Added network range collapse for split-tunnel definitions

2026-02-04 10:53:06 -07:00 · 2026-02-04 10:53:06 -07:00 · bade50dad3
commit bade50dad3
parent 09354e9ae6
1 changed files with 12 additions and 5 deletions
--- a/src/vpn_manager_globalprotect/vpnc.py
+++ b/src/vpn_manager_globalprotect/vpnc.py
@ -209,12 +209,12 @@ class Config:
                        route.get("Family") == 2
                        and route.get("ScopeString") == "link"
                        and route.get("ProtocolString") == "kernel"
+                        and route.get("TableString") == "main"
                    ):
-                        self.write_exclusion(
-                            dir,
+                        self.split_tunnel_exclusions.append(
                            ipaddress.IPv4Network(
                                f"{'.'.join(str(octet) for octet in route.get('Destination', [255, 255, 255, 255]))}/{route.get('DestinationPrefixLength', 32)}"
-                            ),
+                            )
                        )

    async def write_config(self, path: Path, manager: ProxyInterface):
@ -272,11 +272,18 @@ class Config:
        else:
            dir.mkdir()
        self._route_id = 0
+        if self.vpnd_allow_local_net:
+            await self.create_localnet_exclusions(dir, manager)
+        # Collapse the address ranges to reduce routing rules and increase network performance
+        self.split_tunnel_exclusions = ipaddress.collapse_addresses(
+            self.split_tunnel_exclusions
+        )
+        self.split_tunnel_inclusions = ipaddress.collapse_addresses(
+            self.split_tunnel_inclusions
+        )
        if self.vpnd_enforce_split_tunnel:
            for net in self.split_tunnel_exclusions:
                self.write_exclusion(dir, net)
-            if self.vpnd_allow_local_net:
-                await self.create_localnet_exclusions(dir, manager)
        for net in self.split_tunnel_inclusions:
            self.write_route(dir, net)
        stream.close()