VPN.ac Homepage
Important OpenVPN / Apps update

Android StrongSwan client DNS bug

Wednesday, September 19, 2018

Update (09/11/2018): bug fixed in latest StrongSwan VPN client, stable release 2.0.2. Update it from Google Play or from StrongSwan's repository. 

(19/09/2018) Initial announcement: Today we discovered a potential bug related to Android 9 and StrongSwan client for Android v2.0.0 and v2.0.1 (latest). The issue is with the DNS resolvers assignment, resulting in DNS leaks (DNS queries going through the non-secure/ISP line). Not all DNS queries are sent through the IPsec tunnel once the connection is established. 
This is a serious issue for affected devices (Android 9 only) which should be addressed immediately.

- Solution:
- Solution 1: roll back to StrongSwan version 1.9.6 which is the latest one we can confirm to be assigning VPN DNS resolvers properly on Android 9. If you are using the latest (v2.0.1) or previous (v2.0.0) StrongSwan Android Client app on Android 9, uninstall it completely then install v1.9.6 from the StrongSwan repository. Run the test at https://ipx.ac/run to confirm that the DNS resolvers are properly assigned while connected to the IPsec VPN. 

- Solution 2: install the latest StrongSwan beta version (2.0.2) from Google Play. You need to join the Beta program first. If you don't have access Google Play, let us know and we'll provide you the .apk file. 

Updates:

- 13/10/2018: bug fixed in latest StrongSwan VPN client beta version. In Google Play's page of StrongSwan VPN Client, scroll to the bottom to join the Beta program and then install version 2.0.2
- 22/09/2018: bug reproduced and confirmed by StrongSwan developers, issue reported to Google; we created a short list of updates
- 19/09/2018: bug discovered by our team and initial announcement was posted here, StrongSwan deveopers have been notified immediately about the issue
- 20/09/2018: issue reproduced internally on different Android 9 devices
- 21/09/2018: issue reproduced by StrongSwan developers, actual cause identified in a change introduced on Android 9; StrongSwan developers have reported the bug to Google. A fix is expected to be released by StrongSwan developers soon, preferably also a fix in Android 9 to be provided by Google

 

« Back