zaneschepke / wgtunnel Goto Github PK
View Code? Open in Web Editor NEWAn alternative Android client app for WireGuard VPN
Home Page: https://zaneschepke.com/wgtunnel-docs
License: MIT License
An alternative Android client app for WireGuard VPN
Home Page: https://zaneschepke.com/wgtunnel-docs
License: MIT License
Pretty big deal for anyone who uses both wireguard and android auto in their car. I cannot seem to find the application in the list of apps (I guess it's a system app) to exclude from the tunnel , since AA doesn't work at all if there is a VPN tunnel active.
Running on a Samsung s23 ultra on android 13.
I am wondering what "auto tunneling" is supposed to do, when none of the other 2 checkboxes have been enabled, like "tunnel on mobile data"?
For example, when I'm at home and turn off my WiFi (SSID added to trusted SSID list), and turn on the tunnel manually, it gets automatically disabled.
Does the top option have any purpose, without "tunnel on mobile data" ?
I'm just curious. I would expect only 1 toggle.
Not everyone likes or wants to use the Google Play Store, so having an official APK in a third party store or under releases would be nice.
Ways to reproduce:
Set local SSID
Enable auto tunnel
If connected to the local SSID the tunnel will go down, thats correct...
Now open network-settings, turn wifi OFF.
Wifi is off, mobile data is enabled, VPN tunnel stays off...!
You can enable the tunnel manually in the App like normal, but the auto tunnel is not working in this case.
This behaviour is happening on Fairphone 4 with Android 12, latest patch version.
By the way, in the notification area, the app icon is still visible, and it still says "Monitoring network state changes"...
Edit: Will try now, if it needs a little more time. The way I tested, was like only waiting like a minute or so...
Edit2: After 5 minutes of waiting, nothing, I even forced some network-traffic, but nothing...tunnel stays down.
First, thanks for making this, been wanting this from the official Wireguard app for years now. On to the issue.
Expected behavior:
Issue:
Steps that lead to issue:
Unfortunately, I did not witness this happening at the moment, so I am not sure exactly what happened or know exact steps to reproduce.
Special note: I have seen this same behavior with the official Wireguard app + Tasker (actually it is the primary reason I was trying your app out!) and I am wondering if it has to do with my Wi-Fi extender in my house, it creates two new SSIDs (one on 2.4GHz one on 5GHz). As I move through the house my phone will automatically switch between one of the three SSIDs (primary router, extender 2.4g, extender 5g) depending on signal strength. All three SSIDs are entered in the app as trusted SSIDs. I am wondering if there is some gap between switching from one SSID to another where the tunnel starts (because network is very briefly lost) but the new SSID connects so quickly it does not trigger the tunnel to stop again.
Additional note: After this happened, I was not able to disable the tunnel again by switching networks, turning off Wi-Fi on my phone, or by manually disabling auto tunnel and trying to manually turn off the tunnel in the app. I had to force quit the app. I will make another issue for this second problem though.
The official Wireguard app allows you to easily turn on/off a tunnel via a tile in the same area where you toggle WiFi, flashlight etc.
Please consider adding a tile there. It's the only thing I'm missing at the moment.
For example, while connected to wireguard, which is actually connecting to my Homeserver, and only let's DNS requests go through the tunnel, AdGuard Home is filtering ads through DNS blocking.
But sometimes a website doesn't work because an ad or some advertising related tracking is not loading. Especially when purchasing something or booking a service on a small/less known website or when abroad, when a public WiFi network requires registering. In those cases it's handy to temporarily toggle the tile to turn off the tunnel, finish the task and turn it on again.
Issue #34.
Reopening as this is still not fixed on v3.0.3 (verified in app).
Trying to import a tunnel sends me to a screen that shows "Recent" (as recently opened files) with nothing in it.
However, if you press the select button right after reaching that default file browser screen, you can open the left menu.
The left menu contains nothing, unless you install a file browser like cxfilebrowser and then you can see other stuffs like downloads, processes, etc..
Yet, nothing is selectable.
In general, the moment you reach that default import file screen, you have 1 button press to do, after that, you cannot do anything at all.
Its like the arrows buttons do nothing and you are currently not hovering any button, youre stuck, with nothing else to do.
FireTv Stick 4K Max from friend.
He has the last edition.
First off, fantastic app. I have been using it for a while on multiple devices and it works great. With the new "battery saver" option enabled it barely uses any battery while being more reliable than other solutions I have tried (such as my Tasker based solution, which was great but did not work reliably when the screen was off on the device).
