android: add split/tunnel mode selection with search bar for apps #723
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Implemented Experimental INCLUDE split tunnelling support alongside a search bar for quick app selection.
This adds a prototype "include-mode" routing model for Android VPN configuration, addressing long-standing user requests for selectively tunneling only chosen applications, alongside a search bar implementation.
When enabled, the VPN builder whitelists specific package names rather than excluding all others. This avoids the need to maintain long exclude lists and supports targeted routing (e.g., only browsers, music players, etc).
Details:
Implemented a UI toggle button which turns on split tunneling, and which then presents the option to either include or exclude app packages in the VPNBuilder, without having to use MDM, with both the include and exclude package lists capable of containing separate apps. When Split tunnelling is disabled, the app excludes all packages in
builtInDisallowedPackageNamesby default, mirroring existing default functionality when no packages are manually added to the exclude list.If Included or Excluded packages are included by MDM, the split tunneling toggle is vacuously turned on -- and user include/exclude lists are ignored.
A search bar has also been implemented in order to cut down on app selection times significantly. The search bar matches on both app names and package names (e.g
Chromeorcom.android.chrome)Limitations and notes:
DNS resolver traffic might fail under include-mode when Tailscale DNS is active. Disabling Tailscale DNS appears to mitigate the issue, but the underlying resolver interaction remains open for analysis. Feedback, testing results, and alternative approaches from developers or knowledgeable users are welcome and appreciated. (When using Mullvad VPN as my exit node, this problem seems to disappear, which leads me to suspect the problem is indeed with my exit node and not the implementation.)
When split tunneling mode is set to
INCLUDEan empty allowed packages list is interpreted as “route everything,” so all traffic passes through the tunnel. Once an entry is added, filtering works as intended.This commit is intended as a discussion basis / RFC for upstream consideration and iteration :)
Note: I became aware of PR #621 only after finishing this implementation 😄
My goal is not to replace that effort, this PR explores a different UI/UX design (search bar, explicit include/exclude list behaviour, toggle state logic) which may complement the earlier branch.
Happy to collaborate, merge concepts, or align with the earlier PR, whichever direction maintainers prefer :)