AdguardForAndroid icon indicating copy to clipboard operation
AdguardForAndroid copied to clipboard
verified publisher icon AdguardTeam

Always-on VPN blocking LAN traffic (Localsend, FTP)

Open Ali13798 opened this issue 1 year ago • 7 comments

Please answer the following questions for yourself before submitting a question.

  • [X] I am running the latest version
  • [X] I checked the knowledge base and found no answer
  • [X] I checked to make sure that this issue has not already been filed

Ask a question

Hey all, I have been experimenting with the Adguard app on android 14, with both the "Always-on VPN" and "Block connections without VPN" toggles turned on (under android settings > Network > VPN > AdGuard). I am trying to get FTP access or Localsend working over LAN but I am having no luck with that. I have managed to get the Adguard VPN working with this setup, so I am hoping that this is doable in the first place, and if anyone know the solution or of a good debugging technique that would be great.

As it relates to Localsend, I can send text or files from the phone to other devices fine, but receiving anything (text or file) is blocked. When I start an FTP server on the phone to access its files from another device, the connection is again blocked. Note that things function just fine if the "Block connections without VPN" is toggled off, but I am looking for a way to keep that on and essentially have Adguard accept the traffic and pass it through (preferably not even filtered for ads, etc. since this type of traffic is trusted by me).

I have tried the following so far (LAN IP 10.0.0.0/24):

Low level settings

Protection

  • IPv4 ranges excluded from filtering - empty and 10.0.0/24
  • Port ranges to be filtered - 1..65535
  • Excluded apps - all commented out

Local VPN settings

  • IPv4 address - 172.18.011.218
  • Forcibly route LAN IPv4 - checked and unchecked
  • Route all LAN IPv4 connections - checked and unchecked

App management settings

  • Route traffic through Adguard - checked
  • Filter traffic - checked and unchecked

If I am missing anything do not hesitate to let me know. Thanks for your time.

Ali13798 avatar Dec 20 '24 16:12 Ali13798

@Ali13798 Some of the LAN traffic is clearly not routed through AdGuard. When you enable the "Block connections without VPN" option Android OS restricts all connections except those routed through AdGuard.

So the main goal is to find where traffic is bypassing AdGuard and redirect it to the app.

Versty avatar Dec 28 '24 11:12 Versty

Yes, exactly. I am just having trouble finding the appropriate combination of settings (low level or not) to make this happen. Being familiar with the source code, do you have any suggestions @Versty ?

Ali13798 avatar Jan 09 '25 01:01 Ali13798

@Ali13798 We have tried to reproduce this issue with Localsend, it seems that file transfer works as expected with the Forcibly route LAN IPv4 option enabled and all other settings in their default positions.

So we recommend that you create a backup of your settings, then reset the app to defaults, enable the Forcibly route LAN IPv4 toggle and check if file transfer is now working.

Versty avatar Jan 13 '25 14:01 Versty

@Ali13798 Did my advice help?

Versty avatar Feb 17 '25 14:02 Versty

Hey, thanks for following up. To be honest I had forgotten about this issue... Unfortunately your suggestion that I tried just now did not work for me. It is weird though, as the transfer sometimes works and sometimes not. For example, between two Samsung devices both running Android 14, it does not work. Similarly between Samsung and Windows it does not work. Between a pixel device and Samsung and Linux though it does work. It has been pretty unpredictable so I do not know of a good way to debug it but I am open to any suggestions you might have. In the meantime I have resorted to an old fashioned wired connection, nextcloud, and syncthing to transfer files/text. If there is any specific information that I can provide to help shine some light on this let me know. Thanks!

Also, I just tried again with my config restored. Outgoing connections from a Samsung device to a pixel device work, but not the other way around. Both devices have android 14, and the same config imported after resetting the app settings.

Ali13798 avatar Feb 18 '25 03:02 Ali13798

@Ali13798 According to the documentation, LocalSend uses port 53317. So you could try changing the port ranges in the low-level settings like this:

80..5221
5299..53316
53318..65535

Versty avatar Apr 07 '25 11:04 Versty

Смена портов в приложении на ПК и на Android устройстве не не помогло, приложение по прежнему хорошо работает только если отключить полностью adguard vpn.

ilya-corneli avatar Apr 17 '25 12:04 ilya-corneli

@Ali13798 Have you tried excluding the ports as described in https://github.com/AdguardTeam/AdguardForAndroid/issues/5554#issuecomment-2783012275, or have you found another solution that works?

We actually have an explanation for the file transfer issue when the Always-on VPN feature is enabled. LocalSend relies on your local network to transfer files, but by default, local IP ranges are added to the IPv4 ranges excluded from filtering in AdGuard's Low-level settings. This means the LAN traffic bypasses AdGuard, and Android system blocks it due to the Always-on VPN restriction.

You can resolve this by removing the local network ranges from the IPv4 ranges excluded from filtering list.

Versty avatar Jul 07 '25 11:07 Versty