Comments (53)
Hey, chiming in here since I apparently helped start a back-and-forth.
There is an issue open about this on the CalyxOS side, so it's on our radar. It's already been linked, but one more time in case anyone missed it: https://gitlab.com/CalyxOS/calyxos/-/issues/2192
To be fair, the particular setting we're talking about here isn't one that the majority of users will ever encounter at all, so it hasn't been a focus of manual testing, and this is the first time I've seen this issue come up. Please correct me if I'm wrong on this, but from my perspective, it's very niche.
Custom ROMs tend to have a number of added features and intentional behavior-altering framework changes that would require CTS tests to be modified in order to pass need extra attention to ensure they are able to even run properly (edit: I was reminded that I was thinking of other types of tests, when I mentioned modifying them, and this is for the case that a method signature or other functionality has been changed; actually changing CTS tests to pass goes against the point). This has been done in some cases, but it can be time-consuming and hasn't yet been done in all cases. With CalyxOS, in my experience at least, CTS tests are run for some things (e.g. WebView), and particularly they are run when modifying sensitive code, but it's done selectively, not yet run for absolutely everything.
Affected OSes don't ship releases with Google Mobile Services included, so it's not like there's a requirement to have all CTS tests pass, but of course it would be nice.
LineageOS and CalyxOS are open-source projects, so anyone can contribute code to solve issues like this, or can report issues and we'll do what we can.
Thanks!
from vpnhotspot.
@soccerboys2008 Thanks for the logs! It appears that in the last log you sent everything seems working fine. If you try my order now, does the error message reappear? (Disregard the connectivity issue since you said your VPN is not working.)
EDIT: What I mean is that 1. start VPN tethering 2. start VPN 3. turn off VPN tethering and on again 4. export debug information.
rebooted device and did that in that exact order (same issue), here log:
vpnhotspot-2936274959345153651_025703.log.txt
from vpnhotspot.
I tried the following:
On new version:
Disable VPN -> Reboot -> Enable VPN Tethering -> Enable VPN: No warning, VPN not seem to work properly
Log(Please ignore the crashed vibrator thing in the logs)
new.log
On Old version v2.16.11:
Disable VPN -> Reboot -> Enable VPN Tethering -> Enable VPN: Working properly
old.log
Not sure if it is the same problem. If not, I can open a new issue.
from vpnhotspot.
pia is back online, i restarted and grabbed one more log following these steps (jic you want it), before i downgrade again:
@soccerboys2008 Thanks for the logs! It appears that in the last log you sent everything seems working fine. If you try my order now, does the error message reappear? (Disregard the connectivity issue since you said your VPN is not working.)
EDIT: What I mean is that 1. start VPN tethering 2. start VPN 3. turn off VPN tethering and on again 4. export debug information.
let me know if you want that one too
from vpnhotspot.
just sending drive links now, not gonna try to send attachments
https://drive.google.com/file/d/1--mc25VqTd5W9DsNwT0YAF9RBo3kv0X7/view?usp=sharing
from vpnhotspot.
does my service-connectivity.jar file look ok
from vpnhotspot.
fixed
from vpnhotspot.
Hi, I can confirm this works.
And I am also using Lineage OS, so I suspect this is something related to the OS, because it does introduced something like firewall in the connectivity apex.
If this problem is ROM's side, can you provide some more detailed information about the issue?
from vpnhotspot.
Thanks for the information!
I have reported the issue to the developers and the issue is tracked here: https://gitlab.com/CalyxOS/calyxos/-/issues/2192
from vpnhotspot.
its upstream: https://review.lineageos.org/c/LineageOS/android_packages_modules_Connectivity/+/369208
from vpnhotspot.
@Uldiniad Please explain your commit? How does LineageOS/CalyxOS even pass CTS tests with this? Do you guys even run CTS tests? 🤔
We don't test CTS and have no reason to
from vpnhotspot.
I agree this is not an appropriate place for legal discussions.
The commit would not be necessary in AOSP, which does not have a native user-accessible firewall. Whether or not the commit is still necessary in custom ROMs is a different matter and will be looked at.
from vpnhotspot.
Hi what VPN are you using? Can you export debug information on v2.17 and send it to me?
from vpnhotspot.
Hi, I am having the same problem. Here is the debug log.
I toggled the Repeater switch on and off, and captured the log.
The VPN I have been using is sing-box (https://play.google.com/store/apps/details?id=io.nekohasekai.sfa)
vpnhotspot-2535350892380703906.log
from vpnhotspot.
Hi @hellobbn does rebooting solve the issue?
from vpnhotspot.
Make sure you are reporting after you see this prompt again after reboot. Do not uninstall the app.
from vpnhotspot.
Hi @Mygod , I can confirm that rebooting does not solve the issue.
from vpnhotspot.
@hellobbn Does the following steps help?
- Disable VPN.
- Reboot the device.
- Start VPN tethering.
- Enable VPN.
from vpnhotspot.
Hi, if I start VPN tethering before enabling VPN, the error message no longer shows. However, it seems the traffic is not going through VPN, either.
from vpnhotspot.
