOS app have a custom implementation of DoH?

Yes it does, because Apple added support for DoH and DoT in their APIs for configuring VPN tunnel in iOS 14.

Ok, that makes sense.

mjdNjhNJ commented 3 months ago

I'm able to set custom secure DNS on Vanadium (Chromium based browser). Couldn't be the same approach used for IVPN as well?

I don't see how. You can check the docs to see what APIs are available for configuration: https://developer.android.com/reference/android/net/VpnService.Builder

I see. Looks like Vanadium use APIs for web browsers which is not possible to use for a VPN app. Just another confirmation that Google privacy & security talks are just brainwashing campaigs. How come that crucial thing is not available in the biggest smartphone operating system in the world. Closing this issue now, hoping to reopen in the future when they add this option.

Anyway, at least, I'm glad that DNS fallback address is on the roadmap: https://github.com/ivpn/android-app/issues/323