- Edited
Hello,
I ask for help configuring networking on Pixel 8a running latest GrapheneOS.
Most of my traffic needs to go strictly through VPN client (managed by VPN provider's app, which also has an Exclude list and Bypass VPN for local connections options)
I also use Syncthing for WLAN-only sync (bound to particular IP address itself, and connecting to particular IP address on WLAN, all relaying and discovery disabled)
Ideally, I would want all traffic except Syncthing to be stricly limited to VPN, and get cut off without leaking when VPN disconnects for whatever reason; and Syncthing traffic to be strictly limited to WLAN, without any possibility for leaking elsewhere.
Hopeful that Syncthing configured to listen on particular local address and connect to single device occupying another particular local address is enough to safeguard it from leaks, I could settle for just keeping traffic of all other apps from leaking outside the tunnel.
I can't use Block connections without VPN option of Always-On VPN - because then, Syncthing doesn't connect, even with Bypass VPN for local connections option enabled and not being on the exclude list in the VPN client app.
From my understanding, all no-root firewall apps with more advanced functionality will occupy a VPN slot, and I won't be able to use my VPN then, defeating the purpose.
And rooting GrapheneOS to get more advanced firewall functionality via proper firewall app would defeat the whole point of using GrapheneOS.
Can I implement the desired networking configuration on GrapheneOS somehow? Maybe leveraging second user profile or something?
