rethink-app icon indicating copy to clipboard operation
rethink-app copied to clipboard
verified publisher icon celzero

split tunnel incorrectly identified?

Open samthesamman opened this issue 1 year ago • 6 comments

Looks like you are just looking for the presence of 0.0.0.0 in allowedIps to determine if it's a full tunnel. But if I set something like allowedIps=0.0.0.0/5, then this should be detected as split tunnel. Not sure if this is just a UI thing or if you have logic that depends on this detection.

samthesamman avatar Sep 18 '24 01:09 samthesamman

allowedIps=0.0.0.0/5

We rely on net/netip:IPPrefix.Contains: https://go.dev/play/p/RIcrz4KtOGD

ignoramous avatar Sep 18 '24 13:09 ignoramous

But if allowedIps is set to 0.0.0.0/5, shouldn't this be considered a split tunnel? Your code example considers this full.

samthesamman avatar Sep 19 '24 03:09 samthesamman

Indeed, whe I specify a split tunnel with multiple AllowedIPs entries filled with the IP addresses or ranges which should indeed be tunneled, the connection fails. Presumably, only config files with AllowedIPs = 0.0.0.0/0 are supported. Other lines result in 'Failure' while the same config succeeds with a Wireguard app or wg-quick open xxxxx.conf command and indeed tunnels only the single or multiple IP addresses / ranges.

freebrowser1 avatar Mar 02 '25 21:03 freebrowser1

We've since fixed this issue. It should release with the next version, v055o, which is currently undergoing UI polish (post which, it will be ready to be shipped). The WireGuard layer now uses the same "routing tree" that was implemented for enforcing IP-based firewall rules.

ignoramous avatar Mar 03 '25 00:03 ignoramous

Where is this version available ? It is not yet visible in Github.

freebrowser1 avatar Mar 29 '25 05:03 freebrowser1

Not yet released. May happen soon-ish.

ignoramous avatar Mar 30 '25 04:03 ignoramous

Fixed: https://github.com/celzero/firestack/commit/5d0b7f603764dd5e0e0d2645551a6d1bfd8d157c

Released: https://github.com/celzero/rethink-app/releases/v0.5.5o

Please test & let us know if the bug persists. If so, well reopen. Thanks

ignoramous avatar Aug 09 '25 00:08 ignoramous

Well, I could not update the version. I tried to install the APK over the existing, but it says it is incompatible. Probably different app metadata ?

freebrowser1 avatar Aug 09 '25 08:08 freebrowser1

Depending on where you installed the last app from, the signing key will differ between f-droid, google and the github release. In that case you have to uninstall the old version first and then install it again with the different signature. It is a security feature @freebrowser1

yoshimo avatar Aug 09 '25 09:08 yoshimo

Does not work. It did restore, but opening the app showed only four pages with what the app can do, but could not restore the settings backup or start the app normally to add wireguard configs. So I restored the old one. It appeared like a dummy app. And restoration of old v055n was completely messed up, even after restoring the backup just made before uninstall with the in-app backup. Each time when I restart Rethink VPN, all VPN configs are lost even when I add new ones, those get lost every time vpn is started. When I add one VPN and then start it, the list is empty again, but it tells it is active. And it is really active, as I see the correct VPN IP, but does not show it. So now I have to add a new VPN each time I use it as they are not displayed in the list. I hope the new version (055p, as 055o does not work at all ?) fixes this nasty bug. See also #2025.

freebrowser1 avatar Aug 09 '25 12:08 freebrowser1