From b65ed279eda2f23c9431084fd0f06de52dce0965 Mon Sep 17 00:00:00 2001
From: Ben Schwartz <bemasc@google.com>
Date: Fri, 27 Jul 2018 15:33:04 -0400
Subject: [PATCH] Allow apps to bypass the VPN

In practice, apps could easily bypass Intra anyway, e.g. by
sending queries to a hardcoded resolver.  Explicitly allowing
bypass fixes #18 (interference with some WebRTC-based apps).
---
 Android/app/src/main/java/app/intra/DnsVpnService.java | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/Android/app/src/main/java/app/intra/DnsVpnService.java b/Android/app/src/main/java/app/intra/DnsVpnService.java
index 98eaa2ec..7e3a59ef 100644
--- a/Android/app/src/main/java/app/intra/DnsVpnService.java
+++ b/Android/app/src/main/java/app/intra/DnsVpnService.java
@@ -436,7 +436,11 @@ private ParcelFileDescriptor establishVpn() {
               .addDnsServer(privateIpv6Address.router);
 
       if (Build.VERSION.SDK_INT >= Build.VERSION_CODES.LOLLIPOP) {
-        builder = builder.setBlocking(true); // Only available in API >= 21
+        // Only available in API >= 21
+        builder = builder.setBlocking(true);
+        // Some WebRTC apps rely on the ability to bind to specific interfaces, which is only
+        // possible if we allow bypass.
+        builder = builder.allowBypass();
 
         try {
           // Workaround for any app incompatibility bugs.