Possibly related to #11

Issue: Tunnel was active with auto tunnel enabled. Switching networks was not turning off the tunnel, so I disabled auto tunnel and tried to manually turn off the tunnel. Pressing the toggle button on the tunnels page did not turn the tunnel off (the toggle button had no visual response when tapping it, and the VPN key icon was still present in notifications area).

I was able to eventually disable the tunnel by force quitting the app.

I have not since been able to reproduce the issue.

1. Would be great if we could include/exclude apps just like with the regular version.
2. On AndroidTV 10 I can barely see what button I am on. Navigation is also slightly awkward (not sure what is highlighted when you open the app and not sure how to get to the imported tunnel).
3. With the official Wireguard app, I can hit the OK button on my remote twice to activate the tunnel: once to open the app, second time to start the tunnel. No need to navigate to the tunnel or to the start button. Would highly prefer this flow!
4. Option to ensure the tunnel is always on.
5. A TV is a static device, no need to scan for WiFi SSID name.
6. Additionally, I can't even see Settings, because the warning that location permission is required is persistent even after I have given the app all 3 permissions that are listed in the App details.

1-4 would really be great if this can be done. That way you distinguish yourself from the official app which is only an on/off button.

Would it be possible to speed up the animation speed when changing screens and add a black theme for OLED screens?

1. Long press the tile: open WG Tunnel app (now it opens its App Info)

2. In the app itself, when a tunnel is active and I toggle another tunnel, simply switch tunnels (deactivate one and enable the other). Currently, I need to toggle to disable the active tunnel before toggling the other tunnel. Small improvement.

3. I still find Settings slightly confusing for a first time user. Because you need to set 2 things (wifi SSID and tunnel) before the first toggle is usable. But then you also need that second toggle, so perhaps enable that automatically when the first one is enabled? Honestly I also don't know how to improve this screen much further. I love the functionality though 😁
   That's all!

Any chance to add the function to import a configuration file by scanning a qr-code?

I have tested this behavior on three different devices. If I click on "add Tunnel from QR-Code", a error message stating "invalid QR-Code" appears even though the camera has not yet been started.

Apps like Shortcut Maker and Macrodroid are unable to integrate with the app's dynamic app shortcuts as they were intended.

I get the error "You don't have an app that can do this" when trying to import a tunnel from files. I have the FX file manager installed and it works when importing files into other apps (just checked with the OpenVPN app before putting in this ticket). I was using this method before but I think it might have broke with a recent WG Tunnel update.

Issue #34.
Reopening as this is still not fixed on v3.0.3 (verified in app).
Trying to import a tunnel sends me to a screen that shows "Recent" (as recently opened files) with nothing in it.
However, if you press the select button right after reaching that default file browser screen, you can open the left menu.
The left menu contains nothing, unless you install a file browser like cxfilebrowser and then you can see other stuffs like downloads, processes, etc..
Yet, nothing is selectable.

In general, the moment you reach that default import file screen, you have 1 button press to do, after that, you cannot do anything at all.
Its like the arrows buttons do nothing and you are currently not hovering any button, youre stuck, with nothing else to do.

FireTv Stick 4K Max from friend.
He has the last edition.

Hi, i've found this app really clean and ahead of the official Android Wireguard client, mainly as it allows to include and exclude apps at will without continuosly having to enable and disable the tunnel for that one problematic app.
Among my devices there are some who are a bit old but would benefit from this implementation a lot.
To be sure I've tested the build of the app down to API 21, allowing Android 5.0 - 8.0 devices to be included, and found no problems.
While the test was, for the 5.0 device, conducted on an emulator, the 8.0 was my daily driver and it seems to work fine.

So, can we lower the barrier a bit and set the minimum SDK requirement to API 26 or less?

The biggest problem with the official app imo is that it won't re-resolve the endpoint unless you turn the tunnel off and back on.
This means that if your endpoint's ip changes while the tunnel is active, you're stuck with no connectivity and you don't even know it.

There's no non-root solutions to this problem currently afaik.

Part of the problem is the fact that while the tunnel is active, your dns comes from the tunnel too. So if the endpoint switches ip, you can't even re-resolve because you lose access to the dns server.

