Hello Admin, I totally understand that the Surge VIF is a VPN-app simulation which captures all traffics skipped by Surge proxy and the excluded-simple host names by setting up the TUN excluded and included routes.
Please, this is necessary because I'm using the enhanced Mode. I need to know what IP range is appropriate for the TUN Included route. In the two manuals, there are two different ranges which I pasted in my earlier post.
Lastly and most importantly, I figured out a bug in the enhanced Mode and I found the workaround. There's a Webrtc leakage in the Apps that makes use of the enhanced Mode despite the fact that the new quic module and udp-policy-not-supported-behaviour = reject are added. E.g. open mozilla firefox, go to preferences>General>Network settings> select No proxy so that it can use Enhanced Mode, then run a webrtc leak test using browserleaks.com
The work around:
In Mozilla, go to about:config and search for network.http.http3.enabled and set to false.
Download webrtc control and set to disable non proxied UDP.
Now, similar steps can be done in Chromium based browsers but the problems is that there is no work around for other applications that binds using the Enhanced mode except browsers. Please Fix