Android: Internet connectivity fails when "Block connections without VPN" is enabled

[arunsathiya]

Describe the bug

When "Block connections without VPN" setting is enabled on Android VPN settings, internet connectivity fails. None of the websites/apps work.

To Reproduce

• Install Tailscale on an Android device.
• Setup nameservers on this page - https://login.tailscale.com/admin/dns (can use a public DNS like Cloudflare 1.1.1.1, Google 8.8.8.8 or Quad9 9.9.9.9)
• Do not enable magic DNS on that page
• On your Android device, visit VPN settings and enable "Block connections without VPN" or use an equivalent setting.

Expected behavior

Internet connectivity continues to work, by using the nameservers configured on https://login.tailscale.com/admin/dns

Screenshots

Version information:

• Device: OnePlus 5
• OS: Android
• OS version: Android 10
• Tailscale version: 1.6

Additional context

I believe this has always been an issue and is not new to Tailscale 1.6. I just had a chance to submit the report.

[arunsathiya]

If it's important to note, this issue occurs even when I use a Tailscale node as a nameserver (like a Raspberry Pi running pihole), instead of using a public DNS resolver.

[bradfitz]

Tailscale by default is a split tunnel VPN: only your traffic to other Tailscale nodes goes over Tailscale. The rest of your Internet traffic is unaffected.

To route all your traffic over Tailscale, use the new Exit Nodes feature: https://tailscale.com/kb/1103/exit-nodes

Because you're not using Exit Nodes, when you tell Android to block your non-VPN traffic, it's properly blocking your non-Tailscale traffic.