For my use case it would be great if there was more flexibility regarding setting which tunnels are enabled for different SSIDs / mobile data connections. I have three "levels" of networks: (1) local network; (2) trusted networks; and (3) everything else. For the "local network", this would be a "trusted SSID" in your app where no VPN tunnel is enabled because the resources I need to access are local. For the "trusted networks", I enable a split tunnel so I can access the resources I need (including a DNS server) but the remainder of the traffic flows outside of the tunnel because the network is trusted (and I happen to use this tunnel for mobile data as well). For "everything else", I enable a full tunnel so all traffic is protected (for example, when connected to public wifi or any other SSID that I have not tagged as being "trusted").
In my experience the type of setup that I have is fairly common, and it would be fantastic if your app could handle such a setup. There are a number of ways that I believe you could enable this feature from an interface perspective, and I wonder if some inspiration could be taken from the iOS version of the WireGuard app where it looks like to can specify certain tunnels that are enabled for "only these SSIDs" or "except these SSIDs". In Tasker I have achieved this setup by creating Variables for "No VPN SSIDs", "Trusted SSIDs" (which includes mobile data) and set up Profiles that turn on the tunnels as appropriate, including defaulting to the full tunnel if the SSID does not match any of the Variables). However, I believe you could achieve something more flexible for all users with an approach similar to the iOS WireGuard app if there was also the concept of a "default" tunnel (the full tunnel in my case).
I hope I have described the feature request in a way that makes sense, but please let me know if you have any questions. I realize that it would add complexity to your app, but I also believe it would open up many new use cases that could be beneficial for a lot of users.
Can you make it so you can see Tx, Rx, and last handshake time? I use this with the default wg app to test tunnels.
Great app for the AndroidTV! The main functionality with split tunneling works great. The only issue I am having is when pressing the up and down buttons on my Chromecast with GoogleTV remote on the Home (Tunnel listing) screen. No matter how many times I press up the selection jumps to the last tunnel listing. I have about 5 tunnels added in and can only turn on the last one.
The biggest problem with the official app imo is that it won't re-resolve the endpoint unless you turn the tunnel off and back on.
This means that if your endpoint's ip changes while the tunnel is active, you're stuck with no connectivity and you don't even know it.
There's no non-root solutions to this problem currently afaik.
Part of the problem is the fact that while the tunnel is active, your dns comes from the tunnel too. So if the endpoint switches ip, you can't even re-resolve because you lose access to the dns server.
Not sure how much agency you have on android with this app. In a typical linux installation you periodically re-resolve every 5mins or so via 1.1.1.1 or something outside the tunnel, compare to cached resolution and if different restart the tunnel. I'm sure you know of these workarounds already.
If you could implement something similar in this app, it would be fantastic.
I get the error "You don't have an app that can do this" when trying to import a tunnel from files. I have the FX file manager installed and it works when importing files into other apps (just checked with the OpenVPN app before putting in this ticket). I was using this method before but I think it might have broke with a recent WG Tunnel update.
I have an Android TV box running Android 9. While the current app supports Android 10+ and runs beautiful on my phone, it would be nice to have support for Android 9 too. Thanks!
I'd like to be able to look at and change settings without needing to allow location. Pressing no thanks just brings me back to Tunnels.
Official app has this functionality and it allows for better performance with lower battery drain. I believe the documentation is available in the android wire guard docs.
Add feature to be able to control turning on and off tunnels via intents.
As the title says, WiFi networks with commas in their SSID cannot be added to the trusted network list as they will instead be interpreted as separate networks
First of all, thanks you for develop this alternative app. Based on user experience, there are multiple applications that include or exclude tunneling. If we can search filter or show only installed app that a good feature than scrolling. Thanks
Possibly related to #11
Issue: Tunnel was active with auto tunnel enabled. Switching networks was not turning off the tunnel, so I disabled auto tunnel and tried to manually turn off the tunnel. Pressing the toggle button on the tunnels page did not turn the tunnel off (the toggle button had no visual response when tapping it, and the VPN key icon was still present in notifications area).
I was able to eventually disable the tunnel by force quitting the app.
I have not since been able to reproduce the issue.
Official WG client exports tunnels in a zip file. WG Tunnel could import this zip and make transfer just a tad easier.
I have tested this behavior on three different devices. If I click on "add Tunnel from QR-Code", a error message stating "invalid QR-Code" appears even though the camera has not yet been started.
Nice app!
Would it be possible to add Android intents to allow for zero-touch configuration, such as with Tasker or an MDM? For example, tailscale/tailscale#3547
Alternatively, have it check for a *.conf file on the device at a specific location to automatically configure the WG tunnel and tunnel all applications
Allow user to include or exclude specific phone applications that they want to be tunneled through VPN
Version 3.0.2 crashes when opening.
Version 3.0.0 does not crash when opening (From F-Droid's Repo)
I tried the Google Play version which is 3.0.3 and it works fine without issue. I'd rather stick with F-Droid. :)
I'm using the Neo Store as my preferred F-Droid app and it doesn't show the latest 3.0.3 for F-Droid so I'm not sure if it's been pushed through or not.
