• General
  • Voicemail, VPN, Split Tunneling, and Security?

I was trying to get voicemail working in the (Google) phone app, as well as visual voicemail, and realized that it wouldn't connect and download the messages over my VPN, which is set to always on and block connections without VPN. I have a few questions about this:

1) Is there any way to get it to work, without changing the VPN settings?

2) The obvious workaround is to use split tunneling. But this requires me not only to exclude the phone app from the VPN tunnel, but also to disable the "block connections without VPN" setting, in the genereal settings for my VPN.

2a) What are the risks of disabling "block connections without VPN"? Doesn't this mean if the VPN drops for some reason, all connections will start going over the open internet? Also at startup, the VPN is not connected, until the phone is unlocked, so couldn't some data leaks happen then?

2b) What are the risks of excluding the (Google) phone app from the VPN tunnel? I don't really care if it connects to my cell service, to retrieve voicemails. But what other connections might it be making?

Thanks for any feedback on this.

Have you tried phone apps other than Googls Phone, such as the phone app provided by GrapheneOS? It supports Visual Voicemail.

Visual Voicemail does tend to malfunction with VPN lockdown enabled. I don't know why. Does it use data to download voicemail? It sometimes goes through and sometimes does not. I disable Network access for GOS phone app and Visual Voice goes through for me on T-Mobile network.

Try changing VPN protocols and enabling/disable private DNS server.

    So I've just started using ibvizible pro and have done away with various applications of orbot and rethink DNS across my user profiles.

    You can use it as an always on VPN in your settings, but what that means in practice is that the app is always occupying that VPN allocation slot, not that the program occupying that slot has to be applied universally.

    You can make similar use of the 'always on' VPN and disable auto connect on boot so as to function as a profile wide network blocker if say, for instance, you want an easy way to keep your owner/admin profile entirely neutered until you want it on for app updates only.

    If you trust it, test it out. You might find that it let's you tune your settings more ideally.

      OpenSource-Ghost Have you tried phone apps other than Googls Phone, such as the phone app provided by GrapheneOS? It supports Visual Voicemail.

      Visual Voicemail does tend to malfunction with VPN lockdown enabled. I don't know why. Does it use data to download voicemail? It sometimes goes through and sometimes does not. I disable Network access for GOS phone app and Visual Voice goes through for me on T-Mobile network.

      Try changing VPN protocols and enabling/disable private DNS server.

      For whatever reason, I don't see visual voicemail in the Graphene phone app. I have visual voicemail enabled in the settings, it says "activating voicemail," and it has been stuck like that for days.

      When you say "changing VPN protocols" what are you referring to? I tried different servers in different locations and that did not help. I guess I should try fiddling with DNS, although I prefer to use the VPN DNS for privacy purposes. Basically, I'd like a way for this to work, that still has the privacy benefits and precaustions of using an always on VPN, with the kill switch (i.e. block connections without VPN) working. But maybe that's just not possible?

      Anyway, I guess I assume visual voicemail must use the network somehow, otherwise, disabling the VPN wouldn't make it work. It's curious that it works for you on the Graphene phone app, even without giving it network access. I read elsewhere that as a security precaution, carriers want to see the connection to voicemail come directly through their network and not a VPN. But I guess, really, that makese no sense, since all the VPN does is effectively change your IP address, so maybe carriers are just blacklisting known VPN servers.

      Toomanyuserprofiles Thanks for the ideas. I'm just using one (owner) profile to keep things simple. So that means, if I want a VPN, with a kill switch, then it gets applied to everything. InviZible looks interesting, but I'd have to check it out more. Generally I'm happy with my VPN service.

      I spent a long long time a few years ago, researching VPN services, and concluding that I don't trust many of them. There's a lot of shady things in the world of VPNs, plus a lot of services that just don't know what they're doing and set things up wrong, which can (and has) ended up burning their customers. In the end, the only ones that seem trustworthy to me are Mullvad, IVPN, ProtonVPN, and (maybe) AirVPN.

        cb474 thats the thing with invizible. You can apply it to everything system wide, then add exceptions. I have a second browser in one user profile which routes through clearnet while most other things go through TOR. I use it as a check of my true IP before engaging in VOiP calls because it let's me determine if my true IP is so close to home that it sacrifices my privacy too much.

        Edits and further explanation:

        1) P2P routing as with VoIP calls expose your true IP even with VPN or TOR in use.

        2) I have dynamic IPs from a cell provider, and don't allow WiFi connections or location scanning. Usefulness mileage of my approach may vary depending on threat model or how you engage with the platform.

        cb474 ovpn is also fine. Airvpn and protonvpn I don't agree. Proton gave out IP addresses of their customers.