-
Notifications
You must be signed in to change notification settings - Fork 1.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
FR: Bypass exit nodes for certain domains #7766
Comments
This suggestion of specific applications to bypass the VPN comes up most often for Android, which has an API in its VpnBuilder interface to do this. Is Android the main point of the feature request? |
No, there is already an issue up for Android here: #6912 My use-case would be for desktop. |
While not exactly the feature requested, I suspect that #1748 will meet the actual need by making certain domains go through the tailnet to a particular egress node. |
Instead of bypassing specific domains, would it be possible to bypass entire applications? I think this feature would complement recently announced Mullvad integration really nicely. Big part of Mullvad package is its |
That was my original intent, to bypass applications, not domains or conversely only run specific applications through the VPN. |
Would love to see this happen on Linux. If implemented, I'd sign up for Mullvad on Tailscale right away. |
per-application routing would be pretty damn cool. Could also do per-binary tailnet ACLs. |
Bypassing certain domains, networks or supporting split tunneling is something I thought was already in the new Mullvad support in the Linux client, but based on my testing it doesn't look that way. Would love to see this as I can't use Mullvad via Tailscale till it supports something along these lines, and unfortunately I am going to have to cancel my subscription for now. |
What are you trying to do?
When using an exit node I would like to route all traffic from specific applications through tailscale while allowing other applications direct access.
How should we solve this?
Normally this is done when turning on an exit node, you would set a whitelist for applications that would use said exit node.
What is the impact of not solving this?
Currently you would have to use the exit node globally in Tailscale which is not ideal for:
Or use VPN service that supports split tunneling instead.
Anything else?
No response
The text was updated successfully, but these errors were encountered: