🤖 RethinkDNS app blocks GL.iNet app [Android]

GU26 · July 2, 2025, 6:35am

The GL.iNet android app seems to be incompatible with the RethinkDNS app. Does anyone know a solution ?

Happi · July 2, 2025, 8:16am

No idea what that screenshot is showing....
I don't have the Gl app but here are some thoughts - presumably you allowed access to the internet for the Gl app?
If you have a proxy (eg.Wireguard) enabled on Rethink you won't be able to set-up the router.
What DNS are you using, any blocklists or blocked domains?
What do the Rethink logs show (anything being blocked).

alen5193 · July 2, 2025, 8:34am

What are the specific manifestations of incompatibility?
You can try to reinstall the latest version of GL Android APP and RethinkDNS app

GU26 · July 2, 2025, 10:08am

Its the error message shown by the GL.iNet Android app when it fails to reach the router. In reality, i am connected to the router and other Android apps are working.

oh yes, i allowed it to bypass everything - including the firewall & DNS filter

Proxy is not configured

In Rethink, block lists are applied by the DNS server. But the GL.iNet Android app was configured to bypass Rethink, so it should be using the current Android platform DNS - but that only works if the Rethink virtual VPN (local service) is disabled.

The traffic log only shows a connection to static.gl-inet.com

No attempt to connect to the gateway appears, which is a mystery. I just wondered if anyone else had got it working.

Happi · July 2, 2025, 2:42pm

OK, I just had a go for you:
Installed the app, set it under Bypass Universal in Rethink, also checked bypass all proxies (I have Wireguard set-up).
Clicked set-up router - It soon found mine (Collie). Then clicked the arrow next to the router, entered WiFi password, clicked "done" and it worked!

GU26 · July 3, 2025, 11:25am

Thanks for testing! I agree that the configuration which you described should work, but it does not work for me. Did you enable Always-on and block connections without VPN for Rethink in Android VPN settings?

So far as I understand it, the purpose of the Bypass Universal switch is to bypass the restriction named "block connections without VPN", and that is not working. If you cannot block all apps which attempt to circumvent the firewall and simply whitelist the ones that you need, the security model is broken.

In reviewing the logs, I also see a connection from the GL.iNet app to some IP6 address and 2 CloudFlare addresses, in addition to that Amazon S3 bucket.. but I only want the app to connect to my gateway router, not stuff on the internet. I wonder if this is part of the reason why Rethink does not function as expected.

Happi · July 3, 2025, 6:22pm

Yes, I have that enabled but the purpose of those settings is to ensure Rethink handles all traffic (Rethink IS the VPN).

No, that setting circumvents any settings you have in the Rethink Firewall.

In any case I found a better way to achieve what you want:
Isolate the Gl App, then add an IP rule for the router (eg. 192.168.8.1) and "Trust" it.

By default, the Isolate tab blocks everything else (anything not explicitly whitelisted / trusted), so no real need to block the "leaky" domains (eg. static.gl-inet.com and s3.amazonaws.com).

GU26 · July 5, 2025, 1:28pm

More specifically, it is a firewall & proxy that leverages the VPN interface on Android, but I am only using the firewall, and do not want to disable it just to use the GL.iNet app, because other apps will abuse the privilege.

That totally makes sense, but it is not working on my platform. In the traffic log, i only see an IP6 connection to static.gl-inet.com:

The app never attempts to contact the router’s web server while the virtual VPN is enabled, despite whitelisting the gateway address. I do have IP6 disabled on the router — but that should not make a difference.

I just noticed that the GL.iNet app has logging capability, and the output is somewhat puzzling - there are 3 requests to the gateway address, but the first 2 have no request data, and the third says permission denied:

2025-07-05 01:47:12.521431
*** Request ***
uri: https://192.168.8.1/rpc

2025-07-05 01:47:12.521803
*** Request ***
uri: https://192.168.8.1/rpc

2025-07-05 01:47:12.532124
*** DioError ***:
uri: https://192.168.8.1/rpc
Request Data: {jsonrpc: 2.0, method: call, params: [OdolmI1FfcZw1xH5vRLId3x3CvA4fl7a, ui, check_initialized, {}], id: 1}
DioError [DioErrorType.other]: SocketException: Connection failed (OS Error: Permission denied, errno = 13), address = 192.168.8.1, port = 443

Note that its only making requests via https when the router by default is not configured to support SSL. Honestly, it looks like a bug in the GL.iNet app, but i have no idea what triggers it.

GU26 · July 5, 2025, 2:11pm

So I guess I should have cleared the app log first, because I do see an http connection attempt there now, even though it does not appear in the Rethink traffic log:

*** DioError ***:
uri: http://192.168.8.1/rpc
Request Data: {jsonrpc: 2.0, method: call, params: [OdolmI1FfcZw1xH5vRLId3x3CvA4fl7a, ui, check_initialized, {}], id: 4}
DioError [DioErrorType.other]: SocketException: Connection failed (OS Error: Permission denied, errno = 13), address = 192.168.8.1, port = 80

*** Request ***
uri: http://192.168.8.1/cgi-bin/api/router/hello

At this point in the connection sequence, i would expect the app to prompt me for login credentials, but that is not happening.

Happi · July 6, 2025, 7:19am

Try disabling Rethink (eg. turn it off in your phone VPN settings) and see if the Gl App can connect. (If you are concerned about data leaks, you can first disconnect from the internet).

Try re-setting the router and seeing if you can connect.

PS.
What are you blocking in the Firewall? I only have unknown source, DNS bypassed and newly installed checked.