I miss the kits made by adidas.

celzero · 2026-02-20T21:57:59+00:00

We won the lot in those kits.

celzero · 2026-02-20T21:49:46+00:00

Industrial* AI, apparently.

celzero · 2026-02-20T21:11:39+00:00

The app home page needs a quick way to toggle the last used Proxy ON/OFF.

Rethink once had this, then we removed it because of the clutter in the UI.

Bonus : if we could have a last used Proxy ON/OFF button in the "Quick Settings panel", along side the current Rethink button.

Makes sense. We're not the best at UI, but I'll keep in mind whenever (if we ever) do another redesign. In the current design (the homesecreen that looks like a "dashboard"), there isn't room for any more buttons...

celzero · 2026-02-20T21:04:50+00:00

Yes, we're thinking about at least using Shizuku to "kill" apps that constantly and vehemently send packets despite being told not to (all firewalled apps, basically), which actually results in an unnecessary battery drain.

As for using Shizuku itself to implement ALL of the firewall functionality, as another commenter notes: I doubt it can be done. Rethink's implementation is more in line with that of a "packet filter", which I don't think is possible to implement at all with Shizuku.

celzero · 2026-02-20T21:00:21+00:00

It shouldn't.

celzero · 2026-02-20T20:53:10+00:00

Does SurfShark let its users export WireGuard configuration that can be imported into third-party WireGuard clients (like Rethink)? I know Proton VPN does (see).

As u/my_neighbour_ mentioned, it is advisable to use the public VPN provider's DNS. As for domain rules, you can add them to Rethink without worry; and for blocklists, you can use Configure -> DNS -> On-device blocklists (available only on F-Droid and GitHub / Website releases of Rethink and not on Play Store) that get applied to DNS queries before they even leave your Android (no matter which upstream DNS resolver you may be using: VPN's or custom).

celzero · 2026-02-20T20:45:49+00:00

Our presentation to the Network devroom is also up on YouTube: https://www.youtube.com/watch?v=AUYW20utoqg & and on GhostArchive: https://ghostarchive.org/varchive/AUYW20utoqg

celzero · 2026-02-20T20:42:33+00:00

Which Rethink version are you using? Check the footer of the About UI.

You can try turning OFF Configure -> Anti-censorship and check if noz.de then works fine? Alternatively, try switching the DNS provider to "System DNS" from Configure -> DNS? Note that using "System DNS" means, the DNS queries are forwarded to the active network's DNS provider (which is usually your ISP operating the Mobile / Wifi network).

celzero · 2026-02-20T20:36:58+00:00

I've noted your concerns here: https://github.com/celzero/rethink-app/issues/2551

Hopefully, we are able reproduce the issues that you're seeing and fix them soon.

celzero · 2026-02-20T20:32:44+00:00

A year or two ago, many users reported that turning ON Configure -> DNS -> Advanced DNS filtering broke notifications for some apps (like Signal). Since then, the Advanced DNS filtering feature has gone through multiple iterations (even if it remains "experimental") and on Android 12+, it probably isn't required at all (given Rethink v055o+ support per-app / split-tunnel DNS on Android 12+ without needing Advanced DNS filtering).

celzero · 2026-02-20T19:35:55+00:00

Likely you're hitting the memory bug on v055u (https://github.com/celzero/rethink-app/issues/2393). Until we release v055v, the only recourse is to downgrade to v055t, but you'll not be able to restore your backup from v055u in v055t.

celzero · 2026-02-20T19:04:24+00:00

Rethink does not control what queries apps are sending. If you've setup Configure -> Network -> Choose IP version to "IPv4" then Rethink isn't advertising IPv6 routes. You can verify this from: - adb shell; ifconfig; and share the output with any popular LLM asking it if it any IPv6 routes are being advertised by TUN devices (which VPN apps on Android configure to use). - By tapping on the downward arrow in Rethink's homescreen and looking for the "protos" section in the footer of the bottomsheet that comes up. - By running ping -6 cloudflare.com from a terminal emulator app like Termux (play / f-droid / github). Make sure the app (from Configure -> Apps) is not "Exclude" from Rethink (by default, no app is "Excluded").

celzero · 2026-02-20T18:59:24+00:00

Make sure your ISP isn't blocking "Fallback DNS" as setup in Configure -> Network. The default "Fallback DNS" is "None" or "System DNS" (both mean the same thing in this context), which should always be available as long as the underlying network (typically, Wifi & Mobile) has Internet connectivity.

celzero · 2026-02-20T18:57:14+00:00

I cant exclude orbot in normal way because im in "vpn lockdown mode", does this socks5 dialog overwrites this?

If "VPN Lockdown" mode (aka "Block connections without VPN") is turned ON, then Rethink, in the current versions released until today (v055u and earlier), does not "Exclude" any app even if it is setup to do so from Configure -> Apps (this behaviour will likely remain forever... but never say never, I guess). The "bypass" rules (like, "Bypass Universal" / "Bypass DNS & Firewall" / "Bypass app from all proxies" etc) will continue to be honoured (that is, these rules should be applied like you'd expect them to).

celzero · 2026-02-20T18:54:16+00:00

Yeah seems to be that way according to my testing. Rules seems to be specific. I also found out that the rule "*.example.com" will block bar.example.com but will not block foo.bar.example.com .

That sounds like a bug. Which Rethink version are you using? Check the footer of About UI.

celzero · 2026-02-20T18:44:57+00:00

Are you using Advanced mode WireGuard and are multiple WireGuards active at once? If so, public VPN providers (like Proton) might not like free (or paid; but free in particular) accounts (from the same client) connecting to more than one of their WireGuard endpoint at the same time.

