package config // BYPASS_PROCESSES — processes that go direct, bypassing TUN. // Ported 1:1 from vpn.py. var BypassProcesses = []string{ "QTranslate.exe", "aspia_host.exe", "aspia_host_service.exe", "aspia_desktop_agent.exe", "chrome.exe", "firefox.exe", "Performer Application v5.x.exe", "chromium.exe", "msedgewebview2.exe", "Яндекс Музыка.exe", "obs64.exe", } // LovenseProcessRegex — force Lovense through proxy regardless of mode. var LovenseProcessRegex = []string{"(?i).*lovense.*"} // BYPASS_IPS — VPN server IPs + service IPs, always direct. // NL servers, RU servers, misc. var StaticBypassIPs = []string{ // NL servers "5.180.97.200/32", "5.180.97.199/32", "5.180.97.198/32", "5.180.97.197/32", "5.180.97.181/32", // RU servers "84.252.100.166/32", "84.252.100.165/32", "84.252.100.161/32", "84.252.100.117/32", "84.252.100.103/32", // Misc "109.107.175.41/32", "146.103.104.48/32", "77.105.138.163/32", "91.84.113.225/32", "146.103.98.171/32", "94.103.88.252/32", "178.20.44.93/32", "89.124.70.47/32", } // ReservedCIDRs — ranges not covered by ip_is_private. var ReservedCIDRs = []string{ "100.64.0.0/10", // CGNAT / Tailscale "192.0.0.0/24", // IETF protocol assignments "192.0.2.0/24", // TEST-NET-1 "198.51.100.0/24", // TEST-NET-2 "203.0.113.0/24", // TEST-NET-3 "240.0.0.0/4", // Reserved (Class E) "255.255.255.255/32", // Broadcast } // LocalDomainSuffixes — local/mDNS domains, always direct. var LocalDomainSuffixes = []string{ "local", "localhost", "lan", "internal", "home.arpa", "corp", "intranet", "test", "invalid", "example", "home", "localdomain", } // WindowsNCSIDomains — Windows Network Connectivity Status Indicator. // Without these going direct, Windows shows "No Internet" warnings. var WindowsNCSIDomains = []string{ "msftconnecttest.com", "msftncsi.com", } // ForcedProxyIPs — IPs that must always go through proxy. var ForcedProxyIPs = []string{ "65.21.33.248/32", "91.132.135.38/32", } // Telegram — hardcoded, applied to ALL modes. var TelegramDomains = []string{ "telegram.org", "telegram.me", "t.me", "telegra.ph", "telegram.dog", } var TelegramDomainRegex = []string{ ".*telegram.*", `.*t\.me.*`, } var TelegramIPs = []string{ "91.108.56.0/22", "91.108.4.0/22", "91.108.8.0/22", "91.108.16.0/22", "91.108.12.0/22", "149.154.160.0/20", "91.105.192.0/23", "91.108.20.0/22", "185.76.151.0/24", } // ProxyDNSDomains — domains NOT in refilter-domains.srs but must resolve via proxy DNS. // refilter-domains.srs (81k+ domains) covers all RKN-blocked domains. // This list only has domains missing from .srs that we still need through proxy. var ProxyDNSDomains = []string{ // Business-specific (not RKN-blocked) "lovense.com", "lovense-api.com", "lovense.club", // Not in refilter but needed "anthropic.com", "igcdn.com", "fbsbx.com", // IP check services (must show proxy exit IP) "ifconfig.me", "ifconfig.co", "icanhazip.com", "ipinfo.io", "ipify.org", } // IPCheckDomains — domains used for exit IP verification. var IPCheckDomains = []string{ "ifconfig.me", "ifconfig.co", "icanhazip.com", "ipinfo.io", } // BuildBypassProcesses merges default + custom bypass processes. func BuildBypassProcesses(custom []string) []string { seen := make(map[string]bool, len(BypassProcesses)+len(custom)) result := make([]string, 0, len(BypassProcesses)+len(custom)) for _, p := range BypassProcesses { if !seen[p] { seen[p] = true result = append(result, p) } } for _, p := range custom { if p != "" && !seen[p] { seen[p] = true result = append(result, p) } } return result } // BuildBypassIPs merges static bypass IPs with dynamic server IPs. func BuildBypassIPs(serverIPs []string) []string { seen := make(map[string]bool, len(StaticBypassIPs)+len(serverIPs)) result := make([]string, 0, len(StaticBypassIPs)+len(serverIPs)) for _, ip := range StaticBypassIPs { if !seen[ip] { seen[ip] = true result = append(result, ip) } } for _, ip := range serverIPs { cidr := ip + "/32" if !seen[cidr] { seen[cidr] = true result = append(result, cidr) } } return result }