search

ivpn / android-app

Official IVPN Android app
https://www.ivpn.net/apps-android
GNU General Public License v3.0
291 stars 54 forks source link

Android 10: Wireguard + Antitracker: DNS leaks on Brave but not on Firefox #88

Open lsm5 opened 2 years ago

lsm5 commented 2 years ago

Bug report

Describe your environment

Describe the problem

Steps to reproduce:

  1. IVPN 2.6.0 with Wireguard and Antitracker enabled (non-hardcore mode)
  2. Run dnsleaktest Extended test on Brave / Brave Beta / Brave Nightly (See ISP's DNS in results)
  3. Run dnsleaktest Extended test on Firefox / Firefox Nightly (See Antitracker DNS in results as expected)

Observed Results:

Brave versions list ISP's DNS.

Expected Results:

Only the antitracker DNS should be displayed

I can consistently see this as of last night. Don't remember if this occurred prior to that.

/cc @ivpn786

lsm5 commented 2 years ago

hmm, and just like that, I can't see this issue anymore. I'll keep trying further and close this if I still can't reproduce it.

Ryu945 commented 2 years ago

I wonder if this is related to the bug I found where multiple user accounts with the app could feed internet to all user accounts on the phone. I suspect if they are configured with different DNSes, then you would get a DNS leak. https://github.com/ivpn/android-app/issues/82

In my experience though, I got internet from different IVPN apps on different user accounts with Firefox.

Do you use IVPN on multiple user accounts Ism5?

ghost commented 2 years ago

I believe issue occurs randomly then. It's better to not close this issue as it is now reported by two users. There is no response from developer yet. Let him take a look before closing. This is a security issue and should be addressed promptly. I am really busy right now. I will try to generate logs if I encounter issue again. @AlexKorvin, Does 172.253.12.5 DNS address belong to IVPN?

ghost commented 2 years ago

Issue seems to affect Android 10 only. No testing on Android 10 by IVPN team allows even security issues to persist indefinitely. really disappointing.

AlexKorvin commented 2 years ago

It takes me too long to answer because I can't reproduce it and I don't have a solution for it right now.

lsm5 commented 2 years ago

@AlexKorvin hello, i've been seeing this again at random on android 10 since earlier this morning, and still only on brave, not on firefox, so I kinda doubt what other apps on the phone end up using.

I'd be willing to test further if you have any suggestions on a reproducer. But if not, I'm totally fine with enabling private dns in my connection settings until I get access to Android 11 or newer (only speaking for myself of course). I'm well aware of how older distros can be a super PITA :) .

Anyway, thanks for all the good work on the app.

lsm5 commented 2 years ago

Also, if it matters, I have Bypass VPN for local networks enabled on the app and android native kill switch is disabled.

lsm5 commented 2 years ago

Do you use IVPN on multiple user accounts Ism5?

@Ryu945 nope, just 1.

Ryu945 commented 2 years ago

Also, if it matters, I have Bypass VPN for local networks enabled on the app and android native kill switch is disabled.

With the setting Bypass VPN for local networks enabled, Run the extended DNS leak test. What happens? https://dnsleaktest.com/

lsm5 commented 2 years ago

With the setting Bypass VPN for local networks enabled, Run the extended DNS leak test. What happens? https://dnsleaktest.com/

did you mean disabled? Because I have it enabled already and that's when I was seeing my ISP's DNS, but that too only at times, and it's pretty much impossible for me to find a consistent reproducer. Sometimes it would occur repeatedly, sometimes not at all. So, I've pretty much given up on it and resorted to private DNS until I switch to android 11 or newer.

Ryu945 commented 2 years ago

With the setting Bypass VPN for local networks enabled, Run the extended DNS leak test. What happens? https://dnsleaktest.com/

did you mean disabled? Because I have it enabled already and that's when I was seeing my ISP's DNS, but that too only at times, and it's pretty much impossible for me to find a consistent reproducer. Sometimes it would occur repeatedly, sometimes not at all. So, I've pretty much given up on it and resorted to private DNS until I switch to android 11 or newer.

That is why I want you to take that configuration of bypass VPN for local network enabled and android kill switch off that you have setup right now and run that test. I have a suspicion of what is causing the flakiness and I know that test will bypass any flakiness and give you solid results if I am correct. Be sure to run the extended test.

jordan-ivpn commented 2 years ago

Issue reported to occur with IVPN App for Android version 2.7.1 on an MIUI 12 device with Android 10. 70+ Google DNS servers are listed in leak test sites, dnsleaktest.com, ipleak.net, browserleaks.com/ip.