Implement bypassing the VPN when accessing local resources

author: Arne Schwabe <arne@rfc2549.org> 2014-02-02 18:01:03 +0100
committer: Arne Schwabe <arne@rfc2549.org> 2014-02-02 18:01:03 +0100
commit: 83a741a917e56f1d6079a95394f72a2c7cf709ed (patch)
tree: 89dd03c401d995e878fd5dd7025202b6af2a460b
parent: ec5b4540d6f163861c6d639e5aba853e8702aae1 (diff)
5 files changed, 36 insertions, 1 deletions
diff --git a/res/values/strings.xml b/res/values/strings.xml
index 34721515..2998a9a4 100755
--- a/res/values/strings.xml
+++ b/res/values/strings.xml
@@ -309,4 +309,6 @@
     <string name="unhandled_exception_context">%3$s: %1$s\n\n%2$s</string>
     <string name="faq_system_dialog_xposed">If you have rooted your Android device you can install the &lt;a href=\"http://xposed.info/\"&gt;Xposed framework&lt;/a&gt; and a the &lt;a href=\"http://repo.xposed.info/module/de.blinkt.vpndialogxposed\"&gt;VPN Dialog confirm module&lt;/a&gt; at your own risk"</string>
     <string name="full_licenses">Full licenses</string>
+    <string name="blocklocal_summary">Networks directly connected to the local interfaces will not be routed over the VPN. Unchecking this option will redirect all traffic indented for local networks to VPN.</string>
+    <string name="blocklocal_title">Bypass VPN for local networks</string>
 </resources>
diff --git a/res/xml/vpn_routing.xml b/res/xml/vpn_routing.xml
index ce19a500..298f488f 100644
--- a/res/xml/vpn_routing.xml
+++ b/res/xml/vpn_routing.xml
@@ -6,6 +6,12 @@
         android:summary="@string/ignore_routes_summary"
         android:title="@string/ignored_pushed_routes" />
 
+    <CheckBoxPreference
+        android:title="@string/blocklocal_title"
+        android:summary="@string/blocklocal_summary"
+        android:key="unblockLocal"
+    />
+
     <PreferenceCategory android:title="@string/ipv4" >
         <CheckBoxPreference
             android:disableDependentsState="true"
diff --git a/src/de/blinkt/openvpn/VpnProfile.java b/src/de/blinkt/openvpn/VpnProfile.java
index b016fb64..55a7d3e3 100644
--- a/src/de/blinkt/openvpn/VpnProfile.java
+++ b/src/de/blinkt/openvpn/VpnProfile.java
@@ -52,6 +52,7 @@ public class VpnProfile implements Serializable {
     private static final long serialVersionUID = 7085688938959334563L;
     private static final String OVPNCONFIGFILE = "android.conf";
     public static final int MAXLOGLEVEL = 4;
+    public static final int CURRENT_PROFILE_VERSION = 2;
     public static String DEFAULT_DNS1 = "8.8.8.8";
     public static String DEFAULT_DNS2 = "8.8.4.4";
 
@@ -126,10 +127,13 @@ public class VpnProfile implements Serializable {
     // Public attributes, since I got mad with getter/setter
     // set members to default values
     private UUID mUuid;
+    public boolean mAllowLocalLAN;
+    private int mProfileVersion;
 
     public VpnProfile(String name) {
         mUuid = UUID.randomUUID();
         mName = name;
+        mProfileVersion = CURRENT_PROFILE_VERSION;
     }
 
     public static String openVpnEscape(String unescaped) {
@@ -153,6 +157,7 @@ public class VpnProfile implements Serializable {
         mUseDefaultRoutev6 = false;
         mExpectTLSCert = false;
         mPersistTun = false;
+        mAllowLocalLAN = true;
     }
 
     public UUID getUUID() {
@@ -166,6 +171,18 @@ public class VpnProfile implements Serializable {
         return mName;
     }
 
+    public void upgradeProfile(){
+        if(mProfileVersion< 2) {
+            /* default to the behaviour the OS used */
+            if (Build.VERSION.SDK_INT < Build.VERSION_CODES.KITKAT)
+                mAllowLocalLAN = true;
+            else
+                mAllowLocalLAN = false;
+        }
+
+        mProfileVersion= CURRENT_PROFILE_VERSION;
+    }
+
     public String getConfigFile(Context context, boolean configForOvpn3) {
 
