probe icon indicating copy to clipboard operation
probe copied to clipboard

Published 20 hours ago verified publisher icon ooni

mobile: problems with VPN check in android version

Open RYNEQ opened this issue 2 years ago • 4 comments

The active VPN check in android version of OONI causes problems for background and inter-network tests
Android supports per-application VPN which allows to only put some applications behind VPN
Nonetheless it seems OONI only checks existence of an active VPN connection which leads to warnings and disables background tests even when OONI is not behind VPN itself.
People under heavy censorship like Iranians need the VPN connection most of the time, and one may want to test another network using probe through a VPN connection (an university's network remotely and ... )

Although it seems https://github.com/ooni/probe-android/pull/506 fixes this issue by disabling VPN check entirely, it would be a good idea to keep the VPN check and have a technique to detect if OONI is behind VPN itself or not

If OONI can find its own default gateway interface and check interface type (the tun device indicates VPN) it can be sure if VPN connection affects it or not (and this can also fix https://github.com/ooni/probe/issues/2039 ), so it can keep the VPN check setting while it's able to work if VPN doesn't affect tests, also a per-test advance setting dialog can be useful to force only some tests pass run through VPN while we still have the vpn check setting

OONI Probe Version: 3.6.1.

RYNEQ avatar Jun 18 '22 03:06 RYNEQ

Nonetheless it seems OONI only checks existence of an active VPN connection which leads to warnings and disables background tests even when OONI is not behind VPN itself.

With @aanorbel, we are setting up a testing scenario where there's a device with Netguard and OONI Probe is in the allow list. Because Netguard is a VPN, this should also be a good test for the original problem. We are going to let the device run and record problems with running background tests when a VPN is enabled.

bassosimone avatar Jun 24 '22 14:06 bassosimone

@aanorbel I have done some research and it seems we should probably also test these VPNs:

  1. orbot
  2. shadowsocks
  3. openvpn

So, after we have finished testing with Netguard maybe we can also try some of them.

bassosimone avatar Jun 25 '22 08:06 bassosimone

@RYNEQ , After properly looking into the issue, I found out OONI Probe only detects connections are over VPN if all apps in the device are tunelled over VPN or if Probe Mobile is in VPN mode on the device.

If OONI Probe detects the app is behind a VPN connection, automated tests will not run .

aanorbel avatar Jul 18 '22 07:07 aanorbel

This was verified using

aanorbel avatar Jul 18 '22 07:07 aanorbel

Proper detection of VPN is done and for now, there is no additional task related to this issue that is to be handled. @RYNEQ, would you like to give your input if this issue has been completely resolved or if there is something lacking from your perspective?

aanorbel avatar Apr 11 '23 12:04 aanorbel