Connections are in cleartext when using RethinkDNS with Block connections without VPN #2567
Description
v0.5.5n, installed directly from github
Pixel 7, GrapheneOS build 2026021200
EDIT: I may have discovered the issue. I wasn't routing any apps in my wireguard connection. Woops. Feel free to close.
When using Rethink with the following settings:
- Always-On
- Block connections without VPN
- Wireguard Proxy on (Lockdown + Always On) / off
- Other DNS (DoT, DOH, DC, ODoH) / RethinkDNS (Default) / System DNS
- Prevent DNS leaks
- Block port 80 on / off
- All apps allowed
I see cleartext traffic (contacted domains) on my router's live traffic analyzer, when my phone is connected to my router via WiFi.
Am I misunderstanding how Rethink works, or is there a problem here? All connections that I make on my phone are coming through in cleartext form. I see the exact domains. I also see http requests despite port 80 being blocked. My router is a Synology 2600ac. This does not occur when I'm connected to a commercial VPN. To my understanding, all connections should be encrypted (and therefore my router shouldn't see any domains at all) as long as my DNS is set to that of my Wireguard proxy (System DNS), or if set to Other DNS - DOH, DOT, or ODOH.
What am I missing?