Thank you Tobias, Is something similar possible in windows where I can select
which all applications should enter the tunnel or not. I understand the Windows
client VPN is not ready, but in a site-site tunnel case I can selectively have
applications travel through the tunnel or outside depending on my choice?
RegardsWinny
On Monday, 17 August, 2020, 3:08:53 pm IST, Tobias Brunner
<tob...@strongswan.org> wrote:
Hi Winny,
> The strongswan android app has a feature where in a particular app
> can be selected and its traffic will bypass the tunnel. Could someone
> briefly explain how is the traffic originating from this application
> identified and then sent outside the tunnel.
The Android app uses Android's VpnService API. The VpnService.Builder
class [1] provides the addDisallowedApplication method to exclude apps
from the VPN. Android implements this via policy routing (each app runs
under a separate user ID), see [2].
Regards,
Tobias
[1]
https://developer.android.com/reference/android/net/VpnService.Builder.html
[2] https://stackoverflow.com/a/54982521/1158499
