Reverse Tethering with custom DNS doesn't work

[ewoks]

I executed following command:
./gnirehtet rt -d 192.168.168.42
and here is the look of my stdout:

Starting gnirehtet...
'adb' reverse tcp:31416 tcp:31416
'adb' shell am startservice -a com.genymobile.gnirehtet.START --esa dnsServers 192.168.168.42
Starting service: Intent { act=com.genymobile.gnirehtet.START (has extras) }
'java' -jar relay.jar
2017-04-04 13:59:39.110 I Main: Starting server...
2017-04-04 14:00:04.445 W Router: Dropping invalid packet
2017-04-04 14:00:05.458 W Router: Dropping invalid packet
2017-04-04 14:00:15.599 W Router: Dropping invalid packet
2017-04-04 14:00:16.613 W Router: Dropping invalid packet
2017-04-04 14:00:17.630 W Router: Dropping invalid packet
2017-04-04 14:00:18.640 W Router: Dropping invalid packet

after some time browser on phone shows "Offline / Internet unavailable" message

[rom1v]

Dropping invalid packet happens when the device attempts to send an IPv4 packet with a transfer protocol different from both TCP and UDP. Typically, this happens when you ping, because it sends ICMP packets (if you actually called ping, this suggests that the DNS request worked). This is irrelevant for your problem I guess.

In the released version, UDP connections are not logged correctly (fixed by 2ee5367), but I guess that some UDP packets are sent to 192.168.168.42.

Could you please verify that the DNS server works from your computer by calling:

dig @192.168.168.42 google.com

?

Also, could you give more details about the device and its Android version?

[rom1v]

Also, could you give the device Android version, please?

[Zero3K]

Oh, I noticed a similar issue when the heap size is set too small. I discovered that 200 MB is needed for it to work properly for the length of it use. The version of my Android OS is 5.1.

[ewoks]

@rom1v
Device: Nexus 5, stock Android 6.0.1
I think this issue is not in OS but that I am behind corporate proxy.

dig @192.168.168.42 google.com

; <<>> DiG 9.8.3-P1 <<>> @192.168.168.42 google.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 25573
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;google.com.			IN	A

;; Query time: 1270 msec
;; SERVER: 192.168.168.42#53(192.168.168.42)
;; WHEN: Mon Apr 10 11:56:53 2017
;; MSG SIZE  rcvd: 28

[rom1v]

I think this issue is not in OS but that I am behind corporate proxy.

Ah, that's it!

Yes, all the HTTP requests are initiated by the Android device, so Android must be aware of the HTTP proxy.

You can either change the proxy in your mobile browser settings, or configure it for the whole system (as soon as the applications read these settings) by executing this command:

adb shell settings put global http_proxy abc:123 # in one shot

or:

adb shell settings put global global_http_proxy_host abc
adb shell settings put global global_http_proxy_port 123
adb shell settings put global global_http_proxy_exclusion_list a,b

(but it is quite limited, e.g. you cannot provide login/password).

To delete these settings:

adb shell settings delete global http_proxy
adb shell settings delete global global_http_proxy_host
adb shell settings delete global global_http_proxy_port
adb shell settings delete global global_http_proxy_exclusion_list

Note: Deleting the settings does not remove the http proxy immediately, but only after a reboot, which makes its usage cumbersome.

[ewoks]

still have troubles with this one. Setting proxy settings from shell didn't help.
I should still use custom DNS no? I will try to experiment more.

[ewoks]

Would this log help to pin point what am I doing wrong?

