Our great sponsors
-
rethink-app
DNS over HTTPS / DNS over Tor / DNSCrypt client, WireGuard proxifier, firewall, and connection tracker for Android.
-
-
InfluxDB
Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.
-
-
tracker-control-android
Discontinued TrackerControl: monitor and control trackers and ads. [Moved to: https://github.com/TrackerControl/tracker-control-android] (by OxfordHCC)
-
WorkOS
The modern identity platform for B2B SaaS. The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning.
Can't use another VPN app along with it (an Android limitation). CalyxOS (an AOSP ROM) plans to add support for multiple active VPNs [0] and may be other ROMs will too.
The app can forward TCP over SOCKS5 to other apps on the device that support SOCKS5 (apps like Orbot).
That said, since half our code-base is in Golang, we plan to embed wireguard-go once we figure how to do so [1].
[0] https://gitlab.com/CalyxOS/calyxos/-/issues/349
[1] https://github.com/celzero/rethink-app/issues/52
Blockada is also a similar app (local vpn that filters by dns)
https://blokada.org/
developer here
I'd imagine the app should work over IPv6-only networks thanks to 464xlat. I may be wrong, because I've never tested it on a IPv6-only network.
The reason for IPv6 is two fold:
1. Firewall today simply stores classless IP address rules as strings in a sqlite table fronted by a lfu cache backed by a typical hash-map. With IPv6, I'd imagine, this won't scale. So, we need a more economical in-memory data-structure (like a crit-bit trie [0] or art tree).
2. Apparently LwIP has problems with HappyEyeballs (I personally never saw it, but got a couple of reports from users about it that it was an unrecoverable error once the connectivity was lost, and the firewall had to be restarted). We're in the process of replacing LwIP with gvisor/netstack now [2], just to get IPv6 support back on track.
[0] https://github.com/agl/critbit
[1] http://www.hariguchi.org/art/art.pdf
[2] https://github.com/celzero/firestack/issues/3
developer here
I'd imagine the app should work over IPv6-only networks thanks to 464xlat. I may be wrong, because I've never tested it on a IPv6-only network.
The reason for IPv6 is two fold:
1. Firewall today simply stores classless IP address rules as strings in a sqlite table fronted by a lfu cache backed by a typical hash-map. With IPv6, I'd imagine, this won't scale. So, we need a more economical in-memory data-structure (like a crit-bit trie [0] or art tree).
2. Apparently LwIP has problems with HappyEyeballs (I personally never saw it, but got a couple of reports from users about it that it was an unrecoverable error once the connectivity was lost, and the firewall had to be restarted). We're in the process of replacing LwIP with gvisor/netstack now [2], just to get IPv6 support back on track.
[0] https://github.com/agl/critbit
[1] http://www.hariguchi.org/art/art.pdf
[2] https://github.com/celzero/firestack/issues/3
Can't use another VPN app along with it (an Android limitation). CalyxOS (an AOSP ROM) plans to add support for multiple active VPNs [0] and may be other ROMs will too.
The app can forward TCP over SOCKS5 to other apps on the device that support SOCKS5 (apps like Orbot).
That said, since half our code-base is in Golang, we plan to embed wireguard-go once we figure how to do so [1].
[0] https://gitlab.com/CalyxOS/calyxos/-/issues/349
[1] https://github.com/celzero/rethink-app/issues/52
