Android 15 VPN Inbound Traffic Changes

H7oUt I can't seed torrents once download is complete

The issue may be not the Android itself, but the fact that more and more VPN providers stop port forwarding. You used to have this ability on Mullvad, but they don't have it anymore. It's kinda available with Proton, but only with apps, or while jumping some hoops for CLI configuration.
May be of interest:
https://mullvad.net/en/blog/removing-the-support-for-forwarded-ports
https://protonvpn.com/support/port-forwarding/
P.S. I think that Development tag is not relevant here.

@thmf is right. Port forwarding so that other peers can connect to you is not permitted by basically any VPN anymore, because I caused huge amounts of legal liability for VPN providers, as they actually did have identifying information to hand over to law enforcement, which account the specific forwarded port is tied to. And because people exploited that functionality to set up websites with illegal content on, effectively making the VPN the hosting provider for those websites. But BitTorrent and other peer-to-peer technologies should still be able to accept incoming connections by using UDP hole-punching technologies. That technology exploits the stateless nature of UDP to fool the VPN into thinking it is an outgoing connection instead of an incoming one, and thus the VPN will accept the incoming data as responses. I never used any peer-to-peer technology on my phone, but it should work, as it definitely does with major VPN providers on my computer. So although seeding ability will be heavily limited when using a VPN, you should still receive some incoming connections, and either way you should be able to seed to nodes that themselves can accept incoming connections.

Dumb question maybe, but are you certain there even are nodes in the swarm to seed to?

H7oUt I found it, but it was not on these forums - https://github.com/celzero/rethink-app/issues/224 .

Oh.. I didn't know that, that incoming traffic from non-VPN interfaces didn't use to be blocked. That is trivial VPN bypass even when block all connections outside VPN is enabled, and trivial deanonymization attack too. Makes me want to cry. Still, it shouldn't matter in your case.. unless in fact you have been seeding without going through the VPN, which kind of sounds somewhat likely now..

I think I need to check a few things with the VPN implementation. Like, can an app obtain IP addresses from non-VPN network interfaces and send them out as possible connection points for incoming traffic. That alone would ruin any anonymity VPN would give, even if incoming connections are now blocked. I wished AOSP would just redo their VPN implementation from scratch in an actually secure way.. like how QubesOS have designed theirs. Seems like AOSP has done a minimal effort implementation of VPN that is just enough to be able to connect to corporate networks or the like, and not considered security or anonymity at all. Even if we patch up many leaks, we are doomed to miss something. An actual secure design from scratch would have given strong guarantees.

@H7oUt @ryrona aside of the provided link (thank you for the source!) explaining the changes mentioned in the top post, here's another theory. Disclaimer: I'm not knowledgeable enough to say it really works this way, but here goes.
Sometimes you can see you have seeds from the swarm, but no traffic comes in nor out. I think the issue may be a byproduct of the 'required encryption' setting. Meaning, we all would like our data to be encrypted at the very least while in transition, hence this setting is absolutely necessary, but at the same time others may not have it set. So as a result, we see seeds / peers, but can't actually exchange any data with them, because we require encryption and they can't provide it. Again, this is a theory. I haven't analyzed any code or even logs to say it works this way.
Anyway, ryrona's question is fair, are you sure there are other participants in the swarm?