Hi lev,
that explains it on the level which I need and understand.
This has actually come up before but in a different way:
On a PC using `--redirect-gateway def1` the host route to the server is
added in order that VPN packets are not routed back into the tunnel but
sent directly to the server.
The downside of this being that a client cannot connect to the server
public IP via the VPN using telnet, for example (Unless they take extra
steps).
However, the explanation below shows how it is that a smartphone can
connect to the server public IP via the VPN.
Thanks for your help.
On 29/12/2020 17:36, Lev Stipakov wrote:
This concept is originally from Android VPN API, which provides a way to
"protect" socket so that data sent through this socket will go directly to the
network and will not be forwarded through the VPN.
OpenVPN3 has been influenced by Android VPN API. It also has a mechanism
to ensure that data sent through the socket or to specific IP address
is not routed
to the VPN. The API method is also named "socket_protect".
The "protection" implementation is OS-specific and outside of OpenVPN3
core library.
Android client (at least ics-openvpn, likely Connect too) indeed calls
VpnService.protect(). Windows and Mac Connect clients modify routing table and
add bypass route. Linux client either uses SO_MARK, bind to dev or host route.
_______________________________________________
Openvpn-users mailing list
Openvpn-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-users