Not sure how much agency you have on android with this app. In a typical linux installation you periodically re-resolve every 5mins or so via 1.1.1.1 or something outside the tunnel, compare to cached resolution and if different restart the tunnel. I'm sure you know of these workarounds already.

If you could implement something similar in this app, it would be fantastic.

Ways to reproduce:

Set local SSID

Enable auto tunnel

If connected to the local SSID the tunnel will go down, thats correct...

Now open network-settings, turn wifi OFF.

Wifi is off, mobile data is enabled, VPN tunnel stays off...!

You can enable the tunnel manually in the App like normal, but the auto tunnel is not working in this case.

This behaviour is happening on Fairphone 4 with Android 12, latest patch version.

By the way, in the notification area, the app icon is still visible, and it still says "Monitoring network state changes"...

Edit: Will try now, if it needs a little more time. The way I tested, was like only waiting like a minute or so...

Edit2: After 5 minutes of waiting, nothing, I even forced some network-traffic, but nothing...tunnel stays down.

Currently, experiencing this issue on my Pixel 4a running latest patch of Android 13 despite everything working fine on my Pixel 7 which is on the same version. I am not sure how wide the impact is to other devices but I have opened a bug with Google to investigate.

https://issuetracker.google.com/issues/290990637

The app uses about 30-40% of my battery in the background. I can see this happening on three different phones.
The app runs on the default optimized battery mode.
Is there something that can be done or is it not fixable?

It would be great to implement a kill switch that prevents any network activity if the VPN is disabled if both Turn on mobile data and Tunnel all applications are enabled and the VPN is set to always-on

The official Wireguard app allows you to easily turn on/off a tunnel via a tile in the same area where you toggle WiFi, flashlight etc.
Please consider adding a tile there. It's the only thing I'm missing at the moment.

For example, while connected to wireguard, which is actually connecting to my Homeserver, and only let's DNS requests go through the tunnel, AdGuard Home is filtering ads through DNS blocking.

But sometimes a website doesn't work because an ad or some advertising related tracking is not loading. Especially when purchasing something or booking a service on a small/less known website or when abroad, when a public WiFi network requires registering. In those cases it's handy to temporarily toggle the tile to turn off the tunnel, finish the task and turn it on again.

I have an Android TV box running Android 9. While the current app supports Android 10+ and runs beautiful on my phone, it would be nice to have support for Android 9 too. Thanks!

As the title says, WiFi networks with commas in their SSID cannot be added to the trusted network list as they will instead be interpreted as separate networks

First off, fantastic app. I have been using it for a while on multiple devices and it works great. With the new "battery saver" option enabled it barely uses any battery while being more reliable than other solutions I have tried (such as my Tasker based solution, which was great but did not work reliably when the screen was off on the device).

For my use case it would be great if there was more flexibility regarding setting which tunnels are enabled for different SSIDs / mobile data connections. I have three "levels" of networks: (1) local network; (2) trusted networks; and (3) everything else. For the "local network", this would be a "trusted SSID" in your app where no VPN tunnel is enabled because the resources I need to access are local. For the "trusted networks", I enable a split tunnel so I can access the resources I need (including a DNS server) but the remainder of the traffic flows outside of the tunnel because the network is trusted (and I happen to use this tunnel for mobile data as well). For "everything else", I enable a full tunnel so all traffic is protected (for example, when connected to public wifi or any other SSID that I have not tagged as being "trusted").

In my experience the type of setup that I have is fairly common, and it would be fantastic if your app could handle such a setup. There are a number of ways that I believe you could enable this feature from an interface perspective, and I wonder if some inspiration could be taken from the iOS version of the WireGuard app where it looks like to can specify certain tunnels that are enabled for "only these SSIDs" or "except these SSIDs". In Tasker I have achieved this setup by creating Variables for "No VPN SSIDs", "Trusted SSIDs" (which includes mobile data) and set up Profiles that turn on the tunnels as appropriate, including defaulting to the full tunnel if the SSID does not match any of the Variables). However, I believe you could achieve something more flexible for all users with an approach similar to the iOS WireGuard app if there was also the concept of a "default" tunnel (the full tunnel in my case).

I hope I have described the feature request in a way that makes sense, but please let me know if you have any questions. I realize that it would add complexity to your app, but I also believe it would open up many new use cases that could be beneficial for a lot of users.

