mullvad / mullvadvpn-app

The Mullvad VPN client app for desktop and mobile
https://mullvad.net/
GNU General Public License v3.0
5.11k stars 339 forks source link

Feature request: iOS exclude app from going through Mullvad #3801

Open Mikaela opened 2 years ago

Mikaela commented 2 years ago

Issue report

Operating system: iOS 16.0 (20A5312j) (public beta)

App version: 2022.2

Issue description

I would like the ability to exclude specific apps from going through Mullvad, in this case DeltaChat as Gandi.net is blocking connections to Mullvad to their email servers so I cannot send messages using it while being connected.

I found https://github.com/mullvad/mullvadvpn-app/issues/1583#issuecomment-602417783, but it seems to be a different version of split tunneling and I didn't see a tracking issue for this. In https://github.com/mullvad/mullvadvpn-app/issues/3039 maOS was called as one of the last platforms where split tunneling is not implemented, which I guess makes iOS the last.

pronebird commented 2 years ago

Hi,

This is definitely a desired feature to have. I don't believe there is an easy way for us to implement a so-called split-tunneling on iOS and exclude certain apps from going through VPN.

Apple/iOS provide ability to establish per-app VPN, but that's only available for managed environments (MDM) where devices are configured using centralized server and each have an MDM profile installed. This is more of an enterprise thing. I think it works the other way around though, all apps are excluded by default and only selected ones use VPN. Never had a chance to work with it, so may be off on details.

Other solution is perhaps to route traffic using destination IP. But that does not work well since two different apps may share the same cloud provider and so if their network infrastructure IP addresses overlap, then both will be going outside VPN. This is a problem from the user experience angle too as the user would have to specify certain IP addresses instead of selecting an app, which requires a special knowledge, which is probably not easy to obtain.

Couple of references/threads below for anyone interested to read more on that. There is really not much info available on the web.

https://developer.apple.com/forums/thread/125190 https://developer.apple.com/forums/thread/700075 https://developer.apple.com/documentation/networkextension/netunnelprovidermanager#1661690