New update broke VPN split tunneling

Splitting_Headache

Hey, I'm new to this board so I apologize if I miss any basic steps in this post.
So my phone is setup to run always on protonVPN with VoIP apps for my calls and texts. To make and receive calls reliably I have to split tunnel the VoIP app (Mysudo) and unfortunately some Google services. After this recent graphene update I can no longer use my VoIP app when the VPN is active. It appears the latest system update made the VPN settings much stricter.
Now I'm forced to keep my VPN off since running VoIP through the VPN makes calls and text highly choppy and unreliable.
So I suppose my questions would be:
Does anyone know if this issue with split tunneling is going to be resolved in the near future?
Is there a way to fix my situation with this current version of graphene?
Is there a way to revert back to the previous system release until another fix is implemented?

Thanks in advance!!

GrapheneOS

Splitting_Headache

Does anyone know if this issue with split tunneling is going to be resolved in the near future?

There's currently no known issue. This is the first report we've had of any compatibility issue and someone else here says split tunneling is working for them with Proton VPN. Speeduser7533

Is there a way to fix my situation with this current version of graphene?

Use a different app or VPN setup without a compatibility issue, possibly due to app bugs.

Is there a way to revert back to the previous system release until another fix is implemented?

No, and it wouldn't make sense to do this as you'll be missing security patches and other updates.

Dumdum

Have you turned off Block Connections without VPN? Settings > Network and internet > VPN > Cog icon next to your VPN > Block connections

Splitting_Headache

"Block connections without VPN" is off. The only thing that changed from my previous settings was the last graphene system update. Then my VoIP app, which was split tunneled stopped working. From reading the release notes it states that they made the VPN security stricter. So it appears graphene is now blocking all connections without VPN even with the setting off

GrapheneOS

Splitting_Headache

So it appears graphene is now blocking all connections without VPN even with the setting off

DNS resolution was the only thing that was changed, and it was only changed to respect the lockdown setting. It shouldn't have any impact on split tunneling with lockdown off. It's possible that it does, but it wouldn't make much sense and seems to imply an existing Android bug exists. You should try reinstalling your VPN app.

Speeduser7533

I also use Proton VPN.

Are you sure you have the right application and also the right IP allowed through?

Splitting_Headache

Yes, the only way I can get the VoIP app (mysudo) to work now is to turn off the vpn, or take it out of split tunneling. But then running it through the VPN make the call connections unstable and almost unusable.

Splitting_Headache

Here's the release notes from the latest update:

Changes since the 2024080100 release: • prevent VPN apps from having leaks to non-VPN DNS servers while not yet strictly preventing leaks to VPN DNS outside the VPN tunnel due to multiple VPN apps including Proton VPN not connecting reliably with stricter enforcement (in a future release, we can do strict blocking by default with an opt-out toggle and a list of known incompatible apps such as Proton VPN until the compatibility issue is resolved) • GmsCompatConfig: update to version 126 • GmsCompatConfig: update to version 127 • Camera: update to version 73

Murcielago

Splitting_Headache
Responding simultaneously ^_^

Splitting_Headache

Splitting_Headache Sorry! I ment to reference 2024080200

Murcielago

I don't use VPN regularly (and no MySudo) and therefore have no long-term experience. However, I have just tested ProtonVPN + split tunneling briefly - it works for me (GrapheneOS Build 2024080200 | ProtonVPN 5.5.27.0).

That being said, i remember VPNs (and particular ProtonVPN) being mentioned in the latest release notes (Note I can't tell whether this is related to the problem you described- maybe someone more knowledgeable can clarify):

https://grapheneos.org/releases#2024080200

prevent VPN apps from having leaks to non-VPN DNS servers while not yet strictly preventing leaks to VPN DNS outside the VPN tunnel due to multiple VPN apps including Proton VPN not connecting reliably with stricter enforcement (in a future release, we can do strict blocking by default with an opt-out toggle and a list of known incompatible apps such as Proton VPN until the compatibility issue is resolved)

See also (there, too, it was partly about VPN):

https://grapheneos.org/releases#2024080100
and
https://grapheneos.org/releases#2024073100

(Both releades only made it to alpha channel)

Splitting_Headache

Maybe its a new comparability issue with Mysudo? All I could figure out with my limited knowledge is after the latest graphene update Mysudo refuses to sign in or function correctly (if at all) when its split tunneled. Now I'm having to keep my VPN off so I can make and receive calls. Which is quite frustrating after all the work put into moving to this privacy model, that's been working correctly for 2 years now.

Also, both protonvpn and Mysudo are updated to their latest release as well.

Dumdum

In that case, as a temporary(?) solution, might I suggest downloading Wireguard configs and setting up the official Wireguard app instead. In order to do split tunneling in Wireguard, you select a server in the app and then the pencil icon in the top right to edit. Tap "All Applications" in the Interface section, select applications to split tunnel and then make sure to tap the Save icon in top right (where pencil was). Unfortunately there doesn't seem to be app-wide split tunneling, or an easy way to mass-edit servers (within the app at least).

Splitting_Headache

Dumdum Thank you, I will give this a try and report back.

W1zardK1ng

Dumdum I'm using the WireGuard with config files, but still I face the same same issue. Signal and Molly gives notifications saying checking for messages or you may have a new message. Then I need to disable VPN to get the messages. I started missing multiple signal calls also.
Even before there updates I just got a notification as I have a missed call, but the phone never rang. But recently this issue became severe.

Splitting_Headache

Dumdum you're no dumdum, that was an excellent temporary solution, thank you! And I think I almost prefer this lightweight wireguard app. Using this with split tunneling for mysudo is working correctly so far.

I wouldn't call the issue solved yet since something is definitely wrong with the protonVPN app split tunneling after the latest update. If we can't solve the problem here, is there a way to submit this bug to a dev so they can take a look?

Thanks again!

GrapheneOS

W1zardK1ng Try reinstalling the VPN app.

Splitting_Headache

GrapheneOS excellent, I will try this as well.

Splitting_Headache

GrapheneOS reinstalled protonVPN app and everything is working as it should again. I really appreciate everyone's help and quick replies. My issue is solved.

W1zardK1ng

GrapheneOS i reinstalled the Wireguard app, even tried the official vpn app still the issue is there. So the issue is not solved, atleast for me. For now i have disabled the split tunneling and signal is getting calls and messages instantly.

GrapheneOS

Splitting_Headache Proton VPN seems to have major issues unique to their app... Even if they're triggering an OS bug, they need to start fixing the unique issues with their app.

Splitting_Headache

GrapheneOS that's what I'm starting to see. I think I'll going to take dumdums suggestion and start using the wireguard app going forward.