Allow to disable route exclusion emulation

This allows disabling the route emulation for Andorid API 33 (Tiramisu/API 33) or if the app implements its own emulation (ics-openvpn) Signed-off-by: Arne Schwabe <arne@openvpn.net>
2026-05-17 08:26:28 +03:00 · 2022-08-02 00:49:31 +02:00
parent 4393f401f3
commit 26fad3a4f6
3 changed files with 23 additions and 2 deletions
--- a/client/ovpncli.cpp
+++ b/client/ovpncli.cpp
@@ -465,6 +465,9 @@ namespace openvpn {
 	PeerInfo::Set::Ptr extra_peer_info;
 	HTTPProxyTransport::Options::Ptr http_proxy_options;
 	unsigned int clock_tick_ms = 0;
+#ifdef OPENVPN_PLATFORM_ANDROID
+	bool enable_route_emulation = true;
+#endif
 #ifdef OPENVPN_GREMLIN
 	Gremlin::Config::Ptr gremlin_config;
 #endif
@@ -726,6 +729,9 @@ namespace openvpn {
 	state->echo = config.echo;
 	state->info = config.info;
 	state->clock_tick_ms = config.clockTickMS;
+#ifdef OPENVPN_PLATFORM_ANDROID
+	state->enable_route_emulation = config.enableRouteEmulation;
+#endif
 	if (!config.gremlinConfig.empty())
 	  {
 #ifdef OPENVPN_GREMLIN
--- a/client/ovpncli.hpp
+++ b/client/ovpncli.hpp
@@ -315,6 +315,13 @@ namespace openvpn {
      // Android that disable local LAN access by default.
      bool allowLocalLanAccess = false;

+#ifdef OPENVPN_PLATFORM_ANDROID
+      // Instead of setting include and exclude routes, calculate a set of
+      // include routes only to emulate the lack of excluding routes
+      // (Android earlier than Tiramisu (Android 13))
+      bool enableRouteEmulation = true;
+#endif
+
      // Periodic convenience clock tick in milliseconds.
      // Will call clock_tick() at a frequency defined by this parameter.
      // Set to 0 to disable.
--- a/openvpn/client/cliopt.hpp
+++ b/openvpn/client/cliopt.hpp
@@ -158,6 +158,9 @@ namespace openvpn {
 	  bool enable_legacy_algorithms = false;
      bool enable_nonpreferred_dcalgs;
      PeerInfo::Set::Ptr extra_peer_info;
+#ifdef OPENVPN_PLATFORM_ANDROID
+      bool enable_route_emulation = true;
+#endif
 #ifdef OPENVPN_GREMLIN
      Gremlin::Config::Ptr gremlin_config;
 #endif
@@ -396,8 +399,13 @@ namespace openvpn {
 	      tunconf->tun_prop.remote_bypass = true;
 #endif
 #if defined(OPENVPN_PLATFORM_ANDROID)
-	    // Android VPN API doesn't support excluded routes, so we must emulate them
-	    tunconf->eer_factory.reset(new EmulateExcludeRouteFactoryImpl(false));
+	// Android VPN API only supports excluded IP prefixes starting with Android 13/API 33,
+	// so we must emulate them for earlier platforms
+	if (config.enable_route_emulation) {
+	  tunconf->eer_factory.reset(new EmulateExcludeRouteFactoryImpl(false));
+	} else {
+	  tunconf->eer_factory.reset(nullptr);
+	}
 #endif
 #if defined(OPENVPN_PLATFORM_MAC)
 	    tunconf->tun_prefix = true;