I don't think this will work directly since both ios and android allow only one vpn to be active at a time. There are only two ways I can think of for this to be done.

1. Add an option in tail scale to split tunnel with an openvpn or wireguard config (to avoid the two apps and only one vpn interface can be active at the same time issue).
2. (Android Only) You can download an app like shelter which makes a work profile on your phone. You can for instance keep apps that need tailscale in the work profile while keeping apps that need mulvad in your standard profile (or vice versa.

I'm not asking for supporting running two VPNs at once. I'm saying there's a feature that Mullvad VPN on Android has that should be added to Tailscale VPN also.

Yeah, that would make sense as a feature, I think. Thanks for the suggestion!

One guy started working on this feature, but no updates since the end of summer tailscale/tailscale-android#56

The lack of this feature breaks Android Auto. I.e. if I have Tailscale enabled, Android Auto won't be able to connect to the network until I disable VPN. "Most other" VPN clients have support for split tunneling on Android precisely for this reason.

I ran into this while crafting an Automate flow to trigger Wake-on-LAN. The packet fails to send with:

android.system.ErrnoException: Binding socket to network 100 failed: EPERM (Operation not permitted)

I am able to split-tunnel the Automate app through e.g. Mullvad and it sends the packet properly, but the only mechanism for Tailscale is currently hardcoded (like Android Auto), which isn't necessarily a viable method for tasking apps like Automate or Tasker because one may want tasks to go through the VPN depending on workflow.

It's worth noting that the above occurs even without an active exit node.

This is also relevant for apps such as Netflix that explicitly block data center IPs, though this is only applicable for an exit node with a blocked IP.

I can take a look at that PR to see what needs to be done to make that process interactive, but any direction would be greatly appreciated.

Also @Ged-fi, the issue with Android Auto should have been solved with v1.30.0. #3828 may need to be reopened if that's not the case.

@Myned I am on 1.36.1, experiencing issues with Android Auto just in the last week. I will try to reproduce the issue. It may be a local device problem, as often with Android - but perhaps worth checking that there isn't a feature regression somewhere?

I wasn't able to reproduce the problem with Android Auto using the latest master (v1.37.0-dev20230306) and the Android Studio desktop head unit. Internet access functions correctly on the device.

@Myned I can confirm that this works under most conditions, but seems to occasionally break when networks change. I have not been able to reliably reproduce what might be triggering the error condition, and it may also be device-specific. My initial hunch is that the device switching between WIFI, 3G and LTE seems to sometimes cause DNS resolution to not work as expected. However, troubleshooting this with only a standard handset is challenging at best. I will update the ticket if I somehow manage to identify a way to reliably reproduce what I am seeing.

I could see what you're experiencing being related to #915, in that case.
Main workaround is to disable MagicDNS or Private DNS, if you have both enabled.

It may also be #5783. Setting a DNS override in the admin console for Tailscale is the workaround for that.

Regardless, this is perhaps a bit off-topic for this issue with split tunneling.

I keep running into the same problem. If I have tailscale enabled on my Android phone I currently need to turn this off whenever I am in my car for apps that want to communicate with the car over the built in Wifi (Android auto itself works fine finally) and when using payment app in stores (no.coop.members).

We really need to be able to specify apps that are excluded instead of having to create bug reports to get them added to the hardcoded exclude list like Android Auto.

Similarly to the Android Auto issue, the Google Home app lists all devices as offline while I am connected to TS. Disabling TS and all apps come back online again. This only happens when I have the TS VPN connection set to block all non-VPN connections. So, again, a per-app whitelist allowing certain apps like Android Auto and Google Home would be greatly beneficial to TS Android users.

How is the development progress of this feature? I feel that this feature is very necessary. Why has there been no corresponding progress for such a long time? Have there been any issues encountered?

Yeah hopefully we can see this feature get added at some point.