So you DO want to control what is going on in the background, and a firewall really is what you need.
It’s a lot easier with a per app based firewall.
As good of a reason as any, no problem. As i said, the main thing is that you understand what you want and why, and you seem to do so.
Were you able to get a config file from Mullvad account page? If so, instructions under spoiler:
Get the config file on your phone, then open RethinkDNS app, press “
Proxy”, then “
Setup Wireguard”, then press the plus icon at the bottom and press “
Import”. Find your config file, choose it and voila, you have added your Mullvad Wireguard exit node for RethinkDNS.
Now you need to choose apps that you want to tunnel, just tap on a newly added node and then press “
Add / Remove Applications (0 apps)”. You can just select all, but if you have some apps that require access to your local network then you might want to exclude them. Tap “
Okay” to save your apps settings.
What’s left is to toggle this profile on and you’re done.
That’s it for the VPN, now the DNS:
Open RethinkDNS app, press"
DNS", then “
OtherDNS” (the arrow on the right), then press “
DoH” tab. Basically you can just choose whatever is already in there or in any other tab, but if you want to configure your NextDNS as your DNS then you need to have copied your NextDNS personal https link like
https://dns.nextdns.io/abcdef, then you need to tap the plus icon at the bottom, paste your link in the “Resolver URL” field (don’t forget to erase the “https://” at the beginning before pasting) and choose a name for your profile, anything like “NextDNS” will suffice. Hit “
Add” and checkmark your new profile if it wasn’t already checked.
Go back one screen and tap “
Other DNS” (the left part of the field, to enable it). That’s it.
After that on the same screen i enable all settings except for icons in DNS logs. You also can download and set up a bunch of blocklists, but if you’re gonna be using NextDNS you’ll probably be setting up blocking in there, so you can skip local blocklists.
Keep in mind that if you’re using NextDNS profile, RethinkDNS chooses closest to you NextDNS server, not closest to your exit point.
Now is the time to set up firewall and which apps are allowed internet connection:
Return to the main screen, tap “
Apps” and choose for every app if it should have access to cellular or Wi-Fi. Be free to play with the apps that you know and have installed yourself, but be very careful with system apps. There might be a whole bunch of strange and unknown names, but you never know which one is essential to have internet connection and will break some functionality if you restrict them. Toggle them a few at a time and then thoroughly test if anything broke.
Some folks can spend hours fiddling with this just ending up frustrated and not knowing what is it that broke this time.
Now if everything is set up correctly, just hit “
Start” on the main screen, this will connect the app to the VPN slot, you need to agree. Don’t forget to set it as Always-on in device VPN settings. Aaaaand you’ve got yourself a VPNed firewall.
You might end up not being able to connect to the internet, and that’s another story, i’m not gonna dive into troubleshooting now. I’ll just say that the most probable culprit is either DNS or firewall rules.