Describe Your Idea
In Russia, an increasing number of applications detect active VPN connections and either block access, restrict functionality, or report this information to third parties. This creates a privacy and safety risk for users who rely on VPNs for legitimate purposes.
Critical issue: Even with split tunneling configured, apps can detect the presence of a VPN tunnel and exfiltrate the real IP address. For example, an app can simply run:
curl --interface tun0 ifconfig.co
This bypasses split tunneling entirely by binding directly to the VPN interface (tun0), revealing the VPN exit node IP. Apps can also:
- Enumerate network interfaces and detect tun0, tun1, etc.
- Check for VPN-related routes in the routing table
- Detect VPN app packages installed on the device
- Report telemetry about VPN usage to remote servers
Currently, De1984 allows VPN apps to access the network by default (they are exempted from blocking to prevent bypass vulnerabilities via shared UIDs). However, this means VPN client apps themselves can communicate freely, which defeats the purpose when the threat model includes apps that detect and react to VPN usage.
We need a way to block apps from accessing VPN tunnel interfaces (e.g. tun0, tun1), similar to how AFWall+ handles this.
Describe Your Idea
In Russia, an increasing number of applications detect active VPN connections and either block access, restrict functionality, or report this information to third parties. This creates a privacy and safety risk for users who rely on VPNs for legitimate purposes.
Critical issue: Even with split tunneling configured, apps can detect the presence of a VPN tunnel and exfiltrate the real IP address. For example, an app can simply run:
This bypasses split tunneling entirely by binding directly to the VPN interface (tun0), revealing the VPN exit node IP. Apps can also:
Currently, De1984 allows VPN apps to access the network by default (they are exempted from blocking to prevent bypass vulnerabilities via shared UIDs). However, this means VPN client apps themselves can communicate freely, which defeats the purpose when the threat model includes apps that detect and react to VPN usage.
We need a way to block apps from accessing VPN tunnel interfaces (e.g.
tun0,tun1), similar to how AFWall+ handles this.