DNS traffic can leak outside the VPN tunnel on Android

Fibonacci · May 5, 2024, 7:53pm

Stock android.

You just have to grant the wireguard app root access and enable the kernel module backend in the settings.

jerm · May 5, 2024, 9:12pm

This is the problem. GrapheneOS doesn’t have that issue Notifications (FCM) bypass misconfigured VPN on rooted phones with bad config - GrapheneOS Discussion Forum.

Fibonacci · May 6, 2024, 10:22am

Actually, the issue happens when using the wireguard kernel module backend instead of the userspace implementation

The WireGuard kernel module has been enabled in AOSP (Android Open Source Project) since 2020, with the potential to improve battery life and performance.

However, Google never included any APIs to directly work with the kernel module. So, as of today, the only way to make use of it is by having root access.

Topic		Replies	Views
GrapheneOS fixed Android VPN leaks General software	6	930	October 3, 2024
Please do not completely trust the kill switch functions of VPN clients General software , website	7	593	July 24, 2025
Android connectivity checks occur outside VPN tunnels Site Development completed	15	444	October 17, 2024
Using Mullvad VPN and which settings to use? Questions	8	701	June 24, 2025
Is it a choice between using a VPN or DNS? Questions	6	444	February 11, 2025

DNS traffic can leak outside the VPN tunnel on Android

Related topics