]> Setting up Android 11 behind a HTTP Proxy 🌐:aligrant.com

Setting up Android 11 behind a HTTP Proxy

Alastair Grant | Sunday 28 November 2021

TL;DR: You cannot setup Android behind a (non-transparent) proxy.

I recently set about configuring a brand new Samsung tablet running Android 11.  Only featuring WiFi, it was connected to the network, which has no direct Internet access.  Instead a HTTP proxy needs to be used (fairly common in a corporate environment).  For me, the proxy is merely the route out, whilst it can block domains, this doesn't apply in this scenario.

Well it already seems that Android doesn't support the notion of Web Proxy Auto-Discovery, and instead you have to explicitly define a proxy, either through a Proxy Auto Configuration file, or manually.  Well, it doesn't seem to matter anyway.  As even with a proxy configured through both methods, it is not possible to get past "Checking Info", and after a while sat watching a spinning circle, the helpful:

Couldn't sign in
There was a problem communicating with Google servers.
Try again later.

Fantastic.  I tried various combinations of proxy configuration, all to the same avail.  I wanted to find out more, so I ran a packet trace on the network to see what was gong on.  Quelle surprise, there reams of connection attempts by the tablet to Google's 1e100.net servers.

There is not a lot that can be done about this with an explicit proxy setup.  The only real way I think you could do this is with a transparent proxy.  A transparent proxy is one that intercepts traffic at the network gateway, instead of being explicitly listed.  The advantage of this approach is that you don't have to worry about badly behaved clients like Android.

So along with no IPv6 DHCP support, no WPAD support, Google also have poor implementation of proxies full stop.  I was ok with this back in the very early days of Android, but it feels like this bread-and-butter stuff should be fixed by now.  Unfortunately, there isn't much alternatives as tablet manufacturers seem uninterested in providing drivers and builds that will work with generic Linux distributions.

Breaking from the voyeuristic norms of the Internet, any comments can be made in private by contacting me.