Hi! I am about to install /e/ test build of Pie on my Sony Xperia XA2 that is also running Android 9. I’ve done a lot of reading on other threads here about how it is done so I am anticipating little difficulty with this. But what I want to do afterward may not be possible with Android phones.
I have a VPN anonymizer with IPVanish and they have an Android apk. I’ve been using this for months but when I try to start a session with No Root Firewall that also creates a VPN session and it closes IPVanish. I searched this problem and it seems Android is limited to only be able to run one VPN session at a time.
I have rooted phones before because I wanted to be able to setup a firewall using IP Table rules…but I’m used to using Linux on a computer. On Android the app for this is AF+ (Android Firewall Plus). You have to be root on this and it doesn’t create a VPN session so u can still use IPVanish for that.
So is the ONLY way for me to have a firewall running in /e/ and a VPN anonymizer to root the phone or is there a no root option in /e/ ?
Marty
Regain your privacy! Adopt /e/ the unGoogled mobile OS and online services
If by ‘firewall’ you mean to have control over outgoing connections and you also want a real VPN you could check ‘blokada’.
Dunno what happens to incoming connections with AF+ though.
Firewall is more than ad blocker. It blocks ability of every app on phone (user base and system base) from accessing the internet. It can also block ads but more as your keyboard can’t send passwords to the internet.
Marty
I guess you already read https://github.com/M66B/NetGuard/blob/master/FAQ.md#user-content-faq2 then.
In short, you are right, Android does’t support “chained” VPN connections.
That’s not one of the things I read but it seems to describe the same problem with Android. I think the only way to get a no root firewall and a VPN anonymizing service is to have one app that encompasses both services and runs these in a parallel type VPN connection.
This has been the ONLY reason I’ve been rooting my phones for years so that I can control the IP Table rules in the Linux kernel of these Android phones. I’m surprised this is still an issue with Android.
Thanks for all the replies here! It looks like Android is still stuck with only being able to run 1 VPN service at a time. 
Marty
Something else to note, some apps have been programmed to bypass VPNs on Android. If I remember right, I think Netflix was one of them.
Also VPN based firewall apps can eat battery and more system resources. So personally the best thing to do is just root and use AFWall. You can then use AdAway to block ads with root, or if you want you can use it’s on-device VPN to block ads.
DNS66 can change the DNS and block ads via an on-device VPN as well.
1 Like
The situation is not optimal in any case. It would be great if this could be build into the ROM. I guess it should be possible to give users access rights to iptables without whole root access? Maybe even with a custom definition file that would be read by iptables to set user specific rules…combined with a simple as possible interface integration, this would be optimal.
1 Like
Yesterday I installed /e/ pie test build on my Sony Xperia XA2 with no problem and got it rooted by flashing Magisk in recovery mode. Then I got AFWall installed and IPVanish. I didn’t know that VPNs could be gotten around…hopefully there is no way to get around IP Tables!! I will look into AD Away and DNS66.
Thanks for your replies! Maybe a good non VPN firewall will start getting built into /e/ so that rooting is not necessary. 
Marty
Apps don’t get around a root level firewall that easy, if they do then they’re probably malicious. Root apps have to ask permission to use root permissions, when they don’t it’s usually an exploit.