unclouded

Rethink: DNS + Firewall + VPN vs strongSwan VPN Client

Side-by-side comparison of two open source alternatives

Rethink: DNS + Firewall + VPN

Say hello to a safer, transparent, and secure Android. VPN: Connects to multiple WireGuard VPNs of your choice. Safe: Reveals network activity of installed apps and lets you disable, uninstall, or firewall them. Secure: First line of defense against spyware, ransomware, and malware that steal personal information and takeover accounts. Protects from DNS manipulation typically employed to censor websites, social media, and messaging apps. Fast: DNS Servers deployed to 300+ locations world-wide to ensure your internet is as fast and highly available as it can be. Open: Open source and free of any trackers. ***Features*** Firewall: Prevent apps from connecting to the Internet. Block spyware, malware, ransomware and more. A firewall blocks any app connecting to the Internet over WiFi or Mobile data. Since most forms of surveillance require the data to be sent the network to a server, firewalling them effectively mitigates the threat (File Managers, Alarm Clock, Calculator are few such examples of apps that do not require any Internet access to function). The firewall feature uses Accessibility Service to detect and firewall background applications. Monitoring: Keep tabs on incoming and outgoing Internet traffic. If enabled, the connectivity logs are collected and analyzed. Automated reports flag previously unknown or suspicious connections, and reveal the extent of attempt to steal data by spyware networks. In our tests, around 60% of the traffic is flagged and reported as being initiated by known spyware. Logs generated are made available in near-real time to the user for their own analysis. WireGuard: Secure outgoing Internet traffic. The app uses fast, modern, light-weight, and secure WireGuard protocol to encrypt outgoing connections to any compatible VPN provider of your choice. Anti-censorship: The app encrypts your internet connection to Domain Name System (DNS) server run by Rethink with presence in our 300+ locations world-wide. DNS servers are the address book of the internet: A DNS server provides the exact addresses you need to visit a website or open an app. Data Monitor: Track per-app and per-connection Mobile or WiFi data usage.

strongSwan VPN Client

Official Android port of the popular strongSwan VPN solution. # FEATURES AND LIMITATIONS # Uses the VpnService API featured by Android 4+. Devices by some manufacturers seem to lack support for this - strongSwan VPN Client won't work on these devices! Uses the IKEv2 key exchange protocol Uses IPsec for data traffic Full support for changed connectivity and mobility through MOBIKE (or reauthentication) Supports username/password EAP authentication (namely EAP-MSCHAPv2, EAP-MD5 and EAP-GTC) as well as RSA/ECDSA private key/certificate authentication to authenticate users, EAP-TLS with client certificates is also supported Combined RSA/ECDSA and EAP authentication is supported by using two authentication rounds as defined in RFC 4739 VPN server certificates are verified against the CA certificates pre-installed or installed by the user on the system. The CA or server certificates used to authenticate the server can also be imported directly into the app. IKEv2 fragmentation is supported if the VPN server supports it (strongSwan does so since 5.2.1) Split-tunneling allows sending only certain traffic through the VPN and/or excluding specific traffic from it Per-app VPN allows limiting the VPN connection to specific apps, or exclude them from using it The IPsec implementation currently supports the AES-CBC, AES-GCM, ChaCha20/Poly1305 and SHA1/SHA2 algorithms Passwords are currently stored as cleartext in the database (only if stored with a profile) VPN profiles may be imported from files Supports managed configurations via enterprise mobility management (EMM) Details and a changelog can be found in our documentation: https://docs.strongswan.org/docs/latest/os/androidVpnClient.html # PERMISSIONS # READ_EXTERNAL_STORAGE: Allows importing VPN profiles and CA certificates from external storage on some Android versions QUERY_ALL_PACKAGES: Required on Android 11+ to select apps to ex-/include in VPN profiles and the optional EAP-TNC use case # EXAMPLE SERVER CONFIGURATION # Example server configurations may be found in our documentation: https://docs.strongswan.org/docs/latest/os/androidVpnClient.html#_server_configuration Please note that the host name (or IP address) configured with a VPN profile in the app *must be* contained in the server certificate as subjectAltName extension. # FEEDBACK # Please post bug reports and feature requests via GitHub: https://github.com/strongswan/strongswan/issues/new/choose If you do so, please include information about your device (manufacturer, model, OS version etc.). The log file written by the key exchange service can be sent directly from within the application.

FeatureRethink: DNS + Firewall + VPNstrongSwan VPN Client
LicenseApache-2.0GPL-2.0-or-later
Install sources
F-DroidGitHub
F-DroidGitHub
Categories
Password ManagerVPNFirewallDev ToolsMessagingBrowser
Password ManagerVPNMessagingBrowser
Features
Ad-FreeOpen SourceNo Tracking
Ad-FreeOpen SourceNo Tracking
Platforms
Android
Android
Website
Source code
View Rethink: DNS + Firewall + VPN details·View strongSwan VPN Client details