I am currently using Netguard on android. But recently Dev announced that the app is going to be removed from playstore and he is considering discontinue the project. I recently come across RethinkDNS app on fdroid and users can set other DNS too and can also block internet access to specific apps like Netguard. I haven’t heard about the app before, so I am asking for others advice and opinions on the app.
The idea of the app is FIRE! All-in one firewall, VPN client (with Wireguard ) and DNS relay with filters. This was my dream since i started to be interested in all of these things.
However, my experience with the app was rather bad. My Wireguard proxy would not survive any slight connection problem and drop dead, failing to reconnect; DNS checkers would persistently show IPs of DNS servers around my area, not the exit point’s area, and in my futile attempts to make it work i would often break my internet connection entirely, which is probably problem of me rather than the app, but it didn’t make me feel better and there was nothing to nudge me in a right direction.
Though i am still very much excited to see this project flourish someday soon and to evolve into a №1 recommendation on PrivacyGuides.
If you are considering an alternative to Netguard, you might want to check out Karma FW. An open-source F-Droid app that doesn’t even need network connection permission. Pretty barebones compared to Netguard, but gets the job done.
I love RethinkDNS but the DNS requests being close to my area causes fingerprinting issues. This is currently the only major complaint I have. Invizible Pro (which allow TOR routing) used to be without this issue, but the latest Beta and Lite releases have this issue. The last stable release from F-Droid is sometimes slow, and the TOR connection drops, which is why I don’t use it anymore unfortunately.
For Invizible pro, you should use Tor bridges to have a better connection.
BTW iam using Invizible pro on my main profile and Rethink on my work profile and it is easy to find that invizible pro is a winner as Rethink sometimes freezes when iam opening it and lack Tor routing.
I’ve been using RethinkDNS constantly for about 8 months and I love it. I love the UI/UX and the functionality. They’ve made a lot of progress in the last 8 months and fix a lot of the issues that I had previously. It works with Tor (Orbot), but I had to install both Rethink and Tor via F-Droid because Rethink couldn’t recognize Orbot unless it was installed using the same method. I used Aurora Store and github directly, only installing both apps from F-Droid works.
It supports SOCKS proxies which I have no experience with. Could this be used to run Rethink alongside a VPN? Because my biggest complaint is that Tor is too slow to justify using, and not using a VPN exposes me more than I’m comfortable with even if the firewall locks connections down to a certain extent. I want to be able to use Rethink + another VPN such as Mullvad.
I have been very frustrated with using Rethink, however. This is not necessarily their fault, but I’m in a constant battle with myself over how strict my settings should be. I am constantly changing settings, shifting between convenience and security, and at times I decide to just exclude an app, or even disable Rethink, cause I can’t be bothered figuring out what’s preventing another app or site from loading properly. Sometimes I can’t find any network logs when a connection is being made to a certain site, and so I don’t know what the problem is. Lately I have stopped using Rethink in favor of a VPN. It’s not necessarily a permanent change, I’m just tired of configuring Rethink, which isn’t necessarily a criticism of it.
Overall though, it’s fantastic. I used NetGuard briefly and I didn’t like the UI, among other reasons I don’t remember.
Posting to share a link to NetGuard on F-Droid
My Google phone uses NetGuard as of now, I like the toggle just to check gmail and renew google play credit cards. Hate to hear development may stop. As of now my Google phone connect to my main phone hotspot using a VPN, slow is slow and using a VPN is just not that much slower.
Used RethinkDNS in the past, perhaps I need to check it out.
rdns dev here
Thanks for the rec and suggestions, everyone. Appreciate it.
Sorry that you caught those bugs, but it was our very first WireGuard release, and I guess we’re allowed a few critical bugs, especially after trying to make it work for over 6 months!
That said, those reconnectivity issues have been fixed in
v055a. Or, so we think. Do let us know if you still see connectivity drops with WireGuard.
The app doesn’t route DNS over WireGuard. It continues to use user-set DoH / DNSCrypt / DNS Proxy endpoints elsewhere in the app. This is an Android limitation, as its APIs support only one DNS upstream (Rethink prefers to use DoH / DNSCrypt). But in Rethink, you could be connected to multiple WireGuard profiles at the same time (just not its multiple DNSes).
If you are comfortable doing so, and if you’re on the latest version (
v055a at the time of my writing), will you please share “bug report” (look for the button in the “About” screen in the app) when this happens the next time?
