GitLab

We want to do all kinds of stuff with internet traffic - Domain blocking, IP blocking, logging - lots of things that can be done.

Android already supports sending all traffic to a VPN, and you can run one VPN per user. A user is an android user you create from settings, or a work profile - and we want a work profile.

That way we can have multiple VPNs running at the same time without any conflicts.

Then we just need to setup some routing to send all traffic to our firewall VPN always, and then if the user is using a separate encrypted VPN, we send it to that afterwards.

So we have two users

• user 0 - the default, main user
• user 10 - a work profile we created just to run our firewall VPN

What we need is

1. Send all traffic from user 0 to firewall VPN running in user 10, always
2. If user 0 has it's own encrypted VPN running, we need to send traffic back to that instead of directly outside.

We don't really care about user 10 too much apart from just having it run the VPN app - don't want it to be used for anything else, users can have a third work profile if they want, we have patches for that.

This then avoids complexity, and lets us make some decisions to make writing all the rules easier.