ics-openvpn icon indicating copy to clipboard operation
ics-openvpn copied to clipboard
verified publisher icon schwabe

No reconnect on network change

Open marcelmindemann opened this issue 4 years ago • 12 comments

To make issues more manageable, I would appreciate it if you fill out the following details as applicable:

General information

  1. Android Version: 11
  2. Android Vendor/Custom ROM: GrapheneOS, latest build
  3. Device: Pixel 4a 5G
  4. Version of the app (version number/play store version/self-built): latest F-Droid release (0.7.21)

Description of the issue

OpenVPN for Android -> Settings -> Reconnect on network change is set to True. When I de-activate my phone's WiFi and switch to LTE connection, there is no automatic reconnection happening. I have to manually click "reconnect". This also happens when moving from LTE to WiFi.

I am hosting my own OpenVPN server in my LAN. Thus, I have a split-horizon DNS setup where vpn.mydomain.com resolves to my external IP when connecting from WAN, and to my server's LAN IP when connected to the LAN. I am only mentioning this because I am unsure if this could be a cause of the issue.

Example log:

2021-03-19 12:07:44 Opening tun interface:
2021-03-19 12:07:44 Local IPv4: 10.8.0.9/24 IPv6: (not set) MTU: 1500
2021-03-19 12:07:44 DNS Server: 10.8.0.1, Domain: null
2021-03-19 12:07:44 Routes: 10.8.0.0/24
2021-03-19 12:07:44 Routes excluded: 10.1.0.28/24
2021-03-19 12:07:44 VpnService routes installed: 10.8.0.0/24
2021-03-19 12:07:44 Disallowed VPN apps:
2021-03-19 12:07:44 MANAGEMENT: CMD 'needok 'OPENTUN' ok'
2021-03-19 12:07:44 Initialization Sequence Completed
2021-03-19 12:07:44 MANAGEMENT: >STATE:1616152064,CONNECTED,SUCCESS,10.8.0.9,10.1.0.15,1194,,
2021-03-19 12:07:44 Debug state info: CONNECTED to WIFI , pause: userPause, shouldbeconnected: true, network: SHOULDBECONNECTED

< at this point, I switch to LTE > 

2021-03-19 12:08:06 write UDP []: Network is unreachable (code=101)
2021-03-19 12:08:06 Network Status: not connected
2021-03-19 12:08:06 Debug state info: not connected, pause: userPause, shouldbeconnected: false, network: PENDINGDISCONNECT
2021-03-19 12:08:06 Network Status: CONNECTED LTE to MOBILE internet
2021-03-19 12:08:06 Debug state info: CONNECTED LTE to MOBILE internet, pause: userPause, shouldbeconnected: true, network: SHOULDBECONNECTED
2021-03-19 12:08:06 MANAGEMENT: CMD 'network-change'

and from here on, nothing happens - my connection is not re-established, so I have no access to the Internet until I manually reconnect.

marcelmindemann avatar Mar 19 '21 11:03 marcelmindemann

yes your split horizon DNS breaks the assumption that the client does not need to reconnect if the server uses peer-id. As the server will automatically detect that this the same client but has changed its IP address.

schwabe avatar Mar 19 '21 11:03 schwabe

Thank you for taking the time to answer, @schwabe. Is there something I can do to force OpenVPN to re-resolve the server IP on network change?

marcelmindemann avatar Mar 19 '21 14:03 marcelmindemann

I have a similar problem.

I ended up adding two servers in the config, one with public and one with local address, but it's clumsy. One aways fails and the other one picks up. This also doesn't allow me to point to a local address on my DNS when on LAN.

It would be great to have an option on the client to resolve DNS on reconnect (or connectivity change), as opposed to using the cached value from the initial resolution.

bar-tolini avatar Apr 02 '21 07:04 bar-tolini

I settled on the exact same workaround as bar-tolini, but it's really more of a workaround than a solution. The local server is only used as a fallback once the first public IP fails, which takes 30 seconds. On top of that, the app takes a long time to realize that the first server IP is not responding and to issue a reconnect event via the ping-restart option. It can take up to 5 minutes for me sometimes. This means that coming home and connecting to the WiFi leads to 05:30 of no connectivity on the phone at all.

marcelmindemann avatar Apr 09 '21 11:04 marcelmindemann

I have the same issue, but I do not use a split-horizon DNS. My server address always resolve to the same IP address (my external one)

The workaround doesn't work for me as the WAN address still works from with-in my LAN. Why can't the app detect the network change??

SingingFrog7 avatar Aug 14 '21 21:08 SingingFrog7

@SingingFrog7 please provide a log. The app normally detects network changes

schwabe avatar Aug 14 '21 22:08 schwabe

@schwabe Thanks for your time. Looks like it was due to route issues with the "Bypass VPN for local networks" option. When reconnecting (after network change) it doesn't update what it consider as the "local network" so it tries to route my LAN directly when I get disconnected from my LAN, while it should go through the VPN as it's not on the "local network" anymore.

Disabling the option is a workaround for now, but that means all my LAN traffic is going through the VPN (even when home) instead and I guess I won't be able to access the LAN when connected somewhere else.

As the probleme is different, I'll open a different issue

SingingFrog7 avatar Aug 14 '21 23:08 SingingFrog7

Same issue here : I'm using OpenVPN on a work profile, and Blokada on the other profile. @schwabe : as an Android developer, I had the same issue using NetworkCallback not reporting network lost and I found the solution here:

https://stackoverflow.com/a/65122254

renaudcerrato avatar Dec 28 '22 13:12 renaudcerrato

I am not actually using that API buther rather

        IntentFilter filter = new IntentFilter();
        filter.addAction(ConnectivityManager.CONNECTIVITY_ACTION);
        filter.addAction(Intent.ACTION_SCREEN_OFF);
        filter.addAction(Intent.ACTION_SCREEN_ON);

schwabe avatar Dec 28 '22 23:12 schwabe