04-13 11:02:48.784 774-999/? E/ConnectivityService: updateNetworkInfo()
04-13 11:02:48.784 774-999/? D/ConnectivityService: NetworkAgentInfo [VPN () - 503] EVENT_NETWORK_INFO_CHANGED, going from CONNECTED to DISCONNECTED, reason = null, [ Transports: VPN Capabilities: INTERNET&NOT_RESTRICTED&TRUSTED]
04-13 11:02:48.784 774-999/? D/VPN: NetworkAgent: NetworkAgent channel lost
04-13 11:02:48.784 774-999/? D/ConnectivityService: NetworkAgentInfo [VPN () - 503] got DISCONNECTED, was satisfying 1
04-13 11:02:48.894 774-999/? D/NetworkStatsFactory: UpdateStatsForKnox
04-13 11:02:48.894 774-999/? D/ConnectivityService: returning getNetworkInfo(networkType - 28) :[type: MOBILE_ENT1[] - MOBILE_ENT1, state: DISCONNECTED/DISCONNECTED, reason: (unspecified), extra: (none), roaming: false, failover: false, isAvailable: true, isConnectedToProvisioningNetwork: false]
04-13 11:02:48.904 774-999/? D/ConnectivityService: notifyType LOST for NetworkAgentInfo [VPN () - 503]
04-13 11:02:48.904 774-999/? D/ConnectivityService: calling update connectivity
04-13 11:02:48.904 774-999/? D/ConnectivityService:  sending notification for NetworkRequest [ id=2, legacyType=-1, [] ]
04-13 11:02:48.904 774-999/? D/ConnectivityService: sending notification LOST for NetworkRequest [ id=2, legacyType=-1, [] ]
04-13 11:02:48.924 774-999/? D/CSLegacyTypeTracker: Removing agent NetworkAgentInfo{ ni{[type: VPN[] - 17, state: DISCONNECTED/DISCONNECTED, reason: (unspecified), extra: (none), roaming: false, failover: false, isAvailable: false, isConnectedToProvisioningNetwork: false]}  network{503}  lp{{InterfaceName: tun0 LinkAddresses: [10.0.0.2/32,]  Routes: [0.0.0.0/0 -> 0.0.0.0 tun0,::/0 unreachable,] DnsAddresses: [192.168.168.42,] Domains:  MTU: 0}}  nc{[ Transports: VPN Capabilities: INTERNET&NOT_RESTRICTED&TRUSTED]}  Score{0} validated{true} created{true} explicitlySelected{false} }
04-13 11:02:48.924 774-999/? W/ContextImpl: Calling a method in the system process without a qualified user: android.app.ContextImpl.sendBroadcast:1699 com.android.server.ConnectivityService.handleSetPolicyDataEnable:1680 com.android.server.ConnectivityService.access$4200:232 com.android.server.ConnectivityService$InternalHandler.handleMessage:2921 android.os.Handler.dispatchMessage:102 
04-13 11:02:48.924 774-999/? D/ConnectivityService: setProvNotificationVisibleIntent: E visible=false networkType=0 extraInfo=null
04-13 11:02:52.047 774-999/? D/ConnectivityService: hsengiv:checkWhatTypeOfNetwork and the value is false
04-13 11:02:52.047 774-999/? D/ConnectivityService: Got NetworkAgent Messenger
04-13 11:02:52.047 774-999/? E/ConnectivityService: updateNetworkInfo()
04-13 11:02:52.047 774-999/? D/ConnectivityService: NetworkAgentInfo [VPN () - 504] EVENT_NETWORK_INFO_CHANGED, going from null to CONNECTED, reason = null, [ Transports: VPN Capabilities: INTERNET&NOT_RESTRICTED&TRUSTED]
04-13 11:02:52.047 774-999/? D/ConnectivityService: updateLinkProperties: newLp = {InterfaceName: tun0 LinkAddresses: [10.0.0.2/32,]  Routes: [0.0.0.0/0 -> 0.0.0.0 tun0,::/0 unreachable,] DnsAddresses: [192.168.168.42,] Domains:  MTU: 0}
04-13 11:02:52.047 774-999/? D/ConnectivityService: Adding iface tun0 to network 504
04-13 11:02:52.097 774-999/? D/ConnectivityService: Adding Route [0.0.0.0/0 -> 0.0.0.0 tun0] to network 504
04-13 11:02:52.097 774-999/? D/ConnectivityService: Adding Route [::/0 unreachable] to network 504
04-13 11:02:52.097 774-999/? E/ConnectivityService: Unexpected mtu value: 0, tun0
04-13 11:02:52.097 774-999/? D/ConnectivityService: updateSourceRoutes : no source routing conditions
04-13 11:02:52.097 774-999/? D/ConnectivityService: Setting Dns servers for network 504 to [/192.168.168.42]
04-13 11:02:52.097 774-999/? D/ConnectivityService: LTETest block dns file not exists
04-13 11:02:52.107 774-999/? D/NetworkStatsFactory: UpdateStatsForKnox
04-13 11:02:52.107 774-999/? D/ConnectivityService: returning getNetworkInfo(networkType - 28) :[type: MOBILE_ENT1[] - MOBILE_ENT1, state: DISCONNECTED/DISCONNECTED, reason: (unspecified), extra: (none), roaming: false, failover: false, isAvailable: true, isConnectedToProvisioningNetwork: false]
04-13 11:02:52.127 774-999/? D/ConnectivityService: notifyType IP_CHANGED for NetworkAgentInfo [VPN () - 504]
04-13 11:02:52.127 774-999/? D/ConnectivityService: calling update connectivity
