For some yet unknown reason bitmask android doesn't handle ipv6 rejection correctly. Instead of a rejection the connection attempt runs into a timeout.

Some comments about that issue.

<micah> if you look up mail.riseup.net DNS, you see there is an A record (ipv4) and an AAAA record (ipv6)
<micah> mail.riseup.net has address 198.252.153.254
<micah> mail.riseup.net has address 198.252.153.22
<micah> mail.riseup.net has IPv6 address 2620:13:4000:4000:dead:beef:0:254
<micah> mail.riseup.net has IPv6 address 2620:13:4000:4000:dead:beef:0:22
<micah> mail.riseup.net mail is handled by 10 mx1.riseup.net.
<micah> when a client wants to connect there, it will look up the records, get that back, and then decide what to do. If it has ipv6 support, it will pick one of those and then try it
<micah> if it doesn't work, it will try one of the ipv4 ones
<micah> (actually you can configure this behavior on linux, to only try v4 for example, but I dont know if android can do it)
<cyberta> --> I'll need to figure that out
<micah> so the people who are using bitmask have ipv6, they try to connect to mail.r.n, get an ipv6 address, tries to connect to that, bitmask blocks it
<micah> that is all normal ^
<micah> but... on the linux side, we block ipv6 with a special flag, that causes it to fail quick

How fail early works on Bitmask desktop client

> <micah> ␛[7$   ip6tables("--append", BITMASK_CHAIN, "-p", "tcp", "--jump", "REJECT")
> <micah>     ip6tables("--append", BITMASK_CHAIN, "-p", "udp", "--jump", "REJECT")