My phone just finished upgrading to Android 13 after downloading all morning.
But, a word of caution in case anyone else is downloading the (big) system update
that updates GrapheneOS to Android 13:
The ability to connect to my VPN over cellular mobile data stopped working after my phone rebooted into Android 13. A user profile that doesn’t use my VPN has no issue with cellular mobile data.
Here’s the issue (though it’s currently closed by the GrapheneOS developers claiming it’s not a GrapheneOS issue):
Anyone else having issues or know of a (persistent) workaround? I barely use WiFi so this issue definitely hurts me.
If not I’ll have to reflash the Android 12 build and disable the auto updater until it’s fixed. I assume there are quite a few people here with GrapheneOS and VPN.
August 27 edit: GrapheneOS found the issue (upstream). Here is a temporary fix:
If you’re one of the users on a carrier with the issue, you should be able to work around it without disabling the VPN: disable VPN lockdown and toggle airplane mode on and off to reconnect to the cellular network, then toggle VPN lockdown back on. Works around missing exception
It broke for me too and I was freaking out. Even my NextDNS was acting funny. I rebooted my phone yet again and it works perfectly now though. Hope that helps you.
Edit/Update: I seem to have the issue flare up when I am on cellular data. I can’t say exactly what I do to fix it but it involves rebooting a few times before it just seems to work again. Pretty frustrating.
It’s kind of hard to avoid updates on GrapheneOS…and I’m far from an early adopter…
Bugs will always be present and while devs try to catch them before software is pushed, it’s inevitable that some of us will experience them. No project is immune from that.
They can only be as good as the A13 they’re given. Which breaks VPN mobile data.
Besides, the workaround sucks, and only works sometimes, even then it reverts a few minutes later.
It’s an upstream Android 13 issue impacting the stock OS. There’s a compatibility issue between VPN lockdown mode and certain mobile data configurations. It only impacts carriers using 464XLAT. Users can work around it by using an IPv4 APN configuration. Disabling VPN lockdown mode and toggling airplane mode on/off will get you working mobile data by bypassing the blocking.
… As is, you’ll just need to wait for an upstream Android 13 fix. We don’t track upstream issues impacting the stock OS on our issue tracker with a few exceptions.
Most users were able to work around this by setting their APN configuration to IPv4/IPv6 or IPv4 instead of IPv6 since it only impacted IPv6-only APNs with certain carrier configurations.
The temporary workaround of temporarily disabling VPN lockdown and toggling airplane mode wouldn’t cause a leak unless the VPN app died during that short window. VPN lockdown is primarily needed to prevent leaks when the app dies. It worked around it because it allowed the OS to receive traffic that was being blocked.
Android 13 added inbound traffic blocking for VPN lockdown. This wasn’t available in Android 12. The inbound leaks were fixed by Android 13 and that’s why it broke… so not upgrading not only would have stopped providing half of the security updates for Pixels, but also would have kept VPN leaks… to work around an issue caused by the changes preventing them. That doesn’t make much sense.
The compatibility issue with the VPN lockdown improvements still impacts the stock OS, but it’s resolved in GrapheneOS. It was partially resolved via downstream work but there are a bunch of upstream fixes for CLAT now from multiple sources and we replaced our downstream work with those.
It is a GrapheneOS issue because they should have tested compatibility with their upstream project (Android). Pushing out the update before it was tested is a problem.
i saw that discuss thread earlier too when it had LOTS of people complaining about the issue. now it says:
(from the moderator) I removed the previous content of this thread because it was full of outdated and inaccurate information. This way people can much more easily find correct up-to-date information.
It’s an AOSP issue impacting every OS based on Android 13. It’s still not fixed in AOSP or the stock OS for Android 13. It’s fixed in AOSP master and might be fixed in Android 13 QPR1 in December (unlikely) or QPR2 months later (fairly likely).
GrapheneOS users were given multiple workarounds and we spent a substantial amount of time working on this along with other Android 13 regressions. People impacted by it had 3 choices: switch to IPv4/IPv6 or IPv4 APN (worked for most), disable VPN lockdown (VPN still enabled) and toggle airplane mode on/off to trigger mobile data setup without the Android 13 inbound connection blocking breaking it (Android 12 VPN lockdown allowed all inbound traffic, which is the main reason why this broke on Android 13) or as an extreme option they could have switched carriers (certain T-Mobile SIMs/regions and some of their MVNOs were the only US carriers impacted).
If we had significantly more development resources, this issue could have been fully fixed in August instead of October. This was one of our top 3 priorities for the whole time it was not fully fixed. It being a high priority receiving significant work doesn’t mean it gets fixed immediately.
If we had partner access and had been able to test Android 13 before it was released in August, we could have worked on it for months or at least weeks instead of having at most a couple days to deal with it before we had to ship the security updates regardless. We could not block shipping security updates on fixing an issue impacting the stock Pixel OS… GrapheneOS would be close to useless if it didn’t provide proper privacy/security updates.
Nonsense. It’s an upstream bug. Stock OS users have the same problem. It was tested. They knew that a small percentage of VPN users would encounter this. They made a clear decision to not delay the update, since this would have also meant delaying security updates.
We did test it and we identified this upstream bug. Android 13 improved VPN lockdown and created a compatibility issue with certain IPv6-only VPNs by breaking their setup mechanism. We decided it was best not to revert the Android 13 VPN lockdown improvements to avoid the compatibility issue. If we had stayed on Android 12, we wouldn’t have had the improvements to VPN lockdown preventing inbound traffic leaks and we wouldn’t have had the 2022-08-05 security patch on time. It was very important to ship that in August.
to be fair, I (and others) did muddy the waters in that thread, with speculation, troubleshooting, etc. I was salty at first, but with a few weeks of perspective, I’m OK with the cleanup.
I think GOS has an exploding popularity and they are short on mod capacity for that forum.
What I do wish they’d do is have a sticky for the “upstream” Android issues which impact GOS users.