Adds a "Split Tunnel" toggle to the app profile quick-settings bar,
mirroring splittun/use per-app setting.
Shows an interference dot when:
- splittun/usagePolicy has Exclude rules (yellow)
- SPN is active and routes all traffic, fully bypassing Split Tunnel (red)
- SPN is active and partially bypasses Split Tunnel (yellow)
Dot and interference checks are suppressed when the Split Tunneling
or SPN module is globally disabled.
- Replace "Safing Support" feature with Split Tunneling in features.go,
using a dedicated config key/scope and free package tier
- Fix feature-card component to prioritize ConfigKey over ConfigScope
when resolving the config lookup key
- New config.go registers the "splittun/enable" boolean option
- subsystems.ts: change ToggleOptionKey from splittun/use to splittun/enable
- Module Start/Stop replaced with enable()/disable() helpers driven by
the config option; a callback on EventConfigChange toggles state at runtime
Implement initial proof-of-concept for split tunnel functionality on Windows,
allowing applications to route traffic through a designated network interface
while bypassing default system routing.
Features:
- Split tunnel module with TCP/UDP proxy infrastructure
- Firewall integration with split tunnel verdict handling
- SplitTunneling context attached to connections
- Configuration options: enable toggle, interface selection, and policy rules
- UI display of split tunnel connection details in connection info panel
- Subsystem configuration for user-level access
Windows-specific implementation:
- Uses proxy-based interface routing on Windows
- Automatic or manual interface detection and binding
- Support for IPv4 and IPv6 traffic
Note: Linux implementation is under development. SPN takes precedence over
split tunnel when both are enabled, ensuring SPN connections bypass this feature.
Add a new verdict (value 8) for routing connections through the split
tunnel. This prepares the infrastructure for the upcoming split-tunneling
feature without implementing the full feature yet.
Changes:
- Define VerdictRerouteToSplitTun in network/status.go with String() and Verb()
- Add RerouteToSplitTun() to the Packet interface and InfoPacket stub
- Implement RerouteToSplitTun() for windowskext (v1) and windowskext2 (v2) packets
- Map VerdictRerouteToSplitTun to KextVerdict 11 in kextinterface and kext2
- Handle the verdict in packet_handler.go dispatch, connection.go, api.go,
metrics.go and nameserver.go
- Add VerdictRerouteToSplitTun = 8 to Angular Verdict enum and update
stats counting, filter queries and verdict CSS class
(WIP) Note: Linux (nfq) implementation not updated yet. Therefore Linux build will fail.
Actions with visibility "in-app-only" are shown in the UI but skipped
when displaying system-level notifications (Tauri/OS). Updates Go,
TypeScript/Angular and Rust projects accordingly.
When Portmaster connects to the IVPN Client, display an info notification
informing the user that IVPN connections are allowed and that DNS will be
handled by Portmaster's local resolver when configured.
The notification includes a "Do not notify me anymore" action that
permanently suppresses future notifications by writing a marker record to
the core database. The check runs before showing the notification on each
subsequent connection.
The "Reset Notification States" API endpoint (and matching UI menu item)
now also clears the IVPN suppression record alongside the broadcast states,
so all suppressed notifications can be restored at once.
- service/interop/ivpn: add notification.go with initAndShowNotification,
isNotificationSuppressed, and suppressNotification
- service/interop/ivpn/ivpn.go: show notification on connect if not suppressed
- service/broadcasts/api.go: extend reset-state handler to also delete the
IVPN suppression record; update endpoint name and description
- desktop: rename "Reset Broadcast State" menu item and toast messages to
"Reset Notifications State"
Add a `Visibility` field to the `Action` struct allowing actions to be
hidden in the compact notification view and only shown when the user
expands the full notification (value: "detailed").
- base/notifications: add `ActionVisibility` type and `ActionVisibilityDetailed`
constant to `Action` struct
- notifications.types.ts: expose `Visibility` field on the frontend `BaseAction`
interface
- notification-list.component.html: filter out `detailed` actions in the
compact list view
- generic-setting.ts: set default `Visibility: ''` on the inline UI action
Add Subject-based manual trigger to immediately update "Last reload X ago" display when search completes, instead of waiting up to 2 seconds for next interval tick.
STR:
1. Network Activity View
2. Set "Search History" From/To dates in the future
3. Set "Group By" Domain
Observed Result:
- Infinite “Loading connections…” status.
- The UI remains unresponsive to any changes in connection filters or reload actions.
https://github.com/safing/portmaster/issues/2041
Alexandr Stelnykovych
Alexandr Stelnykovych