@hellobbn Okay, are you saying you did those steps without rebooting the device and the error no longer shows? Can you export debug information while VPN and tethering are all active? Also was v2.16 working for you before?
from vpnhotspot.
i use pia, however pia is currently having a nationwide issue in us starting about 4 - 6 hours ago
however i can use the repeater without a vpn until they get there stuff figured out
i will upgrade the app quick and grab the debug info
from vpnhotspot.
This warning should only pop up if you use a VPN along with tethering but you can try that and see how it goes too.
from vpnhotspot.
hmm, just noticed that verison works without the vpn (naked as i like to call it), but when connected to pia (even though it currently has network issues) the issue reappears
thats probably why reboot didn't work, cause every time you connect the vpn the error appears
exported debug (before reboot):
vpnhotspot-7265846459898467798_021801.log.txt
just tried reboot and same issue, no error naked though
exported degug (after reboot, before running naked was included):
vpnhotspot-5674043189770050290_023006.log.txt
exported degug (after reboot, after/during running naked was included):
vpnhotspot-2945051092799165850_022935.log.txt
i'll need to downgrade again once pia gets there issues resolved (can connect but spotty connections / slow internet, not related to this app)
from vpnhotspot.
until pia is fixed i wont be able to test this:
@hellobbn Does the following steps help?
1. Disable VPN. 2. Reboot the device. 3. Start VPN tethering. 4. Enable VPN.
usually the order i use is this:
- reboot (no vpn active)
- enable vpn
- start vpn tethering
(in the past starting vpn tethering before enabling the vpn always lead to no internet access (devices connect to the network but receive no internet access, so i always stuck to the order above))
again once pia is fixed ill test the order you provided (can't test for internet access with vpn that has spotty internet access)
from vpnhotspot.
also the reason i had to downgrade last night (before these vpn issues), is i was getting no network access following the order i usually use (which gave the error message). after the downgrade everything worked again
from vpnhotspot.
@soccerboys2008 Thanks for the logs! It appears that in the last log you sent everything seems working fine. If you try my order now, does the error message reappear? (Disregard the connectivity issue since you said your VPN is not working.)
EDIT: What I mean is that 1. start VPN tethering 2. start VPN 3. turn off VPN tethering and on again 4. export debug information.
from vpnhotspot.
when i said same issue, it appeared at step 3 "3. turn off VPN tethering and on again" (specifically when it was turned on again)
from vpnhotspot.
10198 HAPPY_BOX_MATCH RESTRICTED_MATCH IIF_MATCH tun0
Okay I feel like the issue here is that the uids_allowed_on_restricted_networks
global setting is somehow not being used/respected by system, causing system to block DNS traffic from VPN Hotspot. 🤔 (Since v2.17, VPN Hotspot handles tethering DNS instead of offloading it to the primary DNS server.)
@hellobbn What is your device? I can see that you are running Android 14. Is it stock or custom ROM?
from vpnhotspot.
i have another oneplus 5 thats on lineageos 21 (android 14), with everything installed if it can help
(the oneplus 5 in the screenshots i've been too lazy to update, which is why its on lineage os 20 (android 13)) (this is the device all the logs came from)
from vpnhotspot.
Hi can you guys try this apk? It should hopefully work on Android 13+.
EDIT: Sorry this apk is buggy. Please hold.
from vpnhotspot.
Fixed some bugs and should hopefully work on any Android version: https://github.com/Mygod/pogoplusle/releases/download/debug/vpnhotspot-v2.17.5-debug2.apk
from vpnhotspot.
new error appeared (no internet access, and no internet access from connected devices)
here's the debug log:
vpnhotspot-2389545170582576160_094038.log.txt
from vpnhotspot.
Hmm I couldn't download the log...
from vpnhotspot.
ill try again then:
vpnhotspot-2389545170582576160_094038.log.txt
from vpnhotspot.
Did you download and install the debug2 version?
from vpnhotspot.
yes, im getting same error on the link i just sent imma upload a google drive link:
https://drive.google.com/file/d/1XgnTuTGpJJslxNGtf4NaRRJo0AFhB6a5/view?usp=sharing
from vpnhotspot.
Thanks for the logs but I am pretty sure that's not debug2 version. Try this apk? https://github.com/Mygod/pogoplusle/releases/download/debug/vpnhotspot-v2.17.5-debug2.apk
(I will double check this apk meanwhile.)
EDIT: Yes I think this is the right apk.
from vpnhotspot.
ok it seems the first one i installed was only 3mb (probably an incomplete download leading to that error) anyway here is the log and screenshots (same as the original error):
vpnhotspot-8812612977146599456_100343.log.txt
p.s. i'm getting an issue with viewing the log with 404 not found using the preview if you have an error let me know and ill send a drive link
from vpnhotspot.
Great please google drive the logs :)
from vpnhotspot.
https://drive.google.com/file/d/1XiTqTeG77vnROjzuXAq3LE3yym6DROJc/view?usp=sharing
from vpnhotspot.
