Initial importHEAD main

author: SergeiEU <39683682+SergeiEU@users.noreply.github.com> 2026-04-01 10:17:15 +0400
committer: SergeiEU <39683682+SergeiEU@users.noreply.github.com> 2026-04-01 10:17:15 +0400
commit: 1bd203c5555046b7ee4fbfe2f822eb3d03571ad7 (patch)
tree: d8c85273ede547e03a5727bf185f5d07e87b4a08 /internal/config/bypass.go
download: vpnem-main.tar.gz
vpnem-main.tar.bz2
vpnem-main.zip
1 files changed, 139 insertions, 0 deletions
diff --git a/internal/config/bypass.go b/internal/config/bypass.go
new file mode 100644
index 0000000..6232af0
--- /dev/null
+++ b/internal/config/bypass.go
@@ -0,0 +1,139 @@
+package config
+
+// BYPASS_PROCESSES — processes that go direct, bypassing TUN.
+// Ported 1:1 from vpn.py.
+var BypassProcesses = []string{
+	"QTranslate.exe",
+	"aspia_host.exe",
+	"aspia_host_service.exe",
+	"aspia_desktop_agent.exe",
+	"chrome.exe",
+	"firefox.exe",
+	"Performer Application v5.x.exe",
+	"chromium.exe",
+	"msedgewebview2.exe",
+	"Яндекс Музыка.exe",
+	"obs64.exe",
+}
+
+// LovenseProcessRegex — force Lovense through proxy regardless of mode.
+var LovenseProcessRegex = []string{"(?i).*lovense.*"}
+
+// BYPASS_IPS — VPN server IPs + service IPs, always direct.
+// NL servers, RU servers, misc.
+var StaticBypassIPs = []string{
+	// NL servers
+	"5.180.97.200/32", "5.180.97.199/32", "5.180.97.198/32",
+	"5.180.97.197/32", "5.180.97.181/32",
+	// RU servers
+	"84.252.100.166/32", "84.252.100.165/32", "84.252.100.161/32",
+	"84.252.100.117/32", "84.252.100.103/32",
+	// Misc
+	"109.107.175.41/32", "146.103.104.48/32", "77.105.138.163/32",
+	"91.84.113.225/32", "146.103.98.171/32", "94.103.88.252/32",
+	"178.20.44.93/32", "89.124.70.47/32",
+}
+
+// ReservedCIDRs — ranges not covered by ip_is_private.
+var ReservedCIDRs = []string{
+	"100.64.0.0/10",    // CGNAT / Tailscale
+	"192.0.0.0/24",     // IETF protocol assignments
+	"192.0.2.0/24",     // TEST-NET-1
+	"198.51.100.0/24",  // TEST-NET-2
+	"203.0.113.0/24",   // TEST-NET-3
+	"240.0.0.0/4",      // Reserved (Class E)
+	"255.255.255.255/32", // Broadcast
+}
+
+// LocalDomainSuffixes — local/mDNS domains, always direct.
+var LocalDomainSuffixes = []string{
+	"local", "localhost", "lan", "internal", "home.arpa",
+	"corp", "intranet", "test", "invalid", "example",
+	"home", "localdomain",
+}
+
+// WindowsNCSIDomains — Windows Network Connectivity Status Indicator.
+// Without these going direct, Windows shows "No Internet" warnings.
+var WindowsNCSIDomains = []string{
+	"msftconnecttest.com",
+	"msftncsi.com",
+}
+
+// ForcedProxyIPs — IPs that must always go through proxy.
+var ForcedProxyIPs = []string{
+	"65.21.33.248/32",
+	"91.132.135.38/32",
+}
+
+// Telegram — hardcoded, applied to ALL modes.
+var TelegramDomains = []string{
+	"telegram.org", "telegram.me", "t.me", "telegra.ph", "telegram.dog",
+}
+
+var TelegramDomainRegex = []string{
+	".*telegram.*", `.*t\.me.*`,
+}
+
+var TelegramIPs = []string{
+	"91.108.56.0/22", "91.108.4.0/22", "91.108.8.0/22",
+	"91.108.16.0/22", "91.108.12.0/22", "149.154.160.0/20",
+	"91.105.192.0/23", "91.108.20.0/22", "185.76.151.0/24",
+}
+
+// ProxyDNSDomains — domains NOT in refilter-domains.srs but must resolve via proxy DNS.
+// refilter-domains.srs (81k+ domains) covers all RKN-blocked domains.
+// This list only has domains missing from .srs that we still need through proxy.
+var ProxyDNSDomains = []string{
+	// Business-specific (not RKN-blocked)
+	"lovense.com", "lovense-api.com", "lovense.club",
+	// Not in refilter but needed
+	"anthropic.com",
+	"igcdn.com", "fbsbx.com",
+	// IP check services (must show proxy exit IP)
+	"ifconfig.me", "ifconfig.co", "icanhazip.com", "ipinfo.io", "ipify.org",
+}
+
+// IPCheckDomains — domains used for exit IP verification.
+var IPCheckDomains = []string{
+	"ifconfig.me", "ifconfig.co", "icanhazip.com", "ipinfo.io",
+}
+
+// BuildBypassProcesses merges default + custom bypass processes.
+func BuildBypassProcesses(custom []string) []string {
+	seen := make(map[string]bool, len(BypassProcesses)+len(custom))
+	result := make([]string, 0, len(BypassProcesses)+len(custom))
+	for _, p := range BypassProcesses {
+		if !seen[p] {
+			seen[p] = true
+			result = append(result, p)
+		}
+	}
+	for _, p := range custom {
+		if p != "" && !seen[p] {
+			seen[p] = true
+			result = append(result, p)
+		}
+	}
+	return result
+}
+
+// BuildBypassIPs merges static bypass IPs with dynamic server IPs.
+func BuildBypassIPs(serverIPs []string) []string {
+	seen := make(map[string]bool, len(StaticBypassIPs)+len(serverIPs))
+	result := make([]string, 0, len(StaticBypassIPs)+len(serverIPs))
+
+	for _, ip := range StaticBypassIPs {
+		if !seen[ip] {
+			seen[ip] = true
+			result = append(result, ip)
+		}
+	}
+	for _, ip := range serverIPs {
+		cidr := ip + "/32"
+		if !seen[cidr] {
+			seen[cidr] = true
+			result = append(result, cidr)
+		}
+	}
+	return result
+}
author	SergeiEU <39683682+SergeiEU@users.noreply.github.com>	2026-04-01 10:17:15 +0400
committer	SergeiEU <39683682+SergeiEU@users.noreply.github.com>	2026-04-01 10:17:15 +0400
commit	1bd203c5555046b7ee4fbfe2f822eb3d03571ad7 (patch)
tree	d8c85273ede547e03a5727bf185f5d07e87b4a08 /internal/config/bypass.go
download	vpnem-main.tar.gz vpnem-main.tar.bz2 vpnem-main.zip