Do not change routes between tunnel reconfiguration

author: Markus Pettersson <markus.pettersson@mullvad.net> 2025-02-04 11:43:46 +0100
committer: Markus Pettersson <markus.pettersson@mullvad.net> 2025-02-06 11:46:59 +0100
commit: d8922e059a47c8c0b1b5138da9b34ddcb178f1e2 (patch)
tree: 2f8811f9c5beba48f1585d5eb97489ac7151cc67
parent: ccaff308f154acceb16e1db8e51bf1e50b3760b8 (diff)
download: mullvadvpn-d8922e059a47c8c0b1b5138da9b34ddcb178f1e2.tar.xz
mullvadvpn-d8922e059a47c8c0b1b5138da9b34ddcb178f1e2.zip
1 files changed, 6 insertions, 1 deletions
diff --git a/talpid-wireguard/src/wireguard_go/mod.rs b/talpid-wireguard/src/wireguard_go/mod.rs
index a304565967..db74ef3bac 100644
--- a/talpid-wireguard/src/wireguard_go/mod.rs
+++ b/talpid-wireguard/src/wireguard_go/mod.rs
@@ -361,8 +361,13 @@ impl WgGoTunnel {
         tun_config.addresses = config.tunnel.addresses.clone();
         tun_config.ipv4_gateway = config.ipv4_gateway;
         tun_config.ipv6_gateway = config.ipv6_gateway;
-        tun_config.routes = routes.collect();
         tun_config.mtu = config.mtu;
+        tun_config.routes = if cfg!(target_os = "android") {
+            // Route everything into the tunnel and have wireguard-go act as a firewall.
+            vec!["0.0.0.0/0".parse().unwrap(), "::/0".parse().unwrap()]
+        } else {
+            routes.collect()
+        };
 
         for _ in 1..=MAX_PREPARE_TUN_ATTEMPTS {
             let tunnel_device = tun_provider
author	Markus Pettersson <markus.pettersson@mullvad.net>	2025-02-04 11:43:46 +0100
committer	Markus Pettersson <markus.pettersson@mullvad.net>	2025-02-06 11:46:59 +0100
commit	d8922e059a47c8c0b1b5138da9b34ddcb178f1e2 (patch)
tree	2f8811f9c5beba48f1585d5eb97489ac7151cc67
parent	ccaff308f154acceb16e1db8e51bf1e50b3760b8 (diff)
download	mullvadvpn-d8922e059a47c8c0b1b5138da9b34ddcb178f1e2.tar.xz mullvadvpn-d8922e059a47c8c0b1b5138da9b34ddcb178f1e2.zip