Hmm I think your ROM might be not fully upgraded to Android 13 and that could be causing the issue. Do you have the file /apex/com.android.tethering/javalib/service-connectivity.jar
and if so, can you send it to me?
from vpnhotspot.
Meanwhile this might fix the issue: https://github.com/Mygod/pogoplusle/releases/download/debug/vpnhotspot-v2.17.5-debug3.apk
from vpnhotspot.
this made me remember that pia manages its own dns (may play a part (as in conflict of interest) or maybe not)
10198 HAPPY_BOX_MATCH RESTRICTED_MATCH IIF_MATCH tun0
Okay I feel like the issue here is that the
uids_allowed_on_restricted_networks
global setting is somehow not being used/respected by system, causing system to block DNS traffic from VPN Hotspot. 🤔 (Since v2.17, VPN Hotspot handles tethering DNS instead of offloading it to the primary DNS server.)@hellobbn What is your device? I can see that you are running Android 14. Is it stock or custom ROM?
anyway imma test debug 3 now
from vpnhotspot.
That doesn't matter. :)
from vpnhotspot.
https://drive.google.com/file/d/1-NsTCYZGTlNG6IrlWVLY_S8_H65uJNEh/view?usp=sharing
from vpnhotspot.
Yeah this was my fault. I wrote a bug. debug4: https://github.com/Mygod/pogoplusle/releases/download/debug/vpnhotspot-v2.17.5-debug4.apk
from vpnhotspot.
works on android 14 too (different oneplus 5 with lineage 21)
from vpnhotspot.
Sure. Essentially I am trying to grant this app restricted network permission which allows it to serve downstream DNS traffic bypassing Android VPN firewall. The way the app does this is essentially running settings put global uids_allowed_on_restricted_networks <app uid>
.
Looking at your logs, it seems like the global settings was updated properly and looking at the system jar from @soccerboys2008, the system does look at this settings key. However, somehow the permission is still not granted to the app for some reason. 🤔
from vpnhotspot.
Yeah that is definitely responsible. Why would they do this?
from vpnhotspot.
i run plain lineage os (lineageos.org), so theres probably an upstream issue
from vpnhotspot.
The firewall feature is "ported" from the CalyxOS to LineageOS. And here is the word from the developer which may answer @Mygod :
hey, thanks for sharing this. i'm 90% sure it's a bug in the firewall implementation. that uids_allowed_on_restricted_networks list was previously used by the firewall implementation (too) to track whether or not to allow network access for an application. the new implementation uses a uid policy instead, POLICY_REJECT_ALL, for that. it's very likely there was an oversight on my part in the new implementation that causes it to not even pay attention to uids_allowed_on_restricted_networks at all anymore. i'll need to mess with it a bit, but i do think it's something that i want to get fixed
actually, not sure yet, but this commit might be responsible (on the calyxos side anyway): https://review.calyxos.org/c/CalyxOS/platform_packages_modules_Connectivity/+/21480/7
it was created for a good reason in the previous implementation - to prevent apps from being given too much permission simply for being allowed to use the internet. but it may not be applicable with the new implementation. i'll have to check.
from vpnhotspot.
@Uldiniad Please explain your commit? How does LineageOS/CalyxOS even pass CTS tests with this? Do you guys even run CTS tests? 🤔
from vpnhotspot.
Thanks for the explanations! However, I'm unsure if changing CTS tests is the right thing to do since the whole point of CTS tests is to ensure compatibility. Also I guess you are probably legally not allowed to advertise your product with Android name if CTS tests do not pass: https://source.android.com/docs/compatibility/compatibility-faq#is-compatibility-mandatory
Anyway back to the topic, I don't think that commit is necessary since only system apps and shell can modify (in fact, or even read) uids_allowed_on_restricted_networks
as far as I'm concerned.
from vpnhotspot.
Related Issues (20)
- Join the auto-open system Ethernet sharing HOT 2
- [Help] VPNHotspot + Box for Magisk HOT 3
- Dual Band hotspot issues HOT 1
- Ndc network protect allow 10119 exited with 127
- [Feature]Keep app alive HOT 5
- [Feature] RNDIS Reverse sharing network HOT 1
- ADD defult password option for repeater HOT 1
- jdbc cant connect MySQL server via vpnhotspot
- How did this app detected my driver country code? HOT 1
- Support displaying additional soft AP information from Android 15 new APIs
- [Feature] Timer and Limit HOT 1
- Modify the tethered client blocking feature to a VPN user blocking feature, ensuring that blocked clients are unable to establish a VPN connection while still maintaining access to hotspot data HOT 2
- After using the software, open the system hotspot connection issue. HOT 4
- anyway to change dhcp lease time? HOT 1
- VPN connected to GoogleOneVPN(PixelVPN) cannot share. HOT 8
- my phone cannot use the vpn HOT 3
- I can't share vpn HOT 2
- No internet connection
- How to fix the IP of the hotspot (or custom gateway IP)?
- APP闪退/APP Crash HOT 6
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from vpnhotspot.