All connections timeout on cellular since 1.11.0, Android tun

[nyarau]

Operating system

Android

System version

GrapheneOS 2025021100 (Android 15)

Installation type

sing-box for Android Graphical Client

If you are using a graphical client, please provide the version of the client.

No response

Version

Description

After upgrading to 1.11.0, everything works as expected under WiFi, but when the phone is on cellular, all connections timeout.

Reproduction

Install 1.10.6, import the following config, turn off WiFi, visit https://1.1.1.1/cdn-cgi/trace, the IP address of my cellular connection is returned;
Upgrade to 1.11.4, visit https://1.1.1.1/cdn-cgi/trace again, connection times out; Turn WiFi back on and restart sing-box, visit https://1.1.1.1/cdn-cgi/trace, the IP address of my WiFi connection is returned.

{
	"log": {
		"level": "info",
		"timestamp": false
	},
	"inbounds": [
		{
			"tag": "in-tun",
			"type": "tun",
			"address": ["172.19.0.1/30", "fdfe:dcba:9876::1/126"],
			"auto_route": true
		}
	],
	"outbounds": [
		{
			"type": "direct"
		}
	],
	"route": {
		"auto_detect_interface": true
	}
}

Logs

	WiFi	Cellular
1.10.6
1.11.4

tun2 in the screenshots is a VPN running in another user profile, everything described above remains unchanged whether another user profile is running or not, tests have been done in both cases, forgot to turn it off when taking screenshots.

Thank you for yearlong work you've put in!

Logs

Supporter

• I am a sponsor

Integrity requirements

• I confirm that I have read the documentation, understand the meaning of all the configuration items I wrote, and did not pile up seemingly useful options or default values.
• I confirm that I have provided the server and client configuration files and process that can be reproduced locally, instead of a complicated client configuration file that has been stripped of sensitive data.
• I confirm that I have provided the simplest configuration that can be used to reproduce the error I reported, instead of depending on remote servers, TUN, graphical interface clients, or other closed-source software.
• I confirm that I have provided the complete configuration files and logs, rather than just providing parts I think are useful out of confidence in my own intelligence.

[oppressor1761]

Is tun2 in Private Space or another User Profile? Is block connections without VPN enabled? I'm using SFA 1.11.4 on GrapheneOS 2025021100 without any problems. However I'm only using sing-box in my main User so I doubt this may be caused by tun2.

[dyhkwong]

Log screenshot does not match your description. A proper DNS config is not omittable for TUN. Do not rely on undefined behavior.

[nyarau]

I did a proper screen recording. Right after reboot, in main user, with DNS configured.

Timestamp:

• 00:07 WiFi, sing-box off: OK
• 00:25 Config
• 00:38 WiFi, sing-box on: OK
• 00:48 Cellular, sing-box on: TIMEOUT
• 01:17 Cellular, sing-box off, Aways-on VPN off: OK
• 01:27 Cellular, sing-box on: TIMEOUT
• 01:51 Cellular, sing-box off: OK

screen.mp4

{
	"log": {
		"level": "info",
		"timestamp": false
	},
	"dns": {
		"servers": [
			{
				"tag": "1111",
				"address": "https://1.1.1.1/dns-query"
			}
		],
		"strategy": "ipv4_only"
	},
	"inbounds": [
		{
			"type": "tun",
			"address": ["172.19.0.1/30", "fdfe:dcba:9876::1/126"],
			"auto_route": true,
			"sniff": true
		}
	],
	"outbounds": [
		{
			"type": "direct"
		},
		{
			"tag": "dns",
			"type": "dns"
		}
	],
	"route": {
		"auto_detect_interface": true,
		"rules": [
			{
				"protocol":"dns",
				"outbound":"dns"
			}
		]
	}
}

[oppressor1761]

Maybe your cellular blocked https://1.1.1.1/dns-query
I also noticed you have WiFi toggle in the Quick Settings. Did you root your phone or use Developer options?
I can not reproduce using the following steps:

1. create a new user profile. install sing-box for Android (SFA) 1.11.4 in it. I already have sfa running in my main user profile. I'm using cellular network without WiFi.
2. create a sfa profile using the following configuration in the new user

{
	"log": {
		"level": "info",
		"timestamp": false
	},
	"dns": {
		"servers": [
			{
				"tag": "alidns",
				"address": "quic://223.5.5.5:853"
			}
		],
		"strategy": "ipv4_only"
	},
	"inbounds": [
		{
			"type": "tun",
			"address": ["172.19.0.1/30", "fdfe:dcba:9876::1/126"],
			"auto_route": true,
			"sniff": true
		}
	],
	"outbounds": [
		{
			"type": "direct"
		},
		{
			"tag": "dns",
			"type": "dns"
		}
	],
	"route": {
		"auto_detect_interface": true,
		"rules": [
			{
				"protocol":"dns",
				"outbound":"dns"
			}
		]
	}
}

3. turn on sfa

I can browse websites normally in the new user profile.

[dyhkwong]

unable to reproduce, may be a vendor or ISP issue.

[nyarau]

may be a vendor or ISP issue.

Thanks for pointing out.
After some more testing, I found that the issue is only present on one SIM card but not on two others (all 3 each from different carrier).
There may be some weirdness in network configuration on that specific carrier. Note that everything still works as expected without sing-box or with sing-box 1.10.* on the problematic SIM card.

I've tested a config replacing TUN inbound with an HTTP inbound, using F-Droid, witch support in-app HTTP proxy configuration, as client. It turned out that the same timeout issue is still present without TUN.
I've also tested with a different DNS server and other websites, the results remain the same.

I also downloaded every 1.11 beta versions and tested by upgrading version by version. Everything works as expected up to 1.11.0-beta.9, then everything times out since 1.11.0-beta.11.

I believe that some changes made between 1.10.0 beta 9 and beta 11 caused sing-box no longer working with that specific carrier.

[nekohasekai]

Can you confirm that this bug continues to exist on 1.12.0-alpha.13?

[nyarau]

It's fixed on 1.12.0-alpha.13

1.12.0-alpha.12 timeout
1.12.0-alpha.13 OK

Thank you!