Detour domestic IPs to reduce load/costs on the VPN server

[emohandesi]

Is there an existing issue that is already proposing this?

• Yes, there is Selective ("smart") proxying #887 which discusses this issue thoroughly in a broader sense and provides various approaches to address the broader version of this issue.

Application

Outline Client

What are you trying to do? What is your use case?

The Outline client should not use the VPN server for the domestic IPs that are not blocked within the country. For example, a user in Iran accessing an Iranian website (whose content is stored on Iranian IPs) through the Outline client, should not have the connection to go through the VPN server because the website is not blocked within that country.
This will reduce the load on the Outline VPN server and eventually save costs for the VPN provider in addition to the clients who pay for the VPN.
In addition, there are many Iranian governmental and financial websites that do not work when accessed from foreign IPs which is the case when the user is using a VPN client. Therefore, users have to disconnect from their VPN connection to visit such websites. Using this feature, users will not need to turn off their VPN server to visit such websites.

Is your feature request related to a problem? Please describe it.

Yes, it is related to #887. However, the problem discussed in #887 is a broader problem compared to this one which makes its solution way more complicated and that might be one reason why it has not been addressed yet.

The problem discussed here only wants to bypass domestic IPs; while the issue discussed in #887 wants to bypass all the traffic that is not blocked. The solution proposed here will help to some extent, but will not address all cases discussed in #887.

Describe the solution you'd like.

The Outline client should bypass requests that go to an IP of the same country as the user and not use the Outline VPN server for them. The reason is that the IP addresses of the same country are not blocked.
The pull request #311 has implemented this bypass approach for local IP addresses. This can be extended to include the IP ranges for each country.
This feature should be turned off by default in order not to change the expected behavior of the app. The following method is the suggested approach to turn on this feature.

1. Static access keys: the keyword detour=1 can be added to the connection string as shown below:

ss://Y2hhY2hhMjAtaWV0Zi1wb2x5MTMwNTozZ2FEYmtzOFloZmg@ol.server.com:29423/?outline=1&detour=1

2. Dynamic access keys:

{
    "server": "www.example.com",
    "server_port": 443,
    "method": "chacha20-ietf-poly1305",
    "password": "0MIZb3fhUNDzQBAW11D5Tr",
    "detour": 1,
}

Storage of Country IPs

Download the country IPs from a web address when the Outline app connects to a VPN service for the first time in that specific country and store the file on the device.
When the user connects to a VPN for the first time, Outline will download the IP white list of the user's country and will bypass requests sent to those IPs. After that, every time the user connects to the VPN server, the last modification date of the online IP white list file is checked and it is downloaded if it is a newer version.

Pros

• IP white list update can happen without the user having to update their app.

Cons

• The small overhead of downloading the white list only the first time that the user connects to a VPN server; which can be ignored because the download size is virtually nothing.

Describe alternatives you've considered

There are other approaches to storing and retrieving the IP white list as described below. The method for bypassing the domestic IPs is the same as the method used in #311 in all these approaches.

Hard-coding the Country IPs

This approach depends on how much space we are allowed to add to the Outline app. Currently, the size of the Android Outline app is ~30 MB, and the size of the IP tables for each country is around 10s of KBs. For example, the size of the text file containing the Iranian IPs is ~30 KB. Therefore, adding the IPs of a few critical countries where most Outline users reside, such as Iran, China, and Russia should be feasible and reasonable.

Cons

• The Outline app size increases a little bit.
• The IPs of countries where the user does not reside will be stored on the user's device which is not needed.
• IP list update can only happen by the app update.

Let the user upload a list of white-listed IPs

In the app settings, an option can be added so that the user can upload an IP white-list file.

Pros

• The user can go even beyond white-listing the domestic IPs and can upload an IP list that white-lists international IPs that are not blocked in their country.

Cons

• Can be complicated for many users.

Add the IP white list link to the access key

The access key will contain a link to the IP white list as shown below.

ss://Y2hhY2hhMjAtaWV0Zi1wb2x5MTMwNTozZ2FEYmtzOFloZmg@ol.server.com:29423/?outline=1&detour=https://github.com/Jigsaw-Code/outline-apps/blob/master/white-lists/iran.txt

Pros

• The VPN provider can set the IP white list and change it without affecting the users.

Cons

• If the user travels to a different country and wants to use the key there, the list for the new country is not automatically applied and domestic IPs of the new country are not bypassed. However, it will not affect many users because very few of them happen to travel to multiple countries needing to use the same VPN.

[sbruens]

You are suggesting something we call selective proxying, which is a long-standing feature request #887. Marking as dupe of that to centralize this request.