Change allowed apps while connected

[KaustubhPatange]

Sorry to bother you again as you know I'm developing an open source VPN app called Gear VPN in public.

And I was looking to implement split tunnel feature where you can give access to individual apps whether to use VPN or not. So I was browsing the code & found that I can use mAllowedAppsVpn and mAllowedAppsVpnAreDisallowed from VpnProfile.java in conjunction to allow/disallow VPN access to the app. I use OpenVpnApi.startVpn method to start connection to a VPN service where I was deciding to modify it to accept list of app packages.

This wasn't hard, the question is once the VPN is connected how can I add or remove application packages to grant or deny their access to the VPN? From the docs I saw that you can only configure addDisallowedApplication when setting up VPN connection from the builder (this is something I saw in openTun method from OpenVPNService.java).

Is there a way to achieve this without resetting the connection? I saw a method in OpenVPNService.java called addAllowedExternalApp, is this is something I could use?

[schwabe]

Yes. You are correct. You can only setup alllow/disallowed apps on VPN setup. That is a limitation of the Android API. You might be able to workaround it by reopening the tunnel interface.

Btw. this is not a library. It is a app.

[KaustubhPatange]

Re-opening the tunnel interface

Can you highlight this one? I mean just a little guidance on how to approach this (if possible).

[schwabe]

It is not trivial to do this: you basically need to modify both openvpn and the whole OpenVPNService to be able to do that. Basically call VPNBuiilder.establish() a second time with different parameters and then switch the tun fd for OpenVPN itself.

You could also just reconnect the VPN.

[KaustubhPatange]

Sorry to bother you again, the first approach seems a bit out of my scope. You said about reconnecting VPN, how do I do that? Just stopVpn() followed by startVpn()?