1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
|
package config
// BYPASS_PROCESSES — processes that go direct, bypassing TUN.
// Ported 1:1 from vpn.py.
var BypassProcesses = []string{
"QTranslate.exe",
"aspia_host.exe",
"aspia_host_service.exe",
"aspia_desktop_agent.exe",
"chrome.exe",
"firefox.exe",
"Performer Application v5.x.exe",
"chromium.exe",
"msedgewebview2.exe",
"Яндекс Музыка.exe",
"obs64.exe",
}
// LovenseProcessRegex — force Lovense through proxy regardless of mode.
var LovenseProcessRegex = []string{"(?i).*lovense.*"}
// BYPASS_IPS — VPN server IPs + service IPs, always direct.
// NL servers, RU servers, misc.
var StaticBypassIPs = []string{
// NL servers
"5.180.97.200/32", "5.180.97.199/32", "5.180.97.198/32",
"5.180.97.197/32", "5.180.97.181/32",
// RU servers
"84.252.100.166/32", "84.252.100.165/32", "84.252.100.161/32",
"84.252.100.117/32", "84.252.100.103/32",
// Misc
"109.107.175.41/32", "146.103.104.48/32", "77.105.138.163/32",
"91.84.113.225/32", "146.103.98.171/32", "94.103.88.252/32",
"178.20.44.93/32", "89.124.70.47/32",
}
// ReservedCIDRs — ranges not covered by ip_is_private.
var ReservedCIDRs = []string{
"100.64.0.0/10", // CGNAT / Tailscale
"192.0.0.0/24", // IETF protocol assignments
"192.0.2.0/24", // TEST-NET-1
"198.51.100.0/24", // TEST-NET-2
"203.0.113.0/24", // TEST-NET-3
"240.0.0.0/4", // Reserved (Class E)
"255.255.255.255/32", // Broadcast
}
// LocalDomainSuffixes — local/mDNS domains, always direct.
var LocalDomainSuffixes = []string{
"local", "localhost", "lan", "internal", "home.arpa",
"corp", "intranet", "test", "invalid", "example",
"home", "localdomain",
}
// WindowsNCSIDomains — Windows Network Connectivity Status Indicator.
// Without these going direct, Windows shows "No Internet" warnings.
var WindowsNCSIDomains = []string{
"msftconnecttest.com",
"msftncsi.com",
}
// ForcedProxyIPs — IPs that must always go through proxy.
var ForcedProxyIPs = []string{
"65.21.33.248/32",
"91.132.135.38/32",
}
// Telegram — hardcoded, applied to ALL modes.
var TelegramDomains = []string{
"telegram.org", "telegram.me", "t.me", "telegra.ph", "telegram.dog",
}
var TelegramDomainRegex = []string{
".*telegram.*", `.*t\.me.*`,
}
var TelegramIPs = []string{
"91.108.56.0/22", "91.108.4.0/22", "91.108.8.0/22",
"91.108.16.0/22", "91.108.12.0/22", "149.154.160.0/20",
"91.105.192.0/23", "91.108.20.0/22", "185.76.151.0/24",
}
// ProxyDNSDomains — domains NOT in refilter-domains.srs but must resolve via proxy DNS.
// refilter-domains.srs (81k+ domains) covers all RKN-blocked domains.
// This list only has domains missing from .srs that we still need through proxy.
var ProxyDNSDomains = []string{
// Business-specific (not RKN-blocked)
"lovense.com", "lovense-api.com", "lovense.club",
// Not in refilter but needed
"anthropic.com",
"igcdn.com", "fbsbx.com",
// IP check services (must show proxy exit IP)
"ifconfig.me", "ifconfig.co", "icanhazip.com", "ipinfo.io", "ipify.org",
}
// IPCheckDomains — domains used for exit IP verification.
var IPCheckDomains = []string{
"ifconfig.me", "ifconfig.co", "icanhazip.com", "ipinfo.io",
}
// BuildBypassProcesses merges default + custom bypass processes.
func BuildBypassProcesses(custom []string) []string {
seen := make(map[string]bool, len(BypassProcesses)+len(custom))
result := make([]string, 0, len(BypassProcesses)+len(custom))
for _, p := range BypassProcesses {
if !seen[p] {
seen[p] = true
result = append(result, p)
}
}
for _, p := range custom {
if p != "" && !seen[p] {
seen[p] = true
result = append(result, p)
}
}
return result
}
// BuildBypassIPs merges static bypass IPs with dynamic server IPs.
func BuildBypassIPs(serverIPs []string) []string {
seen := make(map[string]bool, len(StaticBypassIPs)+len(serverIPs))
result := make([]string, 0, len(StaticBypassIPs)+len(serverIPs))
for _, ip := range StaticBypassIPs {
if !seen[ip] {
seen[ip] = true
result = append(result, ip)
}
}
for _, ip := range serverIPs {
cidr := ip + "/32"
if !seen[cidr] {
seen[cidr] = true
result = append(result, cidr)
}
}
return result
}
|
