Aleximal
commented
1 week ago Reproduces for me on latest release, was pulling out hair trying to understand why a socks proxy on localhost launched from a whitelisted app was being ignored.
Thanks for the workaround
@schwabe please fix it, my crops are dying (not really but still explaining the workaround to non-technical users is gonna be hard :-))
General information
Android Version 13
Android Vendor/Custom ROM Calyx, Graphene, but seems to reproduce on stock
Device Pixel 5, Pixel 8
Version of the app (version number/play store version/self-built) From Github 0.7.53 but also reproduced on 0.7.51
Description of the issue
When importing a config that has a socks-proxy directive pointing to localhost like the following
socks-proxy 127.0.0.1 9998
the app creates remote entries in the app interface with the proxy option selected (which is reasonable and I guess expected)
the radio button of the remote(s) is set to "socksv5" option and the IP is present as expected.
HOWEVER the app then completely, utterly ignores the proxy (the proxy program logs show no attempts to connect to the proxy from openVPN or well, anyone, of course)
Changing the radio buttons to None and then back again does nothing (proxy is still completely ignored)
Manually changing the proxy address to a wrong one, exiting the ics-openvpn app and then manually changing the proxy address / port in UI to the correct one also does nothing (proxy will still be ignored)
The only workaround is:
1) import the config into ics-openvpn WITHOUT the socks-proxy option (as in, make a version of the config with the socks-proxy directive removed and import that one into ics-openvpn)
2) after successful import, go to "custom options" section in "advanced" tab in the app
3) enter
socks-proxy 127.0.0.1 9998
as a custom option
THEN and only then proxy starts working as expected (proxy program logs show successful connection, and VPN tunnel is set up as expected )
4) PS: additional hint to anyone suffering issues after step 3 - if the server listening on localhost forwards traffic to some other server (as mine does) it is paramount that the route to that server be explicitly excluded from VPN, which on android is most easily done via "allowed apps" function of ics-openvpn as long as the socks listener is started by another app.
If I may humbly suggest a quick fix for this behavior, allowing user to choose whether the "socks-proxy" directive in the config should be handled by per-remote "proxy radio buttons" UI functionality or sent straight to "custom options" would make for a good usability touch and make working around the above weird behavior much easier (but I do suspect that the proxy UI settings being ignored after import is an actual honest bug)