Using Samsung Galaxy A13 5G variant on AT&T if this helps any.
Hello, how about this useful features?
It would be great to implement a kill switch that prevents any network activity if the VPN is disabled if both Turn on mobile data
and Tunnel all applications
are enabled and the VPN is set to always-on
I'm not sure if this is related to #37:
After updating from 3.0.0 to 3.0.2 or 3.0.3 WGTunnel crashes right after starting the app. The home screen flashes.
Phone is OnePlus Nord 5G N10, Android 11.
Trier to clear app data.
Here's the log:
10-06 14:05:07.649 18407 28649 E AndroidRuntime: FATAL EXCEPTION: DefaultDispatcher-worker-1
10-06 14:05:07.649 18407 28649 E AndroidRuntime: Process: com.zaneschepke.wireguardautotunnel, PID: 18407
10-06 14:05:07.649 18407 28649 E AndroidRuntime: java.lang.IllegalStateException: Room cannot verify the data integrity. Looks like you've changed schema but forgo
t to update the version number. You can simply fix this by increasing the version number. Expected identity hash: ba86153e6fb0b823197b987239b03e64, found: 8aebda3e
5fb876f17654b7080d2356e0
10-06 14:05:07.649 18407 28649 E AndroidRuntime: at k3.d0.e(Unknown Source:101)
10-06 14:05:07.649 18407 28649 E AndroidRuntime: at o3.e.onOpen(Unknown Source:15)
10-06 14:05:07.649 18407 28649 E AndroidRuntime: at android.database.sqlite.SQLiteOpenHelper.getDatabaseLocked(SQLiteOpenHelper.java:427)
10-06 14:05:07.649 18407 28649 E AndroidRuntime: at android.database.sqlite.SQLiteOpenHelper.getWritableDatabase(SQLiteOpenHelper.java:316)
10-06 14:05:07.649 18407 28649 E AndroidRuntime: at o3.e.c(Unknown Source:4)
10-06 14:05:07.649 18407 28649 E AndroidRuntime: at o3.e.f(Unknown Source:63)
10-06 14:05:07.649 18407 28649 E AndroidRuntime: at o3.e.a(Unknown Source:23)
10-06 14:05:07.649 18407 28649 E AndroidRuntime: at o3.f.v(Unknown Source:9)
10-06 14:05:07.649 18407 28649 E AndroidRuntime: at k3.c0.j(Unknown Source:12)
10-06 14:05:07.649 18407 28649 E AndroidRuntime: at k2.d.F0(Unknown Source:11)
10-06 14:05:07.649 18407 28649 E AndroidRuntime: at d5.c.a(Unknown Source:31)
10-06 14:05:07.649 18407 28649 E AndroidRuntime: at d5.c.call(Unknown Source:116)
10-06 14:05:07.649 18407 28649 E AndroidRuntime: at k3.b.l(Unknown Source:84)
10-06 14:05:07.649 18407 28649 E AndroidRuntime: at i6.a.p(Unknown Source:8)
10-06 14:05:07.649 18407 28649 E AndroidRuntime: at x6.e0.run(Unknown Source:114)
10-06 14:05:07.649 18407 28649 E AndroidRuntime: at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1167)
10-06 14:05:07.649 18407 28649 E AndroidRuntime: at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:641)
10-06 14:05:07.649 18407 28649 E AndroidRuntime: at java.lang.Thread.run(Thread.java:923)
10-06 14:05:07.649 18407 28649 E AndroidRuntime: Suppressed: c7.g: [k1{Cancelling}@148b055, Dispatchers.IO]
Apps like Shortcut Maker and Macrodroid are unable to integrate with the app's dynamic app shortcuts as they were intended.
Would it be possible to speed up the animation speed when changing screens and add a black theme for OLED screens?
The app uses about 30-40% of my battery in the background. I can see this happening on three different phones.
The app runs on the default optimized battery mode.
Is there something that can be done or is it not fixable?
Any chance to add the function to import a configuration file by scanning a qr-code?
Currently, experiencing this issue on my Pixel 4a running latest patch of Android 13 despite everything working fine on my Pixel 7 which is on the same version. I am not sure how wide the impact is to other devices but I have opened a bug with Google to investigate.
The app is downloaded from the Google play.
2 sites are configured.
If apps are not tunneled its working.
When apps are included the VPN can't be established (4 apps selected).
The official app is working with the same config and the selected apps are tunneled.
When I remove included app (all apps tunneled) its working.
Tried with import from zip file and manually entered configuration and a reboot.
config:
A trusted SSID is added.
Tunnel on mobile data.
Tunnel on ethernet.
Tried with the default config (nothing selected) still not working.
"Enable auto-tunneling" setting can't be switched on despite high accuracy android setting: "precise location required".
