android-app icon indicating copy to clipboard operation
android-app copied to clipboard

Published 20 hours ago verified publisher icon ivpn

Android 10: Wireguard + Antitracker: DNS leaks on Brave but not on Firefox

Open lsm5 opened this issue 3 years ago • 12 comments

Bug report

Describe your environment

  • Device: Samsung Note 9
  • OS name and version: Android 10
  • IVPN app version: 2.6.0

Describe the problem

Steps to reproduce:

  1. IVPN 2.6.0 with Wireguard and Antitracker enabled (non-hardcore mode)
  2. Run dnsleaktest Extended test on Brave / Brave Beta / Brave Nightly (See ISP's DNS in results)
  3. Run dnsleaktest Extended test on Firefox / Firefox Nightly (See Antitracker DNS in results as expected)

Observed Results:

Brave versions list ISP's DNS.

Expected Results:

Only the antitracker DNS should be displayed

I can consistently see this as of last night. Don't remember if this occurred prior to that.

/cc @ivpn786

lsm5 avatar Aug 18 '21 12:08 lsm5

hmm, and just like that, I can't see this issue anymore. I'll keep trying further and close this if I still can't reproduce it.

lsm5 avatar Aug 18 '21 13:08 lsm5

I wonder if this is related to the bug I found where multiple user accounts with the app could feed internet to all user accounts on the phone. I suspect if they are configured with different DNSes, then you would get a DNS leak. https://github.com/ivpn/android-app/issues/82

In my experience though, I got internet from different IVPN apps on different user accounts with Firefox.

Do you use IVPN on multiple user accounts Ism5?

Ryu945 avatar Aug 18 '21 15:08 Ryu945

I believe issue occurs randomly then. It's better to not close this issue as it is now reported by two users. There is no response from developer yet. Let him take a look before closing. This is a security issue and should be addressed promptly. I am really busy right now. I will try to generate logs if I encounter issue again. @AlexKorvin, Does 172.253.12.5 DNS address belong to IVPN?

ghost avatar Aug 19 '21 04:08 ghost

Issue seems to affect Android 10 only. No testing on Android 10 by IVPN team allows even security issues to persist indefinitely. really disappointing.

ghost avatar Sep 03 '21 09:09 ghost

It takes me too long to answer because I can't reproduce it and I don't have a solution for it right now.

AlexKorvin avatar Sep 03 '21 09:09 AlexKorvin

@AlexKorvin hello, i've been seeing this again at random on android 10 since earlier this morning, and still only on brave, not on firefox, so I kinda doubt what other apps on the phone end up using.

I'd be willing to test further if you have any suggestions on a reproducer. But if not, I'm totally fine with enabling private dns in my connection settings until I get access to Android 11 or newer (only speaking for myself of course). I'm well aware of how older distros can be a super PITA :) .

Anyway, thanks for all the good work on the app.

lsm5 avatar Sep 03 '21 14:09 lsm5

Also, if it matters, I have Bypass VPN for local networks enabled on the app and android native kill switch is disabled.

lsm5 avatar Sep 03 '21 14:09 lsm5

Do you use IVPN on multiple user accounts Ism5?

@Ryu945 nope, just 1.

lsm5 avatar Sep 03 '21 14:09 lsm5

Also, if it matters, I have Bypass VPN for local networks enabled on the app and android native kill switch is disabled.

With the setting Bypass VPN for local networks enabled, Run the extended DNS leak test. What happens? https://dnsleaktest.com/

Ryu945 avatar Sep 20 '21 20:09 Ryu945

With the setting Bypass VPN for local networks enabled, Run the extended DNS leak test. What happens? https://dnsleaktest.com/

did you mean disabled? Because I have it enabled already and that's when I was seeing my ISP's DNS, but that too only at times, and it's pretty much impossible for me to find a consistent reproducer. Sometimes it would occur repeatedly, sometimes not at all. So, I've pretty much given up on it and resorted to private DNS until I switch to android 11 or newer.

lsm5 avatar Sep 20 '21 20:09 lsm5

With the setting Bypass VPN for local networks enabled, Run the extended DNS leak test. What happens? https://dnsleaktest.com/

did you mean disabled? Because I have it enabled already and that's when I was seeing my ISP's DNS, but that too only at times, and it's pretty much impossible for me to find a consistent reproducer. Sometimes it would occur repeatedly, sometimes not at all. So, I've pretty much given up on it and resorted to private DNS until I switch to android 11 or newer.

That is why I want you to take that configuration of bypass VPN for local network enabled and android kill switch off that you have setup right now and run that test. I have a suspicion of what is causing the flakiness and I know that test will bypass any flakiness and give you solid results if I am correct. Be sure to run the extended test.

Ryu945 avatar Sep 23 '21 16:09 Ryu945

Issue reported to occur with IVPN App for Android version 2.7.1 on an MIUI 12 device with Android 10. 70+ Google DNS servers are listed in leak test sites, dnsleaktest.com, ipleak.net, browserleaks.com/ip.

  • mock location on
  • Antitracker- hardcore on
  • Always on vpn set for no connection without vpn in android settings
  • IPV6 on
  • Bypass vpn off
  • custom dns off
  • split tunnel off
  • protocol openvpn and wireguard, when openvpn used, its always multihop
  • chrome and firefox, chrome with secure dns off

jordan-ivpn avatar Oct 22 '21 18:10 jordan-ivpn