feat: Add Split Tunnel feature (Windows PoC)

Implement initial proof-of-concept for split tunnel functionality on Windows, allowing applications to route traffic through a designated network interface while bypassing default system routing. Features: - Split tunnel module with TCP/UDP proxy infrastructure - Firewall integration with split tunnel verdict handling - SplitTunneling context attached to connections - Configuration options: enable toggle, interface selection, and policy rules - UI display of split tunnel connection details in connection info panel - Subsystem configuration for user-level access Windows-specific implementation: - Uses proxy-based interface routing on Windows - Automatic or manual interface detection and binding - Support for IPv4 and IPv6 traffic Note: Linux implementation is under development. SPN takes precedence over split tunnel when both are enabled, ensuring SPN connections bypass this feature.
2026-04-28 19:41:59 +00:00 · 2026-04-24 18:04:01 +03:00 · 2026-04-24 18:04:01 +03:00 · ee8cde31f6
commit ee8cde31f6
parent 29cc58fecb
17 changed files with 682 additions and 7 deletions
--- a/desktop/angular/src/app/shared/config/config-settings.ts
+++ b/desktop/angular/src/app/shared/config/config-settings.ts
@ -427,11 +427,16 @@ export class ConfigSettingsViewComponent
                  (s) => s.Key === subsys.ToggleOptionKey
                );
                if (!!toggleOption) {
-                  if (
-                    (toggleOption.Value !== undefined && !toggleOption.Value) ||
-                    (toggleOption.Value === undefined &&
-                      !toggleOption.DefaultValue)
-                  ) {
+                  // Determine the effective enabled state: per-app value takes
+                  // priority, then the globally-configured value (GlobalDefault),
+                  // and finally the hardcoded DefaultValue.
+                  const effectiveEnabled =
+                    toggleOption.Value !== undefined
+                      ? !!toggleOption.Value
+                      : toggleOption.GlobalDefault !== undefined
+                        ? !!toggleOption.GlobalDefault
+                        : !!toggleOption.DefaultValue;
+                  if (!effectiveEnabled) {
                    subsys.isDisabled = true;

                    // remove all settings for all subsystem categories
--- a/desktop/angular/src/app/shared/config/subsystems.ts
+++ b/desktop/angular/src/app/shared/config/subsystems.ts
@ -7,7 +7,7 @@ export interface SubsystemWithExpertise extends Subsystem {
  hasUserDefinedValues: boolean;
 }

-export var subsystems : SubsystemWithExpertise[] = [
+export const subsystems : SubsystemWithExpertise[] = [
  {
    minimumExpertise: ExpertiseLevelNumber.developer,
    isDisabled: false,
@ -268,5 +268,30 @@ export var subsystems : SubsystemWithExpertise[] = [
      Deleted: 0,
      Key: "runtime:subsystems/spn"
    }
+  },
+  {
+  minimumExpertise: ExpertiseLevelNumber.user,  // User level since UI is user-facing
+  isDisabled: false,
+  hasUserDefinedValues: false,
+  ID: "splittun",
+  Name: "Split Tunnel",
+  Description: "Route traffic through specified interface to bypass default routing",
+  Modules: [
+    {
+      Name: "splittun",
+      Enabled: true
+    }
+  ],
+  ToggleOptionKey: "splittun/use",  // Links to the boolean enable/disable option
+  ExpertiseLevel: "user",
+  ReleaseLevel: 0,
+  ConfigKeySpace: "config:splittun/",
+  _meta: {
+    Created: 0,
+    Modified: 0,
+    Expires: 0,
+    Deleted: 0,
+    Key: "runtime:subsystems/splittun"
  }
+}
 ];