WireGuard Archive on lore.kernel.org
 help / color / Atom feed
* Android app whitelist/blacklist feature
@ 2018-07-02 20:35 Eric Kuck
  2018-07-02 21:43 ` Samuel Holland
  0 siblings, 1 reply; 11+ messages in thread
From: Eric Kuck @ 2018-07-02 20:35 UTC (permalink / raw)
  To: wireguard

[-- Attachment #1: Type: text/plain, Size: 2081 bytes --]

I’d like to make a contribution to the Android app, but would like to know
if this is something that would actually get merged before I go through all
the effort. What I’d like to do is add an exceptions list (apps that will
not be routed through the Wireguard interface). The rationale for this
being that some apps simply don’t work with Wireguard. For example, the use
of a Wireguard VPN with custom DNS breaks WearOS watches due to Google
hardcoding the use of the 8.8.8.8 DNS server. Another example is that
Netflix doesn’t work when routed through my VPN server since they know it’s
a DigitalOcean instance, but works fine without the VPN enabled. Another
example is that there’s often no reason to route data-heavy video apps
through your VPN server. Rather than turning the VPN on my phone off to use
my wearable or to watch something on my phone, I’d like to be able to opt
those apps out of using the VPN at all. I’m sure there are many more
examples of apps that simply don’t need to go through a VPN, as no
confidential information is passed through them.

My proposal is to add another Fragment that’s just a list of all apps
installed on the phone with check boxes next to them. If the checkbox is
checked, that app will be routed through Wireguard. If not, it will be free
to bypass the VPN. Naturally, all apps will be default to being checked.
This is an easy change to make for the GoBackend implementation
using VpnService.Builder.addDisallowedApplication(<packageName>), but would
likely be pretty complicated to add to WgQuickBackend. Perhaps this is
something that would only be possible for GoBackend users.

Any thoughts on this? I have everything working locally by simply adding
these two hardcoded lines to GoBackend.java:

            builder.addDisallowedApplication("com.netflix.mediaclient");

builder.addDisallowedApplication("com.google.android.wearable.app”);

but I would like to make this more configurable and available to the rest
of Wireguard users if you’re agreeable to it. Thanks.

[-- Attachment #2: Type: text/html, Size: 2851 bytes --]

<html><head><style>body{font-family:Helvetica,Arial;font-size:13px}</style></head><body style="word-wrap:break-word"><div id="bloop_customfont" style="color:rgb(0,0,0);margin:0px"><div id="bloop_customfont" style="margin:0px"><font face="Helvetica">I’d like to make a contribution to the Android app, but would like to know if this is something that would actually get merged before I go through all the effort. What I’d like to do is add an exceptions list (apps that will not be routed through the Wireguard interface). The rationale for this being that some apps simply don’t work with Wireguard. For example, the use of a Wireguard VPN with custom DNS breaks WearOS watches due to Google hardcoding the use of the 8.8.8.8 DNS server. Another example is that Netflix doesn’t work when routed through my VPN server since they know it’s a DigitalOcean instance, but works fine without the VPN enabled. Another example is that there’s often no reason to route data-heavy video apps through your VPN server. Rather than turning the VPN on my phone off to use my wearable or to watch something on my phone, I’d like to be able to opt those apps out of using the VPN at all. I’m sure there are many more examples of apps that simply don’t need to go through a VPN, as no confidential information is passed through them.</font></div><div><font face="Helvetica"><br></font></div><font face="Helvetica">My proposal is to add another Fragment that’s just a list of all apps installed on the phone with check boxes next to them. If the checkbox is checked, that app will be routed through Wireguard. If not, it will be free to bypass the VPN. Naturally, all apps will be default to being checked. This is an easy change to make for the GoBackend implementation using VpnService.Builder.addDisallowedApplication(&lt;packageName&gt;), but would likely be pretty complicated to add to WgQuickBackend. Perhaps this is something that would only be possible for GoBackend users.</font><div><font face="Helvetica"><br></font></div><div><font face="Helvetica">Any thoughts on this? I have everything working locally by simply adding these two hardcoded lines to GoBackend.java:</font></div><div><font face="Helvetica"><br></font></div><div><div><font face="Helvetica">            builder.addDisallowedApplication(&quot;com.netflix.mediaclient&quot;);</font></div><div><font face="Helvetica">            builder.addDisallowedApplication(&quot;com.google.android.wearable.app”);</font></div><div><font face="Helvetica"><br></font></div><div><font face="Helvetica">but I would like to make this more configurable and available to the rest of Wireguard users if you’re agreeable to it. Thanks.</font></div></div></div><font face="Helvetica"><br></font><div id="bloop_sign_1530563587386675712" class="bloop_sign"></div></body></html>

^ permalink raw reply	[flat|nested] 11+ messages in thread

end of thread, back to index

Thread overview: 11+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2018-07-02 20:35 Android app whitelist/blacklist feature Eric Kuck
2018-07-02 21:43 ` Samuel Holland
2018-07-03  0:22   ` Eric Kuck
2018-07-03  2:21     ` Jason A. Donenfeld
2018-07-03  2:27       ` Eric Kuck
2018-07-03  2:31         ` Jason A. Donenfeld
2018-07-03 18:12           ` Samuel Holland
2018-07-03 18:17             ` Jason A. Donenfeld
2018-07-04 22:19               ` Eric Kuck
2018-07-05 13:23                 ` Jason A. Donenfeld
2018-07-05 13:24                   ` Jason A. Donenfeld

WireGuard Archive on lore.kernel.org

Archives are clonable:
	git clone --mirror https://lore.kernel.org/wireguard/0 wireguard/git/0.git

	# If you have public-inbox 1.1+ installed, you may
	# initialize and index your mirror using the following commands:
	public-inbox-init -V2 wireguard wireguard/ https://lore.kernel.org/wireguard \
		wireguard@lists.zx2c4.com zx2c4-wireguard@archiver.kernel.org
	public-inbox-index wireguard


Newsgroup available over NNTP:
	nntp://nntp.lore.kernel.org/com.zx2c4.lists.wireguard


AGPL code for this site: git clone https://public-inbox.org/ public-inbox