AdamBv1

graphite-or-graphene Well it's good the server recognizes there's traffic in and out, hopefully the client is saying the same. I believe sent just means the server flung that much data at the client IP and port while received should mean they have been received and decrypted.

I would double check the client log against one from a working client line by line and see what, if anything, is different. You could also try opening and checking the .ovpn files and comparing them as well. This is often one of the easier ways to troubleshoot issues when you have working and non-working devices.

As for WireGuard, the hard part about it is really just doing key exchanges between the clients and the server. OpenVPN does make that easier by simply exporting everything you need at once from the server instead of every endpoint generating their own key pair and then you needing to copy around public keys.

OPNsense 23.1.6 and OpenVPN on a Pixel 7 user here, I can't say I have had any issues like this. Any time it says connected it works fine and if the connection breaks and fails to reestablish itself (happened a few times on a recent vacation where I was in airplane mode and connecting via WiFi and frequently walking in and out of range) it will show reconnecting and it would take a manual disconnect and reconnect to fix it and then all was good.

Have you checked to see if there's anything listed on the PFsense connection status under bytes sent and received? This might help troubleshoot if data is only flowing one direction. The OpenVPN client on Android doesn't seem to show total amounts transferred but you can see the speed there so it's also worth noting if one of them is always at zero since even an idle connection should show some data transfer.

Otherwise I can't see any obvious issues from your connection log but our setups don't seem to be exactly the same so I can't make a perfect direct comparison. If you have working android clients it might be worth checking them against the P7 to see if anything is different. Pretty sure ciphers would have to be correct to generate a connection at all but mismatched compression settings like to break things.

On another VPN note, it was this vacation and the occasional connection issues that got me to switch over to primarily using WireGuard instead, being a stateless connection it worked FAR better with frequent loss and reconnection to a network and the performance was noticeably better as well with the lower overhead. It's also a bit easier to set up since there are just fewer options to misconfigure while it's pretty easy to mess something up with OpenVPN.

irk428
Private DNS or using a VPN is really the only way you can avoid using local network DNS servers with a fairly automatic setup. Private DNS will push all your DNS queries over encrypted DNS-over-TLS and only use network DNS to find that hostname of the DNS provider you specify, a VPN will generally have it's own DNS specified once you connect to it so you have the same situation of network DNS only being used to connect to the VPN and everything else goes over it afterwards.

For something less conventional I found I can run a WireGuard VPN on my home OPNsense firewall and instead of forcing all internet traffic through the tunnel I'm only using it for access to my local network including the Unbound DNS server it's running with block lists. Specifying my home network DNS server in the WG settings does appear to be forcing all DNS traffic over the tunnel but nothing else.

[deleted] Quality works well and it's what my device was defaulted to originally. It has very noticeable shutter lag to me but hardly unusuable, being maybe up to a whole second compared to a small fraction of one, but it does use that time to make sure everything is good instead of possibly a poorly focused and exposed mess.

If you don't plan on using multiple camera apps then putting the GOS camera in quality mode is probably a good idea. I like being able to optimize it for Latency and then using another when I care about quality and have the time. I spend a lot of time driving and sometimes that second of shutter lag can be the difference between what I want to get a picture of being in frame or not and so capturing anything at lower quality because it took shortcuts for speed is better than nothing to me.

When talking about GOS camera quality keep in mind there was a change back in Version 56:

Notable changes in version 56:

• use Latency mode by default for fresh installs instead of Quality mode: Latency mode doesn't wait for 3A convergence (stable auto-focus/auto-exposure/auto-white-balance), defaults to 95% JPEG quality instead of 100% and uses HDR+ on Pixel 4 and later instead of Pixel 2 and later which doesn't matter much for fresh installs since Pixel 3 has been end-of-life for over a year

I had my GOS install done before this update and so fiddled around with the setting and tested it out and manually put it on latency priority. I found that Latency really improved how fast it took photos after hitting the shutter button but you are more likely to get less awesome photos as as a result. Since I have my phone set to launch the GOS camera with a power double tap and generally want to snap really quick photos this setting is perfect for me and I use GCam for anything I'm willing to take a couple more seconds to capture and care about the quality of.

randomchar42 If you are trying to get Outlook to sync contacts you need to install the Outlook app and then go into Settings > [your mail account] > then check Sync Contacts.

apoid Aurora is just a front for the play store so they are downloading from the same place but Aurora increases privacy over using the Play store directly by making anonymous sessions that change all the time unless you actually log into your Google account or using their option to generate a GSF ID locally and using that for all sessions.

