Proxy doesn't work #1098
Comments
Install Orbot, start it, then make sure it is setup to accept incoming SOCKS5 over
Rethink has had this feature for 3 years now. |
As mentioned, "App" is set to "none" and this "none" is grayed out. It is impossible to change it. |
|
Cannot forward connections to another app if VPN is in lockdown mode ("Block connections without VPN" is turned ON). |
|
So, this means either turning off lockdown mode and possibly make some programs and system components access internet while bypassing Rethink with all its blocklists and other privacy/security hardenings (thus compromising privacy/security), or keeping lockdown mode but having no way to route the traffic to Orbot, is this correct? |
|
Yep. This is an Android limitation. Android won't let Orbot connect (without being tunneled through Rethink) if Rethink is put in VPN Lockdown mode.
Unless Configure -> Network -> Enable network visibility is turned ON, installed apps cannot bypass the VPN tunnel Rethink setup regardless of whether it is in VPN Lockdown mode or not. System apps may (not that they do) bypass any VPN tunnel regardless of whether the VPN is Lockdown. See: #224 |
|
Hm, I thought VPN lockdown system setting is for forcing all network-facing programs (installed and system) to the selected VPN. In this case what is the point of this setting at all? |
This setting is for the end user to ensure that no installed app can bypass the VPN tunnel even if the VPN tunnel implementation had provisions to let apps do so. For example, apps like Blokada, Intra (and perhaps NetGuard?) may let installed apps bypass their tunnels, by default. VPN Lockdown ensures that those apps can't despite that. As far as Rethink is concerned, it doesn't let any apps bypass by default. Enable network visibility and Exclude are ways for users to explicitly instruct Rethink to let certain apps through. And both these settings won't be honoured by Rethink if VPN is put in Lockdown. |
|
Ok, thanks a lot for clarification :-) |
|
What are the use case differences for TCP Proxy and HTTP Proxy? |
|
For the end user, HTTP Connect and TCP-only SOCKS5 tunnels into Orbot are one and the same. It is but an implementation detail. Since Rethink supports both, it exposes both. |
|
I found an unfortunate difference between with and without VPN Lockdown. When Rethink is not active, "not protected", everything on the phone has direct access to the internet when VPN is not in Lockdown mode. This is compromises privacy/security when Rethink has to be temporarily disabled, or (most importantly) if Rethink fails to start with the OS (this happens sometimes). In order to use Rethink without Lockdown mode and without compromising privacy/security, its startup with system must be bulletproof, and it must start up first, before any other programs (early start). |
|
Always-on VPN is enough to start any VPN app on reboots. Rethink had a bug in the previous version where it wouldn't start despite being set to Always-on, but I think it's fixed in But like you say, VPN Lockdown offers much better protection, for when the VPN app may crash or not start, installed apps won't be able to connect. |
|
I know one competitor-software, InviZible Pro, it has Tor and I2P modules built-in, and their settings (ports, entry/exit node country selection, etc) are available in InviZible's settings. Could Rethink get this? |
Don't consider it competition, tbh. Targets a very different usecase, though there's some overlap.
We may never bundle Tor because we don't want that additional maintenance burden.
We're experimenting with network namespaces #393, and if we can make it sing, then proxying to Tor via Orbot would work even if Rethink is VPN Lockdown.
It can get everything under the sun; the problem is, who's going to fund its development and maintenance? ;) |
In our corrupted stupid world not many, sadly. Funding awesome and anti-mafia tools is the last priority on this planet :-/
This sounds hyper-promising!
Well, in the worst case if it ends up with nothing else working, maybe this could be considered? |
Hopefully network namespaces work, and this isn't required. |
Was really looking forward to being able to route the traffic to Tor/localhost:9050.
And finally Rethink got this feature.
However, it doesn't work.
Proxy -> Orbot:
the "Setup Orbot" entry is grayed out.
Proxy -> Other -> Setup SOCKS5 Proxy:
Result: nothing on the phone can connect to the internet.
Could you make the proxy work?
I'm running GrapheneOS / AOSP 13.
The text was updated successfully, but these errors were encountered: