VPN-6363: Better LAN exclusions

[oskirby]

Description

The way we set up LAN exclusions has begun to diverge between platforms, and I think we have some bugs in Linux. Specifically I have found that the IP routing policy of ip rule add table main suppress_prefixlength 0 has basically meant that we defer to the main routing table for all destinations, except the default route. This kindof works, except what we really intended was to send all traffic to the wireguard interface first and then punt traffic back to the main table if it wasn't really supposed to go to the wireguard interface.

To fix this, I think it's about time that we move the routing exclusion logic out of the client and make it a part of the Daemon setup - it has always kinda been this way for iOS anyways so we might as well make it the standard procedure.

Fun fact, it turns out that Android actually has an API for this that would be much better suited to setting up address-range exclusions: VpnService.Builder.excludeRoute()

Reference

JIRA Issue VPN-6363 JIRA Issue VPN-6482 JIRA Issue VPN-5865 Previous PR #9257

Checklist

• [ ] My code follows the style guidelines for this project
• [ ] I have not added any packages that contain high risk or unknown licenses (GPL, LGPL, MPL, etc. consult with DevOps if in question)
• [ ] I have performed a self review of my own code
• [ ] I have commented my code PARTICULARLY in hard to understand areas
• [ ] I have added thorough tests where needed