Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

FR: Allow traffic from ALL apps in Pause mode #1364

Open
iulko opened this issue Apr 12, 2024 · 6 comments
Open

FR: Allow traffic from ALL apps in Pause mode #1364

iulko opened this issue Apr 12, 2024 · 6 comments
Assignees
@ignoramous

Comments

@iulko
Copy link

iulko commented Apr 12, 2024

When I turn off Rethink using Pause in Lockdown mode the apps dont connect to internet
@ignoramous
Copy link
Collaborator

ignoramous commented Apr 12, 2024
edited

Apps that are blocked (wifi or mobile) will continue to be blocked even in pause mode, but if Rethink was also in Lockdown (aka Block connections without VPN turned ON), then other non-blocked apps continued to be routed through the tunnel.

What are these apps you're unable to connect to?

  • Pause Rethink (assuming it is already Lockdown)
  • Open any app that's not blocked and see if it is able to access Internet.
  • Unpause Rethink
  • Go to Network Log and search for entries of the non-blocked app above.
  • Make sure you're looking at recent Network Log entries (which should have been logged in the duration Rethink was in Pause mode).
  • Tap on those entries and in the bottomsheet that comes up, check if the connection was "blocked" or "allowed" or failed to connect (look at the footer of the bottomsheet for final connection status).

@ignoramous ignoramous self-assigned this Apr 12, 2024
@iulko
Copy link
Author

iulko commented Apr 12, 2024
edited

So what pause does in lockdown mode exacly?
I thought the point of pause in both lockdown and non lockdown was to let all traffic go thru.

" // allow when firewall is paused: as a placeholder RULE8(bypass app) is used
return FirewallRuleset.RULE8
"

Thats how I understood it when created #1134

@ignoramous
Copy link
Collaborator

So what pause does in lockdown mode exactly?

Pause has always blocked existing blocked apps (with or without Lockdown).

To allow a blocked app to be able to connect, you'd have to remove those rules (regardless of whether the VPN is Lockdown or not), as Pause won't cut it.

In Pause mode, allowed apps use:

  • System DNS (without any rules applied).
  • Underlying network (wifi/mobile) directly (if Rethink is not Lockdown) or Rethink's tunnel network (if Rethink is Lockdown).
  • Universal (global) & per-app IP/domain rules are skipped.

@iulko
Copy link
Author

iulko commented Apr 12, 2024

So in lockdown it just changed apps from "Allowed" to "Bypass" essentially?

I see, my idea of pause was more broad, well I created #1134 so I can allow all apps for some time for updates etc, I understand what you want to do with Pause now.

But maybe we could have an option/setting (which on/off would be saved) inside pause menu, like a tickbox "Temporary allow all apps" which would also use RULE8 for lockdown but for all apps

@ignoramous
Copy link
Collaborator

So in lockdown it just changed apps from "Allowed" to "Bypass" essentially?

No, Bypass doesn't skip per-app rules, nor does it use System DNS.

But maybe we could have an option/setting (which on/off would be saved) inside pause menu, like a tickbox "Temporary allow all apps" which would also use RULE8 for lockdown but for all apps

I see this setting as a foot-gun. Most apps I block (calculator, flash light, govt apps), I want them to remain blocked; and unblocking them ALL in Pause mode is a foot-gun (just so one other app that's updating something would work). Pausing individual apps is unsupported, and so, the closest you come to that UX is, unblocking said app, getting work done, then blocking it back again. Way better than unblocking all blocked apps, even if temporarily.

I'll think about it some more, but as of today, I am not inclined to allowing ALL apps in Pause mode.

@ignoramous ignoramous changed the title Pause in Lockdown mode connection problem FR: Allow traffic from ALL apps in Pause mode Apr 12, 2024
@iulko
Copy link
Author

iulko commented Apr 12, 2024
edited

So in lockdown it just changed apps from "Allowed" to "Bypass" essentially?

No, Bypass doesn't skip per-app rules, nor does it use System DNS.

Yes, sorry for misunderstaing, thats what I meant, Bypass plus this two things

I see this setting as a foot-gun. Most apps I block (calculator, flash light, govt apps), I want them to remain blocked; and unblocking them ALL in Pause mode is a foot-gun (just so one other app that's updating something would work). Pausing individual apps is unsupported, and so, the closest you come to that UX is, unblocking said app, getting work done, then blocking it back again. Way better than unblocking all blocked apps, even if temporarily.

I'll think about it some more, but as of today, I am not inclined to allowing ALL apps in Pause mode.

I get all your point and I also dont like like turning off blocking all apps when I want to update apps from store or update Android version. But this require multiple unblocks and some of them are gruped apps because they are system apps so than its even more confusing.

Maybe we could find some nice way to do it witchout making something too complicated like profiles for blocking apps. I will try to think of something.

For now all I imagined is "Allow in Pause mode" as an option inside app config, but thats not ideal.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@ignoramous ignoramous

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@ignoramous @iulko