I believe their warning about using something other than the Play store is warning against grabbing APKs from random websites more than keeping people away from Aurora as you will see recommendations for Aurora on par with the Play store in both the Usage Guide and FAQ.

That being said, using Play in the work profile to update apps and then cloning it over to main will work just fine if you want to skip Aurora. As I said, this is what I do anyways for paid apps Aurora can't update.

Max-Zorin So if my ISP / Network Provider can still see the domains I visit (and hence retain and sell that data) even if I use something like Quad9 as a private DNS, then is there even a point in using one of these services (besides say add/tracker blocking, family friendly filters, malware site blocking etc.)?

You are correct in that private DNS itself gives you little privacy since you are generally requesting DNS lookups to visit a site, but I would say there's some benefit to using a private DNS even if your ISP still sees where you go visit. They do use an encrypted channel to communicate between you and the DNS service you choose so they get around any tampering or filtering your ISP may intend to do regarding DNS although you could still be susceptible to them filtering or blocking requests to places you try to visit. Sometimes they are better than a ISP just because they may return requests faster or even at all, I have seen some ISP DNS just suck, possibly just due to updating their records infrequently.

Tampering with websites is something ISPs generally can't do thanks to the fact most communication is encrypted now and thanks to that encryption they can't see the specific URL you are visiting and only the domain.

apoid I did something similar for my setup and it's been working pretty well. I don't really have any play store dependent apps and pretty much go without push notifications so I keep my work profile turned off basically all the time.

1. Do you think this is a good way for my needs?

Yep, it should work fine.

2. How to install the Google Apps exactly? Clone the Graphene “Apps”-App with Shelter to the Work Profile? Or clone the 3 Google Services Apps (Google Play Store etc.) directly to the Work profile? But how to update these 3 Google Services apps then?

Shelter gives you the ability to clone apps between the work and main profile so the starting point is cloning the "Apps " app provided by GOS to the work profile and then installing the needed Google services there. I actually have some paid Play apps I bought years ago that work fine in the main profile without Play Services or the store so I update them in the work profile and then clone them back to main. Aurora in the main profile can tell me when they need updated but can't update them since they are paid apps and I'm not logging into any Google services on my main profile.

3. How to install (and update) the google Camera to the main profile? As I tried “Gcam Services Provider” can’t be installed due to the Google Play Services installation in the work profile.

In my main profile I installed GSF only with no permissions and then installed the GCam app (with no network permissions) via Aurora and this works fine. It can still update via Aurora just fine and does not need anything other than GSF to run properly.

So far my only headache with this was finding out that Signal installed in my main profile could see that Play Services was installed in the work profile and so didn't want to setup using websockets for notifications and would error out on setup until I removed all google apps from my work profile. Other than this little one time setup oddity everything seems to be working perfectly. If you set up Signal before doing anything with a work profile you won't have this problem.

Works fine for me with my Fenix 6S and I only have GSF installed.

johndoe55667788 I guess they could attach that to your account although it won't get them much if you install GOS on it, they will never be able to see that hardware identifier through the play store or other Google apps since GOS sandboxes them from any hardware identifiers.

Personally I put GOS on my P7 before even installing my SIM card so there's no way Google got a look at that either. I did have to give it internet access through WiFi before I could enable OEM Unlocking but that never required logging in to Google services so they pretty much only got one little ping from this phone and then it disappeared from their view.

hannes Almost forgot to mention, if you are talking with customer support they might understand bootloader unlocking better than OEM unlocking when you start asking questions.

hannes It's the OEM unlocking you need to be worried about for installing GOS but you should check that it's SIM unlocked as well in case you want to use another carrier in the future.

