I found this in a PIA forum:
Hello everyone! Nick from QA here.
Our split tunnel feature is pretty comprehensive, and it’s impossible for us to test it against every single app in existence in house. I’d like to humbly ask you all to post any problems and/or workarounds on this thread. Also, since Linux binaries can hide in unexpected places, post the ones you find here, too.
To get things started:
Windows:
-
Localhost bug - any app which listens on localhost has to be accessed by your private IP address, rather than localhost or 127.0.0.1.
-
Plex does not work with split tunnel. To access your Plex server remotely, TURN OFF split tunnel and forward a port manually through your router. On your router, choose the port you specify in the Plex UI for the remote side and 32400 for the local side. The Plex UI will report that your server is not accessible remotely, but you will still be able to reach it from a remote device. To access from a remote web browser, enter
http://<ISP IP>:<Remote Port>. -
The Blizzard app update agent fails to connect, rendering the whole app unusable
-
Only TCP or UDP traffic may be excluded. Other protocols, such as ICMP, must route over the VPN
macOS:
- Only .app files can be excluded; naked binaries will not be excluded through split tunnel
- Only TCP or UDP traffic may be excluded. Other protocols, such as ICMP, must route over the VPN
Linux:
-
Server apps, such as Plex, Netcat, Jellyfin, etc do not exclude. A fix is pending.
-
Hidden directories cannot be accessed through the file selection GUI and must be typed into the file name bar manually
-
Flatpak apps cannot be excluded one-by-one; to exclude one, it is necessary to exclude Flatpak entirely, which resides in
/usr/bin/flatpak.
All platforms:
- Excluding Steam doesn’t necessarily exclude games launched from Steam. The behavior is bound to be slightly different per-platform, but Steam has a lot of moving parts and things may not work as expected.
Binary file locations on Linux:
Many Linux apps are run via .desktop files, links, or shell scripts. Only excluding the actual running binary file will allow a given app through the split tunnel. Most binaries are located in /bin , /usr/bin , /sbin , and /usr/sbin . To find them, run this command from the terminal: readlink /proc/$(pgrep <app name> | head -1)/exe . Exclude the exact file location returned. Snap packages can be found under the /snap directory, and .appimage files can be excluded directly.
Here are some examples of strange locations on Linux:
Chrome: /opt/google/chrome/chrome
Firefox: /usr/lib/firefox/firefox
Opera: /usr/lib/opera/opera
Chromium: /usr/lib/chromium/chromium
Brave: /usr/lib/brave/brave
Thunderbird: /usr/lib/thunderbird/thunderbird
Steam: ~/.local/share/Steam/ubuntu12_32/Steam
Steamwebhelper: ~/.local/share/Steam/ubuntu12_64/steamwebhelper
Hexchat: /usr/bin/hexchat
Discord: /opt/discord/Discord
This is a moving target, so please post any issues and/or workarounds you encounter on this thread. Thank you for participating.
