How 2 Turn Android Device Into VPN kill Switch w/ DNS Leak Prevention 4 Any O.S.

nate · #1 09-25-2017

Regarding VPN kill switch...

I have a theory that I have to finish fully testing. I believe any Android Cell Phone or Android device that supports tethering or hotspot can be turned into a VPN Router that will work on any operating system as a VPN Kill Switch and push all DNS traffic, IPv4 and IPv6 through the VPN tunnel, preventing any DNS or IP leak for SoftEther/OpenVPN VPN's.

I am NOT claiming this is going to be better than the methods we have now. What I'm claiming is this will work on every OS. Every version of Linux, Windows, Mac, and ChromeOS. Possibly even Windows 10 with Smart Multi-Homed Name Resolution.

There is an app for Android called "OpenVPN for Android". The OpenVPN for Android app has the option to properly route all IPv4 and IPv6 DNS traffic over the VPN.

The OpenVPN for Android app can also be setup to work as a kill switch. The app will automatically attempt to reconnect to your VPN in the event of a VPN dropout while not allowing any traffic to pass through the connection until it reconnects.

This will work by just installing, setting up the app, changing a couple options, and tethering if used with Cellular Data connected to the VPN. Unless your phone allows you to tether while on WiFi.

I plan on rooting a old Android phone and using the WiFi Tether Router app which will allow phones to connect to WiFi and Tether at the same time that normally wouldn't be able to.

I only completed testing on a Raspberry Pi & NVidia Shield using WiFi and on my Galaxy S6 edge + with Cellular Data Connection while tethered. It works perfectly so far.

This App runs on underlying Unix/Linux which is why it only works with Android and is able to accomplish this through setting rules with iptables.

nate · #2 09-25-2017

You can switch between VPN connections with this interface.

Click Edit:

The OpenVPN for Android app has the option to properly route all IPV4 and IPv6 traffic over the VPN. To ensure this is enabled:

Go to the specific server connection settings, then navigate to Routing

Make sure both IPv4 and IPv6 boxes are checked. This will route all DNS traffic over the VPN connection.

The OpenVPN for Android app can also be setup to work as a kill switch. The app will automatically attempt to reconnect to your VPN in the event of a VPN dropout and stop any traffic through the connection until the VPN is reconnected. (this was made because this would occur whenever you moved between WiFi routers, or WiFi and a mobile connection!).

To configure the app as a kill switch, edit the specific VPN connection, and navigate to “Advanced”.

Check “Persistent Tun” and set “Connection retries” to Unlimited. You now have an OpenVPN kill switch for Android

Then tether... best case scenario is if your cell allows to tether and connect to WiFi at the same time.

If your device will not allow this I will post instructions on a work around by rooting the phone and using WiFi Tether Router app but the Android devices SE for Android Status can not be in Enforcing mode or I don't think rooting will work to enable hotspot & WiFi.

To check: Settings > More > About Device > SE for Android Status

Your best bet is to use a old cheap Android phone without Knox.

nate · #3 09-26-2017

I WAS WRONG... MY THEORY COLLAPSED ON ITSELF...

The OpenVPN API they used for this app will not push the VPN connection through tethering by USB or Bluetooth on any android version. I'm sure it can be accomplished but its pointless because it would be more complicated to do than better methods. I thought this would be a easy way for anyone to set up a kill switch on any OS with zero tech skills what so ever. I WAS WRONG...

I tried everything.

The WiFi Tether Router app, even though it has a option for keeping a WiFi connection active through root wont push a WiFi connection through a hotspot.

Scratch this idea. None of it worked.