From deb14748c815f920d0c467fdcafc4cb6a8937119 Mon Sep 17 00:00:00 2001
From: goku <goku@unboundtech.de>
Date: Wed, 11 Feb 2026 21:12:59 +0100
Subject: [PATCH] Add exclusion for Google services and ad domains in VPN
 tunnel settings

---
 .../app/src/main/kotlin/com/defyx/defyx/VpnService.kt    | 9 ++++++---
 ios/PacketTunnel/PacketTunnelProvider.swift              | 8 ++++++++
 macos/PacketTunnel/PacketTunnelProvider.swift            | 8 ++++++++
 3 files changed, 22 insertions(+), 3 deletions(-)

diff --git a/android/app/src/main/kotlin/com/defyx/defyx/VpnService.kt b/android/app/src/main/kotlin/com/defyx/defyx/VpnService.kt
index e35a4ce..67fecbb 100644
--- a/android/app/src/main/kotlin/com/defyx/defyx/VpnService.kt
+++ b/android/app/src/main/kotlin/com/defyx/defyx/VpnService.kt
@@ -173,11 +173,14 @@ class DefyxVpnService : VpnService() {
                                 .allowFamily(android.system.OsConstants.AF_INET)
                                 .setMtu(1500)
                                 .setBlocking(true)
-                                .allowBypass()
 
+                // Bypass only Google Play Services to allow ads to work
                 try {
-                    builder.addDisallowedApplication(context.packageName)
-                } catch (_: Exception) {}
+                    builder.addDisallowedApplication("com.google.android.gms")
+                    builder.addDisallowedApplication("com.google.android.gsf")
+                } catch (e: Exception) {
+                    Log.w(TAG, "Failed to exclude Google services: ${e.message}")
+                }
 
                 vpnInterface?.close()
                 vpnInterface = builder.establish()
diff --git a/ios/PacketTunnel/PacketTunnelProvider.swift b/ios/PacketTunnel/PacketTunnelProvider.swift
index f911c43..7d8736e 100644
--- a/ios/PacketTunnel/PacketTunnelProvider.swift
+++ b/ios/PacketTunnel/PacketTunnelProvider.swift
@@ -46,6 +46,14 @@ class PacketTunnelProvider: NEPacketTunnelProvider {
             subnetMasks: ["255.255.255.0"]
         )
         networkSettings.ipv4Settings?.includedRoutes = [NEIPv4Route.default()]
+        
+        // Exclude Google ad domains from VPN tunnel
+        // Common Google IP ranges for ads: 142.250.0.0/16, 172.217.0.0/16, 216.58.192.0/19
+        networkSettings.ipv4Settings?.excludedRoutes = [
+            NEIPv4Route(destinationAddress: "142.250.0.0", subnetMask: "255.255.0.0"),
+            NEIPv4Route(destinationAddress: "172.217.0.0", subnetMask: "255.255.0.0"),
+            NEIPv4Route(destinationAddress: "216.58.192.0", subnetMask: "255.255.224.0")
+        ]
 
         networkSettings.ipv6Settings = NEIPv6Settings(
             addresses: ["FC00::0001"],
diff --git a/macos/PacketTunnel/PacketTunnelProvider.swift b/macos/PacketTunnel/PacketTunnelProvider.swift
index 24fc763..986c4f7 100644
--- a/macos/PacketTunnel/PacketTunnelProvider.swift
+++ b/macos/PacketTunnel/PacketTunnelProvider.swift
@@ -46,6 +46,14 @@ class PacketTunnelProvider: NEPacketTunnelProvider {
             subnetMasks: ["255.255.255.0"]
         )
         networkSettings.ipv4Settings?.includedRoutes = [NEIPv4Route.default()]
+        
+        // Exclude Google ad domains from VPN tunnel
+        // Common Google IP ranges for ads: 142.250.0.0/16, 172.217.0.0/16, 216.58.192.0/19
+        networkSettings.ipv4Settings?.excludedRoutes = [
+            NEIPv4Route(destinationAddress: "142.250.0.0", subnetMask: "255.255.0.0"),
+            NEIPv4Route(destinationAddress: "172.217.0.0", subnetMask: "255.255.0.0"),
+            NEIPv4Route(destinationAddress: "216.58.192.0", subnetMask: "255.255.224.0")
+        ]
 
         networkSettings.ipv6Settings = NEIPv6Settings(
             addresses: ["FC00::0001"],