The networking side of things for Rethink have been super hard to get right, given its functionality. Things should be better in
v055a (released just a few days ago on F-Droid). If you get a chance to try it, let me know it goes… especially if it goes miserably again (:
With Rethink, you can set any DNS-over-HTTPS / DNSCrypt (with Anonymizing Relays) upstream. If the upstream is connecting you to a server near you (this is how it is supposed to work unless you use DNSCryptv3 + Anonymizing Relays or Oblivious DNS-over-HTTPS, support for which is coming in
v056, due end of November), there’s nothing else Rethink (the app) can do.
This is a pain I feel myself and we’ve had many people write to us about this, as well. We plan to introduce “Alerting” to help folks diagnose connectivity issues / app issues better. This feature will likely be written and delivered over multiple releases starting
v056 (releasing last week of Nov or by Christmas).
This has been possible since
Looking forward to v056, as I can hopefully use Oblivious DoH with NextDNS
Well, hello there, rdns dev Gonna test the Wireguard proxy stability again!
Oh no biggie, as i said earlier, i believe in your project. It was a matter of time until i’d try again.
Now that’s really unfortunate :_( I used to use NextDNS and now i understand what was going on. Since it didn’t route DNS queries over Wireguard, it would just choose the closest to me NextDNS server.
Apparently, when i was using the official Wireguard app it would catch DNS queries and route them to my desired resolver from the exit point.
A tangent on my current DNS setup
I am now using a weird Pi-Hole setup with a single-board PC at my home running it, Quad9 as the upstream resolver, and i’m routing all of my Wireguard peer’s DNS to it, so all DNS queries appear to be coming from my exit point after all.
The problem is, this only works on my home Wi-Fi, because my Pi-Hole is not exposed to the internet and is only accessible over VPN or from home. I rely on Wireguard to access it remotely, but i can’t do it with RethinkDNS if i’m not on my home Wi-Fi.
I can see why you’d also expect Rethink to do the same thing. We’ll introduce this “WireGuard app-like” behaviour with Rethink too (
github.com/celzero/rethink-app/issues/1049). This would mean, DNS would also be tunneled in to the active WireGuard profile but the ability to run multiple WireGuard upstreams at once would be gone. Sounds like a decent compromise since I’ve had multiple emails now where folks have walked away confused that DNS wouldn’t work with WireGuard and that they have no use for multiple WireGuard upstreams at once, anyway.
Thank you. This would really help a lot over multiple Wireguard profiles only.
Welcome @ignoramous this is the only post that I set to watching when I made my last post and totally not disappointed.
As I mentioned plan on trying out Rethink again.
Thanks for responding. Good to know it’s possible, I’ll look into that. You guys are doing good work. I have a request; team up with Safing.io to integrate the SPN into Rethink. That would be a dream. They have their own mobile version of Portmaster, and although competition is good, it would be great to see you guys integrate some of your technologies to enhance them. At the moment their app is very barebones, and you can’t use two firewalls at once, so it makes sense to have the best of both worlds. When they do improve their app, I really don’t want to be in a situation “rethink vs portmaster”…first world problems I guess.
We already plan to integrate Tailscale (issue) as its free for hobbyists / families. We’d happily integrate SPN too (if SPN dependencies aren’t heavy), but I believe SPN lacks a free-tier? At any rate, this is a question for folks at Safing as charging for SPN is one way they monetize their free apps.
Alternatively, SPN can support apps like Rethink by exposing a
SOCKS5 endpoint. This is way simpler and easier to do for both our teams (Rethink already supports
In fairness, Portmaster may not ever reach feature parity with Rethink given the developers’ recent shift in focus to desktop apps. For Android, you have an easy choice to make for the time being.
Do you know where the Portmaster mobile version can be found. Or is it only for paid users?
I have issue with rethink dns. I cant access lemmy through its official client Jerboa on android.
You should probably email us (
com) or hop on to our telegram group (check the “About” section of the app for a link to it).
That said, almost always, it’s some DNS blocklist mucking with an app’s functionality. Check
DNS Logs in Rethink to see if any domain possibly related to Jerboa is being blocked by some blocklist or some user-set rule (blocked entries appear with a red-coloured left-hand side border, tapping on such entries reveal more information about the DNS request / response along with the reason it was blocked, if any).
Can you see if setting Jerboa (from
Apps screen) to
Bypass Universal or
Bypass DNS & Firewall (use
Bypass DNS & Firewall setting only to test Jerboa but don’t leave it ON permanently) makes it work?
In the meanwhile, I’ll try Jerboa myself and get back to you to see if there’s indeed anything wrong with Rethink
v055a (which is the latest version).
I’ve installed the rethink app and unblocked it in the privacy rules.
I must say the capabilities of Rethink app are awesome! Its is just what i was looking for - firewall+dns filter in one app. Will happily pay for the subscription if you choose to monetize it.
I wish in the future to see some kind of per device rules from one profile.