Getting an unlocked one straight from Google is safest as you know it will work but past that it can be unlocked from many carriers I believe. Often this means having paid for it fully and then asking the carrier to go through an unlock process. Do some research on this with the specific carrier you are looking at before you buy.

I know there are exceptions like Verizon where it absolutely cannot be unlocked ever.

Another Pixel 7 reporting without working WiFi Calling on Verizon

Carrier: Verizon
Carrier settings version: verizon_us-40000000011.9
WiFi Calling Option Visible? (SETTINGS>NETWORK AND INTERNET>SIMS): Y

State of Provisioning Toggles (*#*#4636#*#*):
VoLTE Provisioned: Y
Wifi Calling Provisioned: Y

IMS Status:
Voice over LTE: Available
Voice over WiFi: Unavailable

Have you Reset Mobile Network settings? (Settings>System>Reset options>Reset Wi-Fi, mobile & Bluetooth>Rebooted?): Y

Does your carrier list your device as supported? Y/N + Link to Carrier Page
I found the following when I looked that up:

2. What do I need to be able to activate Wi-Fi Calling on my phone?

To activate Wi-Fi Calling:

• First, your smartphone must be:
  • Android – Either connected to the Verizon network or able to access the Internet through a Wi-Fi connection.
  • iPhone – Connected to the Verizon network.
• Your smartphone must have HD Voice activated (most older Android™ devices list HD Voice under the Advanced Calling setting).
  • HD Voice is activated by default for our current smartphones. If you have an older smartphone you may need to activate HD Voice manually.
• Your smartphone must be able to access the Internet through a Wi-Fi connection.
• You must accept the Wi-Fi Calling Terms & Conditions when they are displayed.
• You must confirm, update, or enter the US address when it displays (this is where you want emergency personnel to go if you call 911).
• iOS smartphones must be connected to the Verizon network in the US and can't turn on Wi-Fi Calling outside of the US.

Part of the full activation process might include sending the emergency address to the network and it's not activating until then. I can confirm that every other stock phone I have seen WiFi calling with Verizon has forced you to enter an address before it turns on, this was true on my old Pixel 3 and all the Samsung work phones I have used with the feature,

I don't really care about WiFi calling myself but I thought I could add another data point for this. I cannot confirm it worked on this phone before switching to GOS since I flashed GOS before inserting my SIM but others on Verizon have stated it worked on stock.

Zoltan I agree it shouldn't take all this work, and said as much at the end, but I just wanted to detail exactly what I found so hopefully devs notice and can track it down to a bug. Details and numbers often help well above just saying things don't look right.

In the meantime if anyone does have too much time on their hands and the will to edit photos manually the above info will let them get the wallpapers they want.

Cigurd What you need to do is go into Settings > Apps > All apps > [your camera app] > Open by default > Clear default preferences. You may need to do this for all the camera apps you have installed.

Next time you try to launch the camera by double tapping power you should get a prompt asking you what app you want to do that with. If the device is locked you will need to unlock it to see the prompt, but after that first time of setting it up it should just work afterwards.

I was noticing this exact issue when I was creating wallpapers for my Pixel 7 a couple days ago. Made a bunch of photos the exact screen resolution for the lock screen (1080x2400) or wider ones for the home screen (2160x2400) and found they always previewed perfectly but zoomed in slightly when set. It did this on the stock launcher, Nova, and when set through Simple Gallery.

My fix ended up being to pad out the image 10% to 1188x2640 (needs 120 pixels extra top and bottom, 54 left and right) to fix the lock/single screen ones and oddly enough add the same amount of padding on the wide home screen scrolling wallpapers (final resolution 2268x2640) and then they end up fitting perfectly pixel for pixel. I assumed the wider ones would need to be 2376 wide at first as well but when looking at the edge I could see the border I added.

Once you know the trick then creating images to work for wallpapers isn't that hard but it really shouldn't require this at all, I don't recall this being a problem on my Pixel 3 I just switched from.