Open marierose147 opened 4 years ago
Ooh interesting. Looks like something is failing, which is causing sslocal to bypass the connection.
@madeye Apparently on Android 10, if private DNS is enabled, it will be used even for VPN connections (as opposed to not on Android 9). It was working in v5.0.x because shadowsocks-libev was using sni_parser to force redirect traffic.
For now, either turn off private DNS, or add IP blocks to be proxied to custom rules as well. Adding back sni_parser does not sound like a desirable thing to do.
I think the behavior is expected, if the ACL doesn't include the rules for that private DNS, we should not proxy it.
The issue is that no matter what ACL is, the system will not use our DNS relay other than resolving private DNS hostname...
For now, let's see if Google is willing to implement any changes to private DNS with VPN. If not, we might need to do some nasty changes.
It's been 5 months and by the looks of it, Google is not willing to do anything about it. It's even described as a bug in Android 9 which was "fixed in Android 10". IMHO there is no way they change it back.
This might be related but you cannot connect if the server is a domain name and private DNS is enabled. It looks like private DNS resolving is broken with bound network.
Describe the bug After turning on Android's private DNS feature, it cannot connect properly.
To Reproduce Steps to reproduce the behavior:
Expected behavior Successfully connected to google.com.
Screenshots
Smartphone (please complete the following information):
Configuration
Additional context