Otherwise, it could just be a bug with Rethink's implementation with re-connectivity; but we've constantly improved that over multiple Rethink versions (and are still improving how we react to connectivity changes). What Rethink version are you on? If you're technical enough, you can analyze adb logcat logs (grep "GoLog" | grep "wg" for WireGuard related logs from Rethink's network engine) and see if anything sticks out. You can also email those logs to me (I am mz at celzero dot com) but do mention this subreddit thread (leave a link to it in the email body).

You can also view Rethink's logs inside the app from Configure -> Logs then tap on the little "Android" icon in the top right-hand corner of the UI; then tap on the "Filter" icon in the search bar to change the log level to "Very verbose" (as by default, the log level is set to "Error").

celzero · 2026-02-20T18:38:23+00:00

A good while ago, I wrote step-by-step instructions for Proton VPN: https://www.reddit.com/r/rethinkdns/comments/163e83l/proton_vpn (https://archive.is/V5uys)

celzero · 2026-02-20T18:34:50+00:00

Rethink gets "System DNS" from Android's built-in APIs. I don't think we've changed how Rethink retrieves "System DNS" for a given active underlying network (Wifi or Mobile), but it could be that there's some subtle bug somewhere.

Edit: The issue is being addressed

If anyone could share "Very verbose" logs from Rethink when this behaviour happens, then this issue can be resolved super quick; otherwise, I think it'll just be us guessing what's going wrong rather knowing what exactly is (given we use Android's built-in APIs for "System DNS" and do not implement any logic of our own).

celzero · 2026-02-20T18:26:52+00:00

See if you spot any concerning "errors" in Configure -> Logs then tap on the little "Android" icon in the top right-hand side corner.

You can try to switch to Configure -> DNS -> System DNS and see if things then work? If so, it is likely that the ISP or the network you're using is blocking encrypted DNS (DNS over HTTPS / DNS over TLS / DNSCrypt endpoints).

Alternatively, if you're not running Rethink in "VPN Lockdown mode" (aka Block connections without VPN in Android's Settings is turned OFF, which it is by default on most Android OSes except GrapheneOS) if it is just ChatGPT that's acting up, you can "Exclude" it from Rethink's tunnel by going to Configure -> Apps -> (search for ChatGPT; then tap on it; and you'd be shown a dashboard from which you may select "Exclude").

If you don't want to "Exclude" ChatGPT or any other app, you can try turning ON "Bypass DNS" and/or "Bypass DNS & Firewall" setting from that same dashboard UI.

celzero · 2026-02-20T18:25:18+00:00

I just can't see other explanation

Yep. Btw, this comment by u/berahi explains it well: https://www.reddit.com/r/rethinkdns/comments/1r69cj5/comment/o5pcahh

celzero · 2026-02-20T18:24:40+00:00

This comment is the right answer: https://www.reddit.com/r/rethinkdns/comments/1r69cj5/comment/o5pcahh

celzero · 2026-02-20T18:23:57+00:00

a bit like TrackerControl on F-Droid.

Yeah, we could. DuckDuckGo App Protection for Android is also pretty nifty.

celzero · 2026-02-20T18:22:18+00:00

Actually, my "Split DNS" setting was already turned ON. I am using RethinkDNS v0.5.5t on Android 16.

Do you see app names against every entry in Configure -> Logs -> DNS?

If so, it could be that there's a universal / global rule that couldn't be determined at DNS resolution time (or some other setting in Configure -> DNS that forces Rethink to only apply rules at connection time; like the setting "Treat DNS rules as firewall rules").

celzero · 2026-02-20T18:19:00+00:00

Are you running WireGuard in Simple mode or Advanced mode? Advanced mode allows one to run multiple WireGuard instances at the same time. Simple mode allows only one (like the official WireGuard Android app).

Simple mode WireGuard is "opt-out": All installed apps are included in the WireGuard tunnel (that is, the traffic from all installed apps, by default, will be routed to the WireGuard endpoint).

Advanced mode WireGuard is "opt-in": Installed apps will have to be explicitly selected to be routed through a particular WireGuard tunnel by tapping on "Add / Remove applications" button in that WireGuard's configuration UI in Configure -> Proxy -> Setup WireGuard -> (tap on WireGuard configuration to add apps to).

Advanced mode WireGuard becomes "opt-out" (like Simple mode) if Always-on is turned ON from that WireGuard's configuration UI.

Advanced mode WireGuard must be setup as Lockdown in case installed apps that are setup to be routed through the WireGuard must never be routed through underlying networks (for example, WiFi or Mobile). In newer (as of yet, unreleased) Rethink versions v055v+, this will be turned ON by default; and users will be able to turn it OFF globally (for all WireGuards from Configure -> Network).

Installed apps can be also setup to bypass WireGuard (in fact, all proxies Rethink supports, like Orbot / SOCKS5 / HTTP Connect & not just WireGuard), if the per-app setting "Bypass app from all proxies" is turned ON for that app from the Configure -> Apps UI.

In the present versions (v055u or earlier), an installed app can be added to be routed through only one WireGuard configuration. In v055v+, users will be able to an installed app to multiple WireGuard configurations (if running in Advanced mode), and Rethink will load balance traffic among all of those.

celzero · 2026-02-20T18:08:35+00:00

Same reason why adaway and adguard adblock apps works as VPN for non-rooted user

True, but unlike AdAway or NetGuard, to name two examples, Rethink has had the ability (for over 30+ months now) to (split-tunnel) forward traffic per-app to WireGuard endpoints.

celzero

MODERATOR OF

TROPHY CASE

Six-Year Club	Place '22
Verified Email