Would it be possible to add the ability to set a PIN code or password that prevents settings from being changed unless entered? I.e. read-only view with admin edit rights

Hello, how about this useful features?

Nice app!

Would it be possible to add Android intents to allow for zero-touch configuration, such as with Tasker or an MDM? For example, tailscale/tailscale#3547

Alternatively, have it check for a *.conf file on the device at a specific location to automatically configure the WG tunnel and tunnel all applications

Allow user to include or exclude specific phone applications that they want to be tunneled through VPN

Official WG client exports tunnels in a zip file. WG Tunnel could import this zip and make transfer just a tad easier.

I'm not sure if this is related to #37:
After updating from 3.0.0 to 3.0.2 or 3.0.3 WGTunnel crashes right after starting the app. The home screen flashes.
Phone is OnePlus Nord 5G N10, Android 11.
Trier to clear app data.

Here's the log:

10-06 14:05:07.649 18407 28649 E AndroidRuntime: FATAL EXCEPTION: DefaultDispatcher-worker-1
10-06 14:05:07.649 18407 28649 E AndroidRuntime: Process: com.zaneschepke.wireguardautotunnel, PID: 18407
10-06 14:05:07.649 18407 28649 E AndroidRuntime: java.lang.IllegalStateException: Room cannot verify the data integrity. Looks like you've changed schema but forgo
t to update the version number. You can simply fix this by increasing the version number. Expected identity hash: ba86153e6fb0b823197b987239b03e64, found: 8aebda3e
5fb876f17654b7080d2356e0
10-06 14:05:07.649 18407 28649 E AndroidRuntime:        at k3.d0.e(Unknown Source:101)
10-06 14:05:07.649 18407 28649 E AndroidRuntime:        at o3.e.onOpen(Unknown Source:15)
10-06 14:05:07.649 18407 28649 E AndroidRuntime:        at android.database.sqlite.SQLiteOpenHelper.getDatabaseLocked(SQLiteOpenHelper.java:427)
10-06 14:05:07.649 18407 28649 E AndroidRuntime:        at android.database.sqlite.SQLiteOpenHelper.getWritableDatabase(SQLiteOpenHelper.java:316)
10-06 14:05:07.649 18407 28649 E AndroidRuntime:        at o3.e.c(Unknown Source:4)
10-06 14:05:07.649 18407 28649 E AndroidRuntime:        at o3.e.f(Unknown Source:63)
10-06 14:05:07.649 18407 28649 E AndroidRuntime:        at o3.e.a(Unknown Source:23)
10-06 14:05:07.649 18407 28649 E AndroidRuntime:        at o3.f.v(Unknown Source:9)
10-06 14:05:07.649 18407 28649 E AndroidRuntime:        at k3.c0.j(Unknown Source:12)
10-06 14:05:07.649 18407 28649 E AndroidRuntime:        at k2.d.F0(Unknown Source:11)
10-06 14:05:07.649 18407 28649 E AndroidRuntime:        at d5.c.a(Unknown Source:31)
10-06 14:05:07.649 18407 28649 E AndroidRuntime:        at d5.c.call(Unknown Source:116)
10-06 14:05:07.649 18407 28649 E AndroidRuntime:        at k3.b.l(Unknown Source:84)
10-06 14:05:07.649 18407 28649 E AndroidRuntime:        at i6.a.p(Unknown Source:8)
10-06 14:05:07.649 18407 28649 E AndroidRuntime:        at x6.e0.run(Unknown Source:114)
10-06 14:05:07.649 18407 28649 E AndroidRuntime:        at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1167)
10-06 14:05:07.649 18407 28649 E AndroidRuntime:        at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:641)
10-06 14:05:07.649 18407 28649 E AndroidRuntime:        at java.lang.Thread.run(Thread.java:923)
10-06 14:05:07.649 18407 28649 E AndroidRuntime:        Suppressed: c7.g: [k1{Cancelling}@148b055, Dispatchers.IO]

Hello.

First of all, thanks a lot for your great app. Clearly the AndroidTV flavor of Wireguard is lacking some needed functionalities.

I know that like in Wireguard original app (worst case scenario by manually editing tbe .conf file before importing), it is possible to define specific apps to which a specific tunnel is applicable or not.

