Jump to content
Not connected, Your IP: 54.242.22.247
cdysthe

Persistent tunnel on Android causing problems.

Recommended Posts

Hi,

 

After I started to run the Eddie for Android I noticed that I was not getting any messages or calls in Signal Messenger. I also had problems with some apps on my Android Wear watch like weather that wouldn't update. As soon as I closed the VPN connection I got a stream of Signal messages and notifications and the weather app on my watch worked again. This makes it totally impractical for me to use the Eddie for Android if that setting is enabled. So I decided to disable it and get a serious warning that security was compromised. I have used the OpenVPN Connect app with AirVPN for a while without such problems. Maybe that client doesn't have the Persistent Tunnel settings? Anyway, if it turns out I have to have Persistent Tunnel set I just can't use Eddie for Android since apps and services I use all day just doesn't work. 

 

There should be a warning that the Persistent Tunnel setting may cause apps and services to not work on the phone. I now run without it and feel compromised but do not know whether I'm more compromised than I was using the OpenVPN Connect client or other VPN services on Android.

 

Could someone who knows more about these things than I do please clarify and explain the thinking behind the setting and the warning when it's being disabled. 

 

//C

Share this post


Link to post

Hello!

 

I assume you mean the Eddie lock feature. Staff somewhat answered that here.

 

We consider it as a very friendly feature, since it's the only effective way to prevent leaks, which in mobility can be frequent. Anyway this option can be disabled in Eddie 2.1, for those who don't care about traffic leaks outside the VPN tunnel, even permanent leaks, due to their low threat model for example.

 

I'd recommend looking through the above link, as Staff posted further helpful replies.


Moderators do not speak on behalf of AirVPN. Only the Official Staff account does. Please also do not run Tor Exit Servers behind AirVPN, thank you.
Did you make a guide or how-to for something? Then contact me to get it listed in my new user guide's Guides Section, so that the community can find it more easily.

Share this post


Link to post

I'm not sure whether the Eddie lock feature is the same as Persistent Tunnel, but I do assume "persistent tunnel" means that all apps have to go through the VPN with all their connections. I tried to set Application filter type to "Whitelist" and add Signal Messenger to the whitelist, but no go which is kinda odd. Shouldn't a white listed app work as if there's no running VPN?

 

It also seems like the whitelisting feature doesn't work over time. I have tried to whitelist a couple of apps but after a while I do not get notifications nor updated content. If the whitelisting had worked that would have solved the problem for me.

 

Anywho, for now I just keep Persistent Tunnel unchecked, and it's not because I do not care about leaks and privacy it's since i can't miss notifications and messages while the VPN is up which it is most of my time on the phone. If all apps worked with Persistent Tunnel, or could be effectively white listed I would be all in.

Share this post


Link to post

I tried to set Application filter type to "Whitelist" and add Signal Messenger to the whitelist, but no go which is kinda odd. Shouldn't a white listed app work as if there's no running VPN?

 

Hello!

 

If you define an applications white list, all and only the apps in the white list will have their traffic tunneled. All the other apps will have their traffic NOT tunneled.

 

If you define an applications black list, the apps in the black list will have their traffic NOT tunneled, while all the other apps will have their traffic tunneled.

 

Kind regards

Share this post


Link to post

 

 

Hello!

 

If you define an applications white list, all and only the apps in the white list will have their traffic tunneled. All the other apps will have their traffic NOT tunneled.

 

If you define an applications black list, the apps in the black list will have their traffic NOT tunneled, while all the other apps will have their traffic tunneled.

Kind regards

 

Thanks! I did figure the blacklist/whitelist functionality out, and checked that Signal was being ignored when I opened the VPN connection . So it works when I start the VPN, but after some time Signal stops receiving and sending. As soon as I disconnect the VPN I get a deluge of messages and notifications. If the whitelist/blacklist could be made to work consistently this would be the solution. Too bad it's Signal not working because it's one of those I have to have working at all times. The Eddie app is otherwise nearly perfect. 

 

I am now trying with the OpenVPN Connect to see if I have the same issue, but it doesn't seem like I do.

Share this post


Link to post

 

 

Hello!

 

If you define an applications white list, all and only the apps in the white list will have their traffic tunneled. All the other apps will have their traffic NOT tunneled.

 

If you define an applications black list, the apps in the black list will have their traffic NOT tunneled, while all the other apps will have their traffic tunneled.

Kind regards

 

Thanks! I did figure the blacklist/whitelist functionality out, and checked that Signal was being ignored when I opened the VPN connection . So it works when I start the VPN, but after some time Signal stops receiving and sending. As soon as I disconnect the VPN I get a deluge of messages and notifications. If the whitelist/blacklist could be made to work consistently this would be the solution. Too bad it's Signal not working because it's one of those I have to have working at all times. The Eddie app is otherwise nearly perfect. 

 

Hello!

 

Understood: you would need that black listed applications are not involved by any lock so that they keep any network functionality regardless any problem with the VPN. It's quite challenging at a first glance! We will think about it.

 

 

I am now trying with the OpenVPN Connect to see if I have the same issue, but it doesn't seem like I do.

 

You should not have it because ovpn-connect does not feature a lock like Eddie does. You will be able to mimic this behavior in Eddie 2.1 by disabling the lock, however the big challenge is allowing traffic to black listed apps even when the lock feature is on...

 

Kind regards

Share this post


Link to post

Understood: you would need that black listed applications are not involved by any lock so that they keep any network functionality regardless any problem with the VPN. It's quite challenging at a first glance! We will think about it.

 

What is weird is that Signal works for a while as blacklisted and then it looks like the the black list is "forgotten" by Eddie.  Any idea why that happens? 

 

 

I am now trying with the OpenVPN Connect to see if I have the same issue, but it doesn't seem like I do.

 

You should not have it because ovpn-connect does not feature a lock like Eddie does. You will be able to mimic this behavior in Eddie 2.1 by disabling the lock, however the big challenge is allowing traffic to black listed apps even when the lock feature is on...

 

Kind regards

 

Understood. I have tried to run Eddie without the persistent tunnel and so many apps, even my speed test app, is able to connect outside the VPN. Not really an option. I really hope this issue will be fixed at some point since I would really like to be able to "set and forget" Eddie on Android having VPN active at all times. 

 

Still Eddie is the best VPN app I have ever used on Android!

Share this post


Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
  • Security Check
    Play CAPTCHA Audio
    Refresh Image

×
×
  • Create New...