Use vpn only on selected apps doesn't work on some device

[cowst]

Description of the issue

When I select only a few apps to go through vpn, everything goes through vpn. I suspect the fire tv stick 4k to be the problem, but I am not sure yet. The feature (a great one) always worked fine in my other fire tv stick 2nd Gen (I will check as soon as I can that still does, otherwise it means it is due to an Amazon SW update) and on my android tv with Android 7 and 8. The app version I just tested is 0.7.5, but I installed 0.7.7 before and I noticed the issue there.

Can I provide any log to help?

[cowst]

0.6.73 is working on the old stick. I will try this on the new one.

[schwabe]

There have been other tickets about the 2nd gen fire tv stick annd so far it looks like broken from Amazon's side.

[cowst]

I couldn't find posts about 3rd Gen not working.

As far as my experience goes, the first generation allows the openvpn installation, but it silently ignores it. The second is working fine. The third (4k) is currently not working properly for selected apps only. It seems to just ignore that filter.

I will try the same openvpn version that is currently working on my 2nd Gen stick.

If it doesn't work, is there any log that I can provide to help troubleshooting?

[cowst]

Ok, I confirm that only on the 3rd gen fire TV stick 4k any version of openvpn ignores the split tunneling. All the rest of the functionalities seem ok (at least that's what my nordvpn page is telling me).

I don't think this ticket should be closed, at least until there is some evidence that nothing can be done via software to have the feature working also on this device. I can offer whatever help you need in this sense, then if you don't have time to follow up, I'll understand the nature of spare time hobby :)

[cowst]

I see now what you meant.

972 is exactly the same, but on different devices.

And there is another one mentioning my device (I guess) with Amazon blaming a missing RECEIVE runtime permission necessary on newer Android apis. So if that's something that really needs to be added in this app, only latest might work.

[schwabe]

I checked the code now several times and the logs because of the repeated reports. Truth to be said, it always boils down to the app is doing the correct things, the firmware/OS ignores it. I know that is disappointing, especially since there is no workaround but unfortunately that is all I can tell you.

[cowst]

Understood. I was hoping for nordvpn to fill the gap with competitors on split tunneling, so this means I'll be disappointed again :) I'll go check where I can start annoying Amazon about this :D Thanks for the great app despite the stupid device exceptions.

[schwabe]

And there is another one mentioning my device (I guess) with Amazon blaming a missing RECEIVE runtime permission necessary on newer Android apis.

I am not aware of any issue of that. There is one report/issue where someone confusing filesystem permission to read the ovpn file with VPN working itself and that got nowhere.

[cowst]

Yeah, after reading some more, I got that as well.

[schwabe]

@cowst Is there any app working for you with allow/disallow APPs on FireTV?

Btw. the NordVPN app is using this app's code...

[cowst]

I tried only the flag to use vpn for selected apps because selection in the stick is a pain in the ass and selecting everything except the apps I want is a full day job :D

That said, I tried to verify selecting and deselecting Firefox, silk, and dazn because they are easy to check (the browsers always show protected on nordvpn page and dazn shows a black screen unless I disconnect completely).

About nordvpn app, the first time I tried it, openvpn was already installed and the app actually connected using the other app :D Then I tried it on a device without openvpn and it worked anyway, so I assumed it works both with an embedded VPN (code from here) or leveraging an external client if present.

[cowst]

There goes any hope from Amazon: "Levon@Amazon answered · Oct 30 '17 at 10:22 PM Hi GovPerm,

If you are running VPN application on the Fire TV or Fire TV Stick, then this is not supported by Amazon and you are doing it at your own risk. Any issues with the VPN app should be directed to the VPN app provider. Thanks!"

So I am left with nordvpn wanting to provide split tunneling, trying with the code here, finding out that it won't work on stick 4k, and going to beg Amazon to fix their OS. This should be actually true for any vpn service with that feature. I think express vpn has it. I'll go check if anybody already complained :D

[cowst]

Spot on: https://forums.developer.amazon.com/questions/190891/android-vpnservice-class-addallowedapplication.html

Meanwhile I realized that most of vpn services don't have split tunneling for android at all.

[schwabe]

Thanks for digging that out. You can configure split tunnel (e.g. exclude local LAN) with my app with any provider. Just per app routing is broken on FireTV it seems.

[cowst]

Only on Fire TV Stick 4k for now. From one comment there it seems the same version of FireOS seems to work on other devices...

[cowst]

I cannot believe what I am about to write, so please double check if you are/were affected by the this bug. It seems resolved by Amazon (they didn't say anything but today I noticed that my 2 browsers were showing different IPs as intended, so I went to confirm there is a new version of the FW installed): https://forums.developer.amazon.com/questions/190891/android-vpnservice-class-addallowedapplication.html