Skip to content

Feature Request: Block VPN client apps — prevent VPN detection even with split tunneling #94

Description

@ArisoN-ext

Describe Your Idea

In Russia, an increasing number of applications detect active VPN connections and either block access, restrict functionality, or report this information to third parties. This creates a privacy and safety risk for users who rely on VPNs for legitimate purposes.
Critical issue: Even with split tunneling configured, apps can detect the presence of a VPN tunnel and exfiltrate the real IP address. For example, an app can simply run:

curl --interface tun0 ifconfig.co

This bypasses split tunneling entirely by binding directly to the VPN interface (tun0), revealing the VPN exit node IP. Apps can also:

  • Enumerate network interfaces and detect tun0, tun1, etc.
  • Check for VPN-related routes in the routing table
  • Detect VPN app packages installed on the device
  • Report telemetry about VPN usage to remote servers
    Currently, De1984 allows VPN apps to access the network by default (they are exempted from blocking to prevent bypass vulnerabilities via shared UIDs). However, this means VPN client apps themselves can communicate freely, which defeats the purpose when the threat model includes apps that detect and react to VPN usage.

We need a way to block apps from accessing VPN tunnel interfaces (e.g. tun0, tun1), similar to how AFWall+ handles this.

Metadata

Metadata

Assignees

No one assigned

    Labels

    enhancementNew feature or request

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions