Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Root] IPv6 is not resolved within IPv6 VPNs if main connection is IPv4-only #2325

Closed
ameshkov opened this issue Nov 18, 2018 · 9 comments
Closed
Assignees
Labels
Milestone

Comments

@ameshkov
Copy link
Member

@ameshkov ameshkov commented Nov 18, 2018

It looks as if after adding the iptables rules system DNS no more responds to the AAAA requests. I've no idea why yet.
adguard (5).log
adguard (4).log

"androidVersion" : "7.1.2 (sdk=25)",
"deviceName" : "manufacturer=Xiaomi model=Redmi Note 3 brand=Xiaomi version=7.1.2 security_patch=2018-07-05",
@ameshkov

This comment has been minimized.

Copy link
Member Author

@ameshkov ameshkov commented Nov 18, 2018

Also, user reports that it does work on AG v2.11

@ameshkov

This comment has been minimized.

Copy link
Member Author

@ameshkov ameshkov commented Nov 19, 2018

@sfionov could you please check the logs and see if there are anything suspicious?

@sfionov

This comment has been minimized.

Copy link
Member

@sfionov sfionov commented Nov 19, 2018

@ameshkov We auto-detect lack of IPv6 during DnsUpstream setup. That's not very good if system doesn't have IPv6 but VPNs do.

@ameshkov

This comment has been minimized.

Copy link
Member Author

@ameshkov ameshkov commented Nov 19, 2018

The problem is that IPv6 does not work even when DNS filtering is disabled

@sfionov

This comment has been minimized.

Copy link
Member

@sfionov sfionov commented Nov 19, 2018

Java makes getaddrinfo requests using AI_ADDRCONFIG flag (check ipv6/ipv4 availability before request), but _have_ipv6 for AI_ADDRCONFIG checks that interface has address from 2000::/3 global unicast:
https://android.googlesource.com/platform/bionic/+/oreo-release/libc/dns/net/getaddrinfo.c#370
ULA addresses from fc00::/7 are not checked there.
I wonder why it works without us

@sfionov

This comment has been minimized.

Copy link
Member

@sfionov sfionov commented Nov 19, 2018

Sorry, I've read the code not carefully enough. That check is about availability of 2000:: address via UDP.
I've look this more closely.

@sfionov

This comment has been minimized.

Copy link
Member

@sfionov sfionov commented Nov 30, 2018

The main problem is that VPN have IPv6 but system doesn't.
We may fix it for DnsUpstream, but can't fix it for system getaddrinfo cache.

@sfionov sfionov changed the title IPv6 does not work in proxy mode [Root] IPv6 is not resolved within IPv6 VPNs if main connection is IPv4-only Apr 22, 2019
@sfionov

This comment has been minimized.

Copy link
Member

@sfionov sfionov commented Apr 22, 2019

The main problem is that NetworkUtils.hasIPv6Network() (used in DnsUpstream) ignores VPN interfaces.
That is good idea if we are VPN, but breaks IPv6 in VPNs in root mode.
So, we need to exclude VPNs in that check only if filteringMode is VPN.

@zzebrum zzebrum added this to the 3.2 milestone Apr 22, 2019
@admitrevskiy

This comment has been minimized.

Copy link

@admitrevskiy admitrevskiy commented Jul 10, 2019

ipv6Available flag is not used since we've reworked the DNS module and don't use DnsUpstream anymore.
Thus, NetworkUtils.hasIPv6Network() check not breaks IPv6 VPN connection with IPv4-only connection.

Testing instructions for QA:

  • Reinstall AG
  • Enable Local HTTP proxy auto mode
  • Enable DNS filtering
  • Enable IPv6 VPN (for example, Nord VPN)
  • Surf the web
  • Examine Filtering Log for AAAA requests
@TheHasagi TheHasagi closed this Jul 20, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
5 participants
You can’t perform that action at this time.