         File cacheDir = context.getCacheDir();
@@ -312,6 +329,11 @@ public class VpnProfile implements Serializable {
                 numroutes++;
             }
 
+        if (Build.VERSION.SDK_INT < Build.VERSION_CODES.KITKAT && !mAllowLocalLAN)
+            cfg+="redirect-private block-local\n";
+        else if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.KITKAT && mAllowLocalLAN)
+            cfg+="redirect-private unblock-local\n";
+
 
         if (mUseDefaultRoutev6)
             cfg += "route-ipv6 ::/0\n";
diff --git a/src/de/blinkt/openvpn/core/ProfileManager.java b/src/de/blinkt/openvpn/core/ProfileManager.java
index a1dd8da5..4cfbcc8e 100644
--- a/src/de/blinkt/openvpn/core/ProfileManager.java
+++ b/src/de/blinkt/openvpn/core/ProfileManager.java
@@ -171,7 +171,8 @@ public class ProfileManager {
 				// Sanity check 
 				if(vp==null || vp.mName==null || vp.getUUID()==null)
 					continue;
-				
+
+                vp.upgradeProfile();
 				profiles.put(vp.getUUID().toString(), vp);
 
 			} catch (StreamCorruptedException e) {
diff --git a/src/de/blinkt/openvpn/fragments/Settings_Routing.java b/src/de/blinkt/openvpn/fragments/Settings_Routing.java
index 63b54bf3..7216e0ff 100644
--- a/src/de/blinkt/openvpn/fragments/Settings_Routing.java
+++ b/src/de/blinkt/openvpn/fragments/Settings_Routing.java
@@ -13,6 +13,7 @@ public class Settings_Routing extends OpenVpnPreferencesFragment implements OnPr
 	private EditTextPreference mCustomRoutesv6;
 	private CheckBoxPreference mUseDefaultRoutev6;
 	private CheckBoxPreference mRouteNoPull;
+    private CheckBoxPreference mLocalVPNAccess;
 
 	@Override
 	public void onCreate(Bundle savedInstanceState) {
@@ -25,6 +26,7 @@ public class Settings_Routing extends OpenVpnPreferencesFragment implements OnPr
 		mCustomRoutesv6 = (EditTextPreference) findPreference("customRoutesv6");
 		mUseDefaultRoutev6 = (CheckBoxPreference) findPreference("useDefaultRoutev6");
 		mRouteNoPull = (CheckBoxPreference) findPreference("routenopull");
+        mLocalVPNAccess = (CheckBoxPreference) findPreference("unblockLocal");
 
 		mCustomRoutes.setOnPreferenceChangeListener(this);
 		mCustomRoutesv6.setOnPreferenceChangeListener(this);
@@ -42,6 +44,7 @@ public class Settings_Routing extends OpenVpnPreferencesFragment implements OnPr
 		mCustomRoutesv6.setText(mProfile.mCustomRoutesv6);
 
 		mRouteNoPull.setChecked(mProfile.mRoutenopull);
+        mLocalVPNAccess.setChecked(mProfile.mAllowLocalLAN);
 
 		// Sets Summary
 		onPreferenceChange(mCustomRoutes, mCustomRoutes.getText());
@@ -57,6 +60,7 @@ public class Settings_Routing extends OpenVpnPreferencesFragment implements OnPr
 		mProfile.mCustomRoutes = mCustomRoutes.getText();
 		mProfile.mCustomRoutesv6 = mCustomRoutesv6.getText();
 		mProfile.mRoutenopull = mRouteNoPull.isChecked();
+        mProfile.mAllowLocalLAN =mLocalVPNAccess.isChecked();
 	}
 
 	@Override
author	Arne Schwabe <arne@rfc2549.org>	2014-02-02 18:01:03 +0100
committer	Arne Schwabe <arne@rfc2549.org>	2014-02-02 18:01:03 +0100
commit	83a741a917e56f1d6079a95394f72a2c7cf709ed (patch)
tree	89dd03c401d995e878fd5dd7025202b6af2a460b
parent	ec5b4540d6f163861c6d639e5aba853e8702aae1 (diff)