Open_Source_Enjoyer while i cant answer this definitively from a technical perspective, The recent dns leak protections, implemented by the Grapheneos team are tied to that toggle. Read
Also:
If your vpn goes down for any reason you will be exposed.
You are trusting your apps to not be designed in such a way that they "choose" not to bind to the vpn interface.
I use the proton vpn app and have recently been toying with using the newly supported android vm terminal to ssh.
So i am also faced with this issue currently, one solution i have discovered is using the Official wireguard app
Which allows specifying your local subnets in a list of allowed peer connections, which work even with the Android block connections without vpn toggle activated.
- This means importing a list of configurations (bit of a hassle)
- No protocol other than wireguard udp
- No netshield or secure core.
So it might not be an ideal solution for everyone.
( This from my understanding was one of the only vpn apps to not be vulnerable to the dns leaks that other vpn apps were subject to, (including proton) prior to the Grapheneos team prioritising and fixing 🙌, in as much as they have been able to, the dns leaks)
Disclaimer: i am currently testing general daily browsing using only wireguard udp protocol to see if the experience is greatly diminished from the wireguard tcp i usually use, i am anticipating more than usual blocks and captchas, but so far actually its been good, but untill i finish testing and install the app i cant confirm 100% this is a working solution