Still then, this implies one of two things:

• having tunnel always-on and allow system to apply tunnel only to specified apps:
• manually turning on/off the tunnel, when required (before using the app(s).

Having that into consideration, I wonder if it would be a possibility to have the tunnel activated/deactivated every time the specified apps are opened/closed.

I know this can eventually be done using adb, but I wonder if implementing such a functionality would be feasible within the service and if you could consider implementing it.

Thanks in advance.

I tried this from F-Droid but coud not establish a tunnel. Just "Attempting connection".

Problem is: I do not see an error - please add some. Also not clear where log is.
Also, in the notification, after "VPN Connection Failed" in addition to "Restart Tunnel", maybe add "See Log".
Note: Wireguard Android client has log with error messages.

WG did not ask for superuser permisison? Does it need it?
Note: Wireguard Android client asks for superuser premission.

Opening a different issue for this mostly to inform other users since this can be sketchy to detect

When you have both wifi and mobile data on (I think the standard configuration as of today) but you live or are in a zone where there is a wifi with captive portal or that does not provide internet access and is a trusted ssid the auto-tunneling breaks

(I wrote captive portal but may be any reason why wifi doesnt provide internet access)

This happens because the android os knows that the wifi doesnt provide internet access hence uses mobile data but the app checks only if you are, in general, connected to a trusted ssid

the logic in order to fix this should be something like:

• if(connected to trusted_ssid AND wifi provides internet) then disable vpn
• if(connected to trusted_ssid AND mobile data is in use) then enable vpn

from the screenshot is possible to see the wifi that states "No internet connection avialable", the mobile data ON in the notification panel and the vpn tunnel wrongly off (since yes i am also connected to a trusted ssid but actually I am on mobile data)

My main goal is to inform since I did not manage to understand why was not working until i went to check into wifi settings

To be fair I do not know if through android api this kind of control would be possible but forgetting the wifi network may be an option such as considering if to add that network as a trusted one with this issue in mind

Version 3.0.2 crashes when opening.
Version 3.0.0 does not crash when opening (From F-Droid's Repo)

I tried the Google Play version which is 3.0.3 and it works fine without issue. I'd rather stick with F-Droid. :)

I'm using the Neo Store as my preferred F-Droid app and it doesn't show the latest 3.0.3 for F-Droid so I'm not sure if it's been pushed through or not.

Using Samsung Galaxy A13 5G variant on AT&T if this helps any.

Some months ago I was following a discussion about the Android Dynamic Shortcuts integration into the official Wireguard android app

WireGuard/wireguard-android#55
WireGuard/wireguard-android#48

I think it would be a great feature since beyond the customization, these would also give for free the "trusted wifi" feature that even if works good to me (I am doing some futher testing on my phone about #15) some phones may just work better with the dyn shortcuts approach or some users would just prefer this or may have less battery impact.. in this way users would still get the extended features & support of this app compared to the official one

I found your app on my FireTV and it looked like a great workaround to connect to my home network.

Unfortanetly, trying to open a config file opens a file explorer where nothing can be selected and no files are shown. I think this is not an issue by your app, but you could add a feature to add the parameter of the wireguard connection by yourself instead of the config file.

After the automatic switch from mobile data to the trusted wifi (auto tunneling on) , the vpn is disabled as expected.

But even if the vpn is off, there is still a active wireguard Negotiation between the android device and the router. Therefore the router thinks the client is still connected via vpn even though the switch in the app is off.

With the official wireguard app, this problem is not existient. After switching the button to off (in the official app), the connection and Negotiation both are disconnected.

My device is a Pixel 5 with Android 13.

First, thanks for making this, been wanting this from the official Wireguard app for years now. On to the issue.

Expected behavior:

1. Tunnel start: When away from home (not connected to trusted SSID) tunnel should be started.
2. Tunnel stop: When connected to home SSID(s) tunnel should automatically be disconnected.

Issue:

1. Tunnel start: This behavior is working so far as expected.
2. Tunnel stop: This in general has worked but it failed at some point tonight.

Steps that lead to issue:

• I left the house, tunnel started as expected when I lost connection with home network.
• When I returned home and reconnected to the home network the tunnel stopped as expected.
• Sometime later, I checked my phone and saw the key icon, the tunnel had been restarted at some point (without leaving the house).

