Radomír Žemlička

1 week ago

Radomír Žemlička
1 week ago

I have a rather peculiar #Android problem.
- I use personalDNSfilter (zenz-solutions.de/personaldnsf…) to block ads system-wide. It's basically like running a local pi-hole using a local VPN.
- I would also like to use Orbot (#Tor) and run some apps (specifically Nextcloud) that don't natively support proxying through Orbot's VPN.

The problem is, Android won't let me run two VPNs at the same time. And blocking ads without a VPN would require rooting my phone, which I don't want to do. However:
- personalDNSfilter can expose the DNS server on port 5300 without using the VPN (which is useless in itself).
- Orbot can expose its HTTP and SOCKS proxy without using the VPN (which is also useless in itself).

Is there some way to setup a custom VPN that would combine these two things, i.e., let me route some apps through Orbot's proxy and use the local DNS server (provided by personalDNSfilter) at port 5300? I was looking at OpenVPN for Android (github.com/schwabe/ics-openvpn), but I'm honestly really confused. Help please? 😅 Boosts appreciated.

GitHub - schwabe/ics-openvpn: OpenVPN for Android

OpenVPN for Android. Contribute to schwabe/ics-openvpn development by creating an account on GitHub.

^GitHub

Peter Vágner reshared this.

in reply to Radomír Žemlička

Jiří Eischmann

in reply to Radomír Žemlička 1 week ago

I was figuring out a similar problem and in the end I settled on running my own DNS filtering outside the device (AdGuard Home on my server) and setting it as the private DNS in Android. The advantage of this solution is that you can cover all your devices in your household with it. And I still get to run whatever VPN I want on my phone.

in reply to Jiří Eischmann

Radomír Žemlička

in reply to Jiří Eischmann 1 week ago

@sesivany Interseting, I haven't thought about this. So it supports DoT? I looked at Pi-hole and it's problematic there.

@Jiří Eischmann

in reply to Radomír Žemlička

Jiří Eischmann

in reply to Radomír Žemlička 1 week ago

Yes, it does. Standard DNS, DoT and DoH. I use all them them. Standard DNS for our home network, DoT and DoH are open to the Internet and used on mobile devices. Unlike standard DNS no one abuses open DoT and DoH.

in reply to Jiří Eischmann

Alexandre

in reply to Jiří Eischmann 4 hours ago

Hello @Razemix, with #AdGuardHome you can use it inside and outside you LAN.
Here, I set it as DHCP server and it acts as DNS resolver for all the endpoints on my local network. But I also declare each device with an unique identifier and set private DNS on all of them. Profiles for iOS devices can be generated from the #AGH dashboard.
My AGH is serving DoT, DoH and DoQ protocols. This way, strangers cannot use my resolver to poison it.
VPN connection is not required is this setup to use your AGH outside your local network.
You need a domain name, a free certificate (Let’s Encrypt), open two ports (443 & 853 on UDP & TCP) in your router and firewall, write a tiny script to update your DNS record if your WAN IP address is dynamic.
Network ports are: #DoT (853/TCP), #DoQ (853/UDP), #DoH HTTP/2 (443/TCP), DoH HTTP/3 (443/UDP).
All you devices and family ones can use your personal secure DNS.
You can also completely replace standard DNS client on all your computers with #dnsproxy software developed by AGH team. All your devices will use secure DNS.

@sesivany

#DoH #adguardhome #agh #dot #doq #dnsproxy @Jiří Eischmann @Radomír Žemlička

⇧

Radomír Žemlička

Radomír Žemlička 1 week ago • •

GitHub - schwabe/ics-openvpn: OpenVPN for Android

Jiří Eischmann

Radomír Žemlička

Jiří Eischmann

Alexandre

Radomír Žemlička
1 week ago