I tried the latest pixel 3 firmware (clear all data) and the latest shadowsocks beta (from play store), still not working.

If other information is needed, I can add it.

Same on my Pixel 3a, but it works on Pixel 1 with the same configuration.

Reproduced on Android 10.

It looks a bug of Android 10, which breaks the assumption that not routing traffic should fall through the underlying network interfere.

Try this APK: https://drive.google.com/open?id=1jYyg8zhu2Ou9sYR76vVvjNQ7bm62aWj1

Try this APK: https://drive.google.com/open?id=1jYyg8zhu2Ou9sYR76vVvjNQ7bm62aWj1

It works fine. Thanks for your work.

Try this APK: https://drive.google.com/open?id=1jYyg8zhu2Ou9sYR76vVvjNQ7bm62aWj1

I can also confirm that this works. Thanks!

I don't understand. I cannot reproduce this on my device or emulator (after reverting e9e5c1c062743016808d97ea00e819deb2742b0d).

@madeye Could you share more details on this? What routing rule was changed in Android 10?

It seems that e9e5c1c doesn't actually fix this. I found that I still can't access FX Web Access (manage files on phone from the web) from other devices in the same LAN. (I can access router admin page though.)

This issue is probably introduced by something in November Android update.

On Pixel 1, even with the final update, security patch level is still 2019-10-06. I have Shadowsocks 4.8.5 (which doesn't contain the fix) installed on the device, and bypass LAN & China works well. I can use FX Web Access without shutting down VPN service or adding FX to bypass list.

On Pixel 3a, I updated to 2019-11-05 security patch just the second day I got the device, I didn't use FX Web Access when it was on October patch. So I'm not sure it is caused by November update, just a guess.

Same as @iKirby , kdeconnect-android doesn't work too.
Can't scan other devices under the same WIFI network. Works fine on older android versions (android 9)

Reopen this for now for future investigation.

@madeye Can you reproduce this now?

Interesting, I cannot reproduce this issue now.

Reproduced on Andoird 10 Emulator
Reproduced on OnePlus6T Android10 BuildVersion: OP6T_H2_BETA_32
Shadowsocks 4.8.5

Just checked again and failed to reproduce this with both versions.

Emulator version: 29.3.0
Emulator build number: sdk_gphone_x86_64-userdebug 10 QSR1.191030.002 5978551 dev-keys QSR1.191030.002 5978551 dev-keys

@madeye I suggest we revert e9e5c1c. No matter where the packet is routed, it should always be bypassed correctly so whatever is wrong with this, it should not relate to this repo.

Sure, let's revert e9e5c1c first.

I think there's some special precondition preventing me reproducing this issue again.

I agree it looks not related to our implementation.

@madeye

2361

@Mygod It looks Google broke something in their recent security patches.

Do you have a device that has the latest security patches?

Tested on Android 9 2019-12 security patches and were not able to reproduce.

I cannot reproduce either on EMUI 10 with 2019-12 security patch.

@madeye @Mygod
Gents,
I have a bit different problem. If the route is Bypass Lan - I can't access reddit.com (connection refused). If route is ALL - I can access reddit.com. Very strange.

Version: 5.0.3 (latest beta)
IPv4 server address
Client IPv4 and IPv6
IPv6 route
Remote DNS: 1.1.1.1
Plugin: v2ray (ws+tls)

  

Same issue. Can't open router webpage in bypass LAN/GFWList mode.

App Version: 5.0.3
Device: OnePlus 7T
OS: Oxygen OS 10.0.7 (Android Q)
Security Patch: 2019-11-01

Same issue in bypass LAN and Mainland China mode.
App Version: 5.0.4
Device: Huawei Honor V20
OS: EMUI 10.0.0.189 (Android Q)
Security Patch: 2019-12-01

Additional:
If IPv6 Route option is OFF, then it seems works fine.
So, I guess this issue is related to IPv6?

Tried turning off IPv6 Route, and I can confirm that it works on Pixel 3a (QQ1A.200205.002).

Interesting, it looks related to new IPv6 routing rules.

@Mygod Any thoughts?

Let me take a look later.

EDIT: Indeed. Interesting.

@madeye Could you try maybe addRoute 2000::/3 instead of ::/0?

Fixed via #2440.

@madeye Can you reproduce this bug now after reverting the patch? I cannot seem to do it...

P.S. There are also some updates over at the issue at Google: https://issuetracker.google.com/issues/149636790

I don't have any Android 10 device now. Maybe it's already fixed?

I couldn't reproduce it on my Android 10 either. Would you be free to test it on the emulator perhaps? 😛

I suggest keep this workaround for now, given it works well...

Sure but the fix suggested by the Google folk might be worth looking into.

I revert the change and tried on the Android 10 emulator:

1. With IPv6 routing enabled, any IPv4 LAN address cannot be reached.
2. Adding allowFamily() to the VPN builder doesn't help. The IPv4 LAN still cannot be reached.

Hmm all of a sudden I can reproduce this on my Android 10 device again. It does seem to be fixed in Android 11?