Unfortunately, I did not witness this happening at the moment, so I am not sure exactly what happened or know exact steps to reproduce.

Special note: I have seen this same behavior with the official Wireguard app + Tasker (actually it is the primary reason I was trying your app out!) and I am wondering if it has to do with my Wi-Fi extender in my house, it creates two new SSIDs (one on 2.4GHz one on 5GHz). As I move through the house my phone will automatically switch between one of the three SSIDs (primary router, extender 2.4g, extender 5g) depending on signal strength. All three SSIDs are entered in the app as trusted SSIDs. I am wondering if there is some gap between switching from one SSID to another where the tunnel starts (because network is very briefly lost) but the new SSID connects so quickly it does not trigger the tunnel to stop again.

Additional note: After this happened, I was not able to disable the tunnel again by switching networks, turning off Wi-Fi on my phone, or by manually disabling auto tunnel and trying to manually turn off the tunnel in the app. I had to force quit the app. I will make another issue for this second problem though.

I'd like to be able to look at and change settings without needing to allow location. Pressing no thanks just brings me back to Tunnels.

https://cdn.discordapp.com/attachments/901264453067218985/1156272743755567164/Screenshot_20230926-115323654.jpg

ref: https://gitlab.com/fdroid/fdroiddata/-/jobs/5362089442#L1173

/LE: fyi https://gitlab.com/fdroid/fdroiddata/-/commit/8bc2d4275aedf2e613f4faafab182d3f0a3dea94

Pretty big deal for anyone who uses both wireguard and android auto in their car. I cannot seem to find the application in the list of apps (I guess it's a system app) to exclude from the tunnel , since AA doesn't work at all if there is a VPN tunnel active.

Running on a Samsung s23 ultra on android 13.

Add feature to be able to control turning on and off tunnels via intents.

When I try to switch from "tunnel all apps" to "include", then select Netflix, then hit Save, I get the following error:

Error: unknown error occured

Also, the save button is always coloured, as if it has the focus.
When I actually move to the save button, it becomes grey. When I select it to save changes, I get the error above.
This makes it impossible to actually switch from All to include/exclude.

Can you make it so you can see Tx, Rx, and last handshake time? I use this with the default wg app to test tunnels.

First of all, thanks you for develop this alternative app. Based on user experience, there are multiple applications that include or exclude tunneling. If we can search filter or show only installed app that a good feature than scrolling. Thanks

Great app for the AndroidTV! The main functionality with split tunneling works great. The only issue I am having is when pressing the up and down buttons on my Chromecast with GoogleTV remote on the Home (Tunnel listing) screen. No matter how many times I press up the selection jumps to the last tunnel listing. I have about 5 tunnels added in and can only turn on the last one.

Official app has this functionality and it allows for better performance with lower battery drain. I believe the documentation is available in the android wire guard docs.

Not everyone likes or wants to use the Google Play Store, so having an official APK in a third party store or under releases would be nice.

The app is downloaded from the Google play.
2 sites are configured.

If apps are not tunneled its working.
When apps are included the VPN can't be established (4 apps selected).

The official app is working with the same config and the selected apps are tunneled.

When I remove included app (all apps tunneled) its working.

Tried with import from zip file and manually entered configuration and a reboot.

config:
A trusted SSID is added.
Tunnel on mobile data.
Tunnel on ethernet.

Tried with the default config (nothing selected) still not working.

"Enable auto-tunneling" setting can't be switched on despite high accuracy android setting: "precise location required".

Xiaomi MI6
Android 9

I am wondering what "auto tunneling" is supposed to do, when none of the other 2 checkboxes have been enabled, like "tunnel on mobile data"?

For example, when I'm at home and turn off my WiFi (SSID added to trusted SSID list), and turn on the tunnel manually, it gets automatically disabled.

Does the top option have any purpose, without "tunnel on mobile data" ?

I'm just curious. I would expect only 1 toggle.

Hi,

On my NVIDIA Shield Pro connected to a 4K TV I noticed two issues:

• when I have a SSID set I am unable to remove it when with the controller, I can with the (air)mouse.
• when I have an SSID set I am unable to see the last option about the always on VPN, see screenshot