No LAN access with always on VPN + block connections without VPN

[mvevitsis]

This seems to be a known issue (limitation?) of the way android applies block connections without VPN.

In order to fix this, I believe the LAN connections need to be owned by the windscribe app, rather than bypassing it entirely.

See: https://github.com/GrapheneOS/os-issue-tracker/issues/638 https://github.com/zaneschepke/wgtunnel/issues/52

[Ginder-Singh]

Yeah standard behaviour is too remove local ip ranges from the tunnel so local traffic never reaches to the tunnel instead goes to network interface. In Theory what you are describing can be implemented by letting local traffic hit the tunnel and from there send it using some socket connection and protect this socket from vpn. But this behaviour is non-standard and comes with very little benefit So we wont be implementing it.

[mvevitsis]

I would say being able to connect to LAN devices while avoiding VPN leaks would be a pretty big benefit.

Otherwise the only solution is for the windscribe app to implement its own killswitch separate from the system lockdown mode.