No reconnect on network change

[marcelmindemann]

To make issues more manageable, I would appreciate it if you fill out the following details as applicable:

General information

1. Android Version: 11
2. Android Vendor/Custom ROM: GrapheneOS, latest build
3. Device: Pixel 4a 5G
4. Version of the app (version number/play store version/self-built): latest F-Droid release (0.7.21)

Description of the issue

OpenVPN for Android -> Settings -> Reconnect on network change is set to True.
When I de-activate my phone's WiFi and switch to LTE connection, there is no automatic reconnection happening. I have to manually click "reconnect". This also happens when moving from LTE to WiFi.

I am hosting my own OpenVPN server in my LAN. Thus, I have a split-horizon DNS setup where vpn.mydomain.com resolves to my external IP when connecting from WAN, and to my server's LAN IP when connected to the LAN. I am only mentioning this because I am unsure if this could be a cause of the issue.

Example log:

2021-03-19 12:07:44 Opening tun interface:
2021-03-19 12:07:44 Local IPv4: 10.8.0.9/24 IPv6: (not set) MTU: 1500
2021-03-19 12:07:44 DNS Server: 10.8.0.1, Domain: null
2021-03-19 12:07:44 Routes: 10.8.0.0/24
2021-03-19 12:07:44 Routes excluded: 10.1.0.28/24
2021-03-19 12:07:44 VpnService routes installed: 10.8.0.0/24
2021-03-19 12:07:44 Disallowed VPN apps:
2021-03-19 12:07:44 MANAGEMENT: CMD 'needok 'OPENTUN' ok'
2021-03-19 12:07:44 Initialization Sequence Completed
2021-03-19 12:07:44 MANAGEMENT: >STATE:1616152064,CONNECTED,SUCCESS,10.8.0.9,10.1.0.15,1194,,
2021-03-19 12:07:44 Debug state info: CONNECTED to WIFI , pause: userPause, shouldbeconnected: true, network: SHOULDBECONNECTED

< at this point, I switch to LTE > 

2021-03-19 12:08:06 write UDP []: Network is unreachable (code=101)
2021-03-19 12:08:06 Network Status: not connected
2021-03-19 12:08:06 Debug state info: not connected, pause: userPause, shouldbeconnected: false, network: PENDINGDISCONNECT
2021-03-19 12:08:06 Network Status: CONNECTED LTE to MOBILE internet
2021-03-19 12:08:06 Debug state info: CONNECTED LTE to MOBILE internet, pause: userPause, shouldbeconnected: true, network: SHOULDBECONNECTED
2021-03-19 12:08:06 MANAGEMENT: CMD 'network-change'

and from here on, nothing happens - my connection is not re-established, so I have no access to the Internet until I manually reconnect.

[schwabe]

yes your split horizon DNS breaks the assumption that the client does not need to reconnect if the server uses peer-id. As the server will automatically detect that this the same client but has changed its IP address.

[marcelmindemann]

Thank you for taking the time to answer, @schwabe. Is there something I can do to force OpenVPN to re-resolve the server IP on network change?

[bar-tolini]

I have a similar problem.

I ended up adding two servers in the config, one with public and one with local address, but it's clumsy. One aways fails and the other one picks up. This also doesn't allow me to point to a local address on my DNS when on LAN.

It would be great to have an option on the client to resolve DNS on reconnect (or connectivity change), as opposed to using the cached value from the initial resolution.

[marcelmindemann]

I settled on the exact same workaround as bar-tolini, but it's really more of a workaround than a solution. The local server is only used as a fallback once the first public IP fails, which takes 30 seconds. On top of that, the app takes a long time to realize that the first server IP is not responding and to issue a reconnect event via the ping-restart option. It can take up to 5 minutes for me sometimes. This means that coming home and connecting to the WiFi leads to 05:30 of no connectivity on the phone at all.

[SingingFrog7]

I have the same issue, but I do not use a split-horizon DNS. My server address always resolve to the same IP address (my external one)

The workaround doesn't work for me as the WAN address still works from with-in my LAN. Why can't the app detect the network change??

[schwabe]

@SingingFrog7 please provide a log. The app normally detects network changes

[SingingFrog7]

@schwabe Thanks for your time.
Looks like it was due to route issues with the "Bypass VPN for local networks" option. When reconnecting (after network change) it doesn't update what it consider as the "local network" so it tries to route my LAN directly when I get disconnected from my LAN, while it should go through the VPN as it's not on the "local network" anymore.

Disabling the option is a workaround for now, but that means all my LAN traffic is going through the VPN (even when home) instead and I guess I won't be able to access the LAN when connected somewhere else.

As the probleme is different, I'll open a different issue

[renaudcerrato]

Same issue here : I'm using OpenVPN on a work profile, and Blokada on the other profile. @schwabe : as an Android developer, I had the same issue using NetworkCallback not reporting network lost and I found the solution here:

https://stackoverflow.com/a/65122254

[schwabe]

I am not actually using that API buther rather

        IntentFilter filter = new IntentFilter();
        filter.addAction(ConnectivityManager.CONNECTIVITY_ACTION);
        filter.addAction(Intent.ACTION_SCREEN_OFF);
        filter.addAction(Intent.ACTION_SCREEN_ON);

[abdaltu]

Samsung Note 20 Ultra, Android 13
same issue here, "Reconnect on network change" has no effect when switching between wifi ssids or to mobile data and back. which effects voip applications when also "Bypass VPN for local networks" is used. passing all traffic all the time over vpn works but it means local traffic unnecessarily goes over the vpn.

It could be that the peer-id mechanism is preventing a tunnel restart because the changed ip address can be easily accommodated by the server. Yet applications like VOIP is effected by the IP change locally because they bypass the vpn for local traffic. An IPCHANGE scripit may be needed to force a tunnel restart with the new ip!

Any workarounds?