04-13 11:02:52.127 774-999/? D/NetworkStatsFactory: UpdateStatsForKnox
04-13 11:02:52.127 774-999/? D/ConnectivityService: returning getNetworkInfo(networkType - 28) :[type: MOBILE_ENT1[] - MOBILE_ENT1, state: DISCONNECTED/DISCONNECTED, reason: (unspecified), extra: (none), roaming: false, failover: false, isAvailable: true, isConnectedToProvisioningNetwork: false]
04-13 11:02:52.137 774-999/? D/ConnectivityService: notifyType PRECHECK for NetworkAgentInfo [VPN () - 504]
04-13 11:02:52.137 774-999/? D/ConnectivityService: calling update connectivity
04-13 11:02:52.137 774-999/? D/ConnectivityService: rematching NetworkAgentInfo [VPN () - 504]
04-13 11:02:52.137 774-999/? D/ConnectivityService:  network has: [ Transports: VPN Capabilities: INTERNET&NOT_RESTRICTED&TRUSTED]
04-13 11:02:52.137 774-999/? D/ConnectivityService:   checking if request is satisfied: NetworkRequest [ id=2, legacyType=-1, [] ]
04-13 11:02:52.137 774-999/? D/ConnectivityService:   checking if request is satisfied: NetworkRequest [ id=3, legacyType=-1, [ Capabilities: INTERNET&NOT_RESTRICTED&TRUSTED&NOT_VPN] ]
04-13 11:02:52.137 774-999/? D/ConnectivityService:   checking if request is satisfied: NetworkRequest [ id=1, legacyType=-1, [ Capabilities: INTERNET&NOT_RESTRICTED&TRUSTED&NOT_VPN] ]
04-13 11:02:52.137 774-999/? D/ConnectivityService: notifyType AVAILABLE for NetworkAgentInfo [VPN () - 504]
04-13 11:02:52.137 774-999/? D/ConnectivityService: calling update connectivity
04-13 11:02:52.137 774-999/? D/ConnectivityService:  sending notification for NetworkRequest [ id=2, legacyType=-1, [] ]
04-13 11:02:52.137 774-999/? D/ConnectivityService: sending notification AVAILABLE for NetworkRequest [ id=2, legacyType=-1, [] ]
04-13 11:02:52.137 774-999/? D/ConnectivityService: NetworkAgent connected
04-13 11:02:52.137 774-999/? D/ConnectivityService: Validated NetworkAgentInfo [VPN () - 504]
04-13 11:02:52.137 774-999/? D/ConnectivityService: rematching NetworkAgentInfo [VPN () - 504]
04-13 11:02:52.137 774-999/? D/ConnectivityService:  network has: [ Transports: VPN Capabilities: INTERNET&NOT_RESTRICTED&TRUSTED]
04-13 11:02:52.137 774-999/? D/ConnectivityService:   checking if request is satisfied: NetworkRequest [ id=2, legacyType=-1, [] ]
04-13 11:02:52.137 774-999/? D/ConnectivityService:   checking if request is satisfied: NetworkRequest [ id=3, legacyType=-1, [ Capabilities: INTERNET&NOT_RESTRICTED&TRUSTED&NOT_VPN] ]
04-13 11:02:52.137 774-999/? D/ConnectivityService:   checking if request is satisfied: NetworkRequest [ id=1, legacyType=-1, [ Capabilities: INTERNET&NOT_RESTRICTED&TRUSTED&NOT_VPN] ]
04-13 11:02:52.137 774-999/? D/ConnectivityService: notifyType AVAILABLE for NetworkAgentInfo [VPN () - 504]
04-13 11:02:52.137 774-999/? D/ConnectivityService: calling update connectivity
04-13 11:02:52.137 774-999/? D/ConnectivityService:  sending notification for NetworkRequest [ id=2, legacyType=-1, [] ]
04-13 11:02:52.137 774-999/? D/ConnectivityService: sending notification AVAILABLE for NetworkRequest [ id=2, legacyType=-1, [] ]
04-13 11:02:52.147 774-999/? W/ContextImpl: Calling a method in the system process without a qualified user: android.app.ContextImpl.sendBroadcast:1699 com.android.server.ConnectivityService.handleSetPolicyDataEnable:1680 com.android.server.ConnectivityService.access$4200:232 com.android.server.ConnectivityService$InternalHandler.handleMessage:2921 android.os.Handler.dispatchMessage:102 
04-13 11:02:52.157 774-999/? W/ContextImpl: Calling a method in the system process without a qualified user: android.app.ContextImpl.sendBroadcast:1699 com.android.server.ConnectivityService.handleSetPolicyDataEnable:1680 com.android.server.ConnectivityService.access$4200:232 com.android.server.ConnectivityService$InternalHandler.handleMessage:2921 android.os.Handler.dispatchMessage:102 

[rom1v]

Setting proxy settings from shell didn't help. I should still use custom DNS no?

Yes, you should still use the custom DNS.

To validate that the proxy settings are used, disable gnirehtet, connect to some wifi network from where the proxy is not accessible, and configure the proxy settings: you should not be able to load webpages.

Would this log help to pin point what am I doing wrong?

For now, I think it does not help :-(