Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Root] IPv6 is not resolved within IPv6 VPNs if main connection is IPv4-only #2325

Closed
ameshkov opened this issue Nov 18, 2018 · 9 comments
Closed

[Root] IPv6 is not resolved within IPv6 VPNs if main connection is IPv4-only #2325

ameshkov opened this issue Nov 18, 2018 · 9 comments
Assignees
@admitrevskiy
Labels
Bug P3: Medium
Milestone
3.2

Comments

@ameshkov
Copy link
Member

ameshkov commented Nov 18, 2018
edited

It looks as if after adding the iptables rules system DNS no more responds to the AAAA requests. I've no idea why yet.
adguard (5).log
adguard (4).log

"androidVersion" : "7.1.2 (sdk=25)",
"deviceName" : "manufacturer=Xiaomi model=Redmi Note 3 brand=Xiaomi version=7.1.2 security_patch=2018-07-05",
@ameshkov
Copy link
Member Author

Also, user reports that it does work on AG v2.11

@ameshkov
Copy link
Member Author

@sfionov could you please check the logs and see if there are anything suspicious?

@sfionov
Copy link
Member

sfionov commented Nov 19, 2018
edited

@ameshkov We auto-detect lack of IPv6 during DnsUpstream setup. That's not very good if system doesn't have IPv6 but VPNs do.

@ameshkov
Copy link
Member Author

The problem is that IPv6 does not work even when DNS filtering is disabled

@sfionov
Copy link
Member

sfionov commented Nov 19, 2018

Java makes getaddrinfo requests using AI_ADDRCONFIG flag (check ipv6/ipv4 availability before request), but _have_ipv6 for AI_ADDRCONFIG checks that interface has address from 2000::/3 global unicast:
https://android.googlesource.com/platform/bionic/+/oreo-release/libc/dns/net/getaddrinfo.c#370
ULA addresses from fc00::/7 are not checked there.
I wonder why it works without us

@sfionov
Copy link
Member

sfionov commented Nov 19, 2018

Sorry, I've read the code not carefully enough. That check is about availability of 2000:: address via UDP.
I've look this more closely.

@sfionov
Copy link
Member

sfionov commented Nov 30, 2018

The main problem is that VPN have IPv6 but system doesn't.
We may fix it for DnsUpstream, but can't fix it for system getaddrinfo cache.

@sfionov sfionov changed the title IPv6 does not work in proxy mode [Root] IPv6 is not resolved within IPv6 VPNs if main connection is IPv4-only Apr 22, 2019
@sfionov
Copy link
Member

sfionov commented Apr 22, 2019
edited

The main problem is that NetworkUtils.hasIPv6Network() (used in DnsUpstream) ignores VPN interfaces.
That is good idea if we are VPN, but breaks IPv6 in VPNs in root mode.
So, we need to exclude VPNs in that check only if filteringMode is VPN.

@zzebrum zzebrum added this to the 3.2 milestone Apr 22, 2019
@admitrevskiy
Copy link

ipv6Available flag is not used since we've reworked the DNS module and don't use DnsUpstream anymore.
Thus, NetworkUtils.hasIPv6Network() check not breaks IPv6 VPN connection with IPv4-only connection.

Testing instructions for QA:

  • Reinstall AG
  • Enable Local HTTP proxy auto mode
  • Enable DNS filtering
  • Enable IPv6 VPN (for example, Nord VPN)
  • Surf the web
  • Examine Filtering Log for AAAA requests

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@admitrevskiy admitrevskiy

Labels
Bug P3: Medium
Projects
None yet
Milestone
3.2
Development

No branches or pull requests
5 participants
@sfionov @ameshkov @admitrevskiy @TheHasagi @zzebrum