Xiaomi MI6
Android 9
I tried this from F-Droid but coud not establish a tunnel. Just "Attempting connection".
Problem is: I do not see an error - please add some. Also not clear where log is.
Also, in the notification, after "VPN Connection Failed" in addition to "Restart Tunnel", maybe add "See Log".
Note: Wireguard Android client has log with error messages.
WG did not ask for superuser permisison? Does it need it?
Note: Wireguard Android client asks for superuser premission.
1-4 would really be great if this can be done. That way you distinguish yourself from the official app which is only an on/off button.
Hi, i've found this app really clean and ahead of the official Android Wireguard client, mainly as it allows to include and exclude apps at will without continuosly having to enable and disable the tunnel for that one problematic app.
Among my devices there are some who are a bit old but would benefit from this implementation a lot.
To be sure I've tested the build of the app down to API 21, allowing Android 5.0 - 8.0 devices to be included, and found no problems.
While the test was, for the 5.0 device, conducted on an emulator, the 8.0 was my daily driver and it seems to work fine.
So, can we lower the barrier a bit and set the minimum SDK requirement to API 26 or less?
I found your app on my FireTV and it looked like a great workaround to connect to my home network.
Unfortanetly, trying to open a config file opens a file explorer where nothing can be selected and no files are shown. I think this is not an issue by your app, but you could add a feature to add the parameter of the wireguard connection by yourself instead of the config file.
After the automatic switch from mobile data to the trusted wifi (auto tunneling on) , the vpn is disabled as expected.
But even if the vpn is off, there is still a active wireguard Negotiation between the android device and the router. Therefore the router thinks the client is still connected via vpn even though the switch in the app is off.
With the official wireguard app, this problem is not existient. After switching the button to off (in the official app), the connection and Negotiation both are disconnected.
My device is a Pixel 5 with Android 13.
Would it be possible to add the ability to set a PIN code or password that prevents settings from being changed unless entered? I.e. read-only view with admin edit rights
Hello.
First of all, thanks a lot for your great app. Clearly the AndroidTV flavor of Wireguard is lacking some needed functionalities.
I know that like in Wireguard original app (worst case scenario by manually editing tbe .conf file before importing), it is possible to define specific apps to which a specific tunnel is applicable or not.
Still then, this implies one of two things:
Having that into consideration, I wonder if it would be a possibility to have the tunnel activated/deactivated every time the specified apps are opened/closed.
I know this can eventually be done using adb, but I wonder if implementing such a functionality would be feasible within the service and if you could consider implementing it.
Thanks in advance.
When I try to switch from "tunnel all apps" to "include", then select Netflix, then hit Save, I get the following error:
Error: unknown error occured
Also, the save button is always coloured, as if it has the focus.
When I actually move to the save button, it becomes grey. When I select it to save changes, I get the error above.
This makes it impossible to actually switch from All to include/exclude.
Opening a different issue for this mostly to inform other users since this can be sketchy to detect
When you have both wifi and mobile data on (I think the standard configuration as of today) but you live or are in a zone where there is a wifi with captive portal or that does not provide internet access and is a trusted ssid the auto-tunneling breaks
(I wrote captive portal but may be any reason why wifi doesnt provide internet access)
This happens because the android os knows that the wifi doesnt provide internet access hence uses mobile data but the app checks only if you are, in general, connected to a trusted ssid
the logic in order to fix this should be something like:
from the screenshot is possible to see the wifi that states "No internet connection avialable", the mobile data ON in the notification panel and the vpn tunnel wrongly off (since yes i am also connected to a trusted ssid but actually I am on mobile data)
My main goal is to inform since I did not manage to understand why was not working until i went to check into wifi settings
To be fair I do not know if through android api this kind of control would be possible but forgetting the wifi network may be an option such as considering if to add that network as a trusted one with this issue in mind
Long press the tile: open WG Tunnel app (now it opens its App Info)
In the app itself, when a tunnel is active and I toggle another tunnel, simply switch tunnels (deactivate one and enable the other). Currently, I need to toggle to disable the active tunnel before toggling the other tunnel. Small improvement.
I still find Settings slightly confusing for a first time user. Because you need to set 2 things (wifi SSID and tunnel) before the first toggle is usable. But then you also need that second toggle, so perhaps enable that automatically when the first one is enabled? Honestly I also don't know how to improve this screen much further. I love the functionality though 😁
That's all!
Some months ago I was following a discussion about the Android Dynamic Shortcuts integration into the official Wireguard android app
WireGuard/wireguard-android#55
WireGuard/wireguard-android#48
I think it would be a great feature since beyond the customization, these would also give for free the "trusted wifi" feature that even if works good to me (I am doing some futher testing on my phone about #15) some phones may just work better with the dyn shortcuts approach or some users would just prefer this or may have less battery impact.. in this way users would still get the extended features & support of this app compared to the official one
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.