From 9ec289683571ea3d65dd3d4d5ec056bd10bc73ad Mon Sep 17 00:00:00 2001 From: Sam Symons Date: Thu, 5 Dec 2024 16:08:41 -0800 Subject: [PATCH 1/2] Route 10.0.0.0/8 through the tunnel when including local networks. --- Sources/NetworkProtection/Routing/VPNRoutingRange.swift | 6 ++++++ .../NetworkProtection/Routing/VPNRoutingTableResolver.swift | 2 +- 2 files changed, 7 insertions(+), 1 deletion(-) diff --git a/Sources/NetworkProtection/Routing/VPNRoutingRange.swift b/Sources/NetworkProtection/Routing/VPNRoutingRange.swift index d72f63628..953b2dd8e 100644 --- a/Sources/NetworkProtection/Routing/VPNRoutingRange.swift +++ b/Sources/NetworkProtection/Routing/VPNRoutingRange.swift @@ -40,6 +40,12 @@ public enum VPNRoutingRange { "192.168.0.0/16", /* 255.255.0.0 */ ] + public static let localNetworkRangeWithDNS: [NetworkProtection.IPAddressRange] = [ + "10.0.0.0/8", /* 255.0.0.0 */ + "172.16.0.0/12", /* 255.240.0.0 */ + "192.168.0.0/16", /* 255.255.0.0 */ + ] + public static let publicNetworkRange: [NetworkProtection.IPAddressRange] = [ "1.0.0.0/8", "2.0.0.0/8", diff --git a/Sources/NetworkProtection/Routing/VPNRoutingTableResolver.swift b/Sources/NetworkProtection/Routing/VPNRoutingTableResolver.swift index 505aa455a..9fb9c3ad8 100644 --- a/Sources/NetworkProtection/Routing/VPNRoutingTableResolver.swift +++ b/Sources/NetworkProtection/Routing/VPNRoutingTableResolver.swift @@ -53,7 +53,7 @@ struct VPNRoutingTableResolver { var routes = VPNRoutingRange.publicNetworkRange + dnsRoutes() if !excludeLocalNetworks { - routes += VPNRoutingRange.localNetworkRange + routes += VPNRoutingRange.localNetworkRangeWithDNS } return routes From 21ddf0ef8af6f17cb3358dd5df5ca5c969f0d5f5 Mon Sep 17 00:00:00 2001 From: Sam Symons Date: Fri, 6 Dec 2024 12:56:44 -0800 Subject: [PATCH 2/2] Update range naming. --- Sources/NetworkProtection/Routing/VPNRoutingRange.swift | 5 ++--- .../NetworkProtection/Routing/VPNRoutingTableResolver.swift | 4 ++-- 2 files changed, 4 insertions(+), 5 deletions(-) diff --git a/Sources/NetworkProtection/Routing/VPNRoutingRange.swift b/Sources/NetworkProtection/Routing/VPNRoutingRange.swift index 953b2dd8e..4c94dc51c 100644 --- a/Sources/NetworkProtection/Routing/VPNRoutingRange.swift +++ b/Sources/NetworkProtection/Routing/VPNRoutingRange.swift @@ -34,13 +34,12 @@ public enum VPNRoutingRange { "::1/128", /* loopback */ ] - public static let localNetworkRange: [NetworkProtection.IPAddressRange] = [ - // "10.0.0.0/8", /* 255.0.0.0 */ + public static let localNetworkRangeWithoutDNS: [NetworkProtection.IPAddressRange] = [ "172.16.0.0/12", /* 255.240.0.0 */ "192.168.0.0/16", /* 255.255.0.0 */ ] - public static let localNetworkRangeWithDNS: [NetworkProtection.IPAddressRange] = [ + public static let localNetworkRange: [NetworkProtection.IPAddressRange] = [ "10.0.0.0/8", /* 255.0.0.0 */ "172.16.0.0/12", /* 255.240.0.0 */ "192.168.0.0/16", /* 255.255.0.0 */ diff --git a/Sources/NetworkProtection/Routing/VPNRoutingTableResolver.swift b/Sources/NetworkProtection/Routing/VPNRoutingTableResolver.swift index 9fb9c3ad8..429cd4c8a 100644 --- a/Sources/NetworkProtection/Routing/VPNRoutingTableResolver.swift +++ b/Sources/NetworkProtection/Routing/VPNRoutingTableResolver.swift @@ -43,7 +43,7 @@ struct VPNRoutingTableResolver { var routes = VPNRoutingRange.alwaysExcludedIPv4Range if excludeLocalNetworks { - routes += VPNRoutingRange.localNetworkRange + routes += VPNRoutingRange.localNetworkRangeWithoutDNS } return routes @@ -53,7 +53,7 @@ struct VPNRoutingTableResolver { var routes = VPNRoutingRange.publicNetworkRange + dnsRoutes() if !excludeLocalNetworks { - routes += VPNRoutingRange.localNetworkRangeWithDNS + routes += VPNRoutingRange.localNetworkRange } return routes