diff options
| author | David Lönnhager <david.l@mullvad.net> | 2025-03-13 15:53:08 +0100 |
|---|---|---|
| committer | David Lönnhager <david.l@mullvad.net> | 2025-03-21 13:08:30 +0100 |
| commit | 99f6c343ad186b0b9016443533e30f56f21e0c8e (patch) | |
| tree | 2205e4378374e58e9b239ce63331f2a7f96f9a66 /android/app/src/androidTest | |
| parent | 8da59e1d8c4fbfb8ed95fe7bb1fcdfc67e3d1ad7 (diff) | |
| download | mullvadvpn-99f6c343ad186b0b9016443533e30f56f21e0c8e.tar.xz mullvadvpn-99f6c343ad186b0b9016443533e30f56f21e0c8e.zip | |
Use regular default route for the tunnel interface on Windows
This replaces the /1 routes for two reasons:
1. This mitigates an issue in our fork of wireguard-nt, which
intentionally allows routes back to the tunnel interface. The fork
explicitly disallows this only for routes with a prefix 0, which means
that the /1 routes are not exempted. This can result in an infinite
routing loop if the non-tunnel route to the relay is removed (e.g., if
the default interface or its routes disappear).
2. This simplifies the code and routes. The /1 routes are unnecessary
since we're setting the metric on the default route and interface to
the lowest value anyway, so the OS should always prefer the tunnel
default route. Even if it doesn't, the firewall will prevent leaks.
Diffstat (limited to 'android/app/src/androidTest')
0 files changed, 0 insertions, 0 deletions