That flag, is a MAJOR privacy improvement. If "All" really includes "all" networks.
Before, "some" undefined traffic to Apple systems might be routed outside the VPN. I guess this is so that Apple Private Relay is private, and other VPNs, eg wireguard, can't say "but you still route traffic elsewhere" like before, which would be an unfair advantage. Thanks Apple Employee X who arranged getting this in! Very very much appreciated! Greets, Jeroen > On 20210921, at 12:55, Juraj Hilje <[email protected]> wrote: > > If NETunnelProviderProtocol is configured with includeAllNetworks=true (Kill > Switch), when network change is detected the device connectivity goes offline > instead of routing VPN tunnel traffic through a new network. > > Here are some logs from the moment of this event: > 2021-09-20 12:07:26.735453: [NET] Network change detected with unsatisfied > route and interface order [en0, utun4, pdp_ip0] > 2021-09-20 12:07:26.736186: [NET] Connectivity offline, pausing backend. > 2021-09-20 12:07:26.736732: [NET] Device closing > 2021-09-20 12:07:26.737503: [NET] Routine: TUN reader - stopped > 2021-09-20 12:07:26.738970: [NET] Routine: event worker - stopped > 2021-09-20 12:07:26.739613: [NET] Routine: receive incoming v4 - stopped > 2021-09-20 12:07:26.742070: [NET] Routine: receive incoming v6 - stopped > 2021-09-20 12:07:26.746712: [NET] peer(eN1f…Oymc) - Stopping > 2021-09-20 12:07:26.751550: [NET] peer(eN1f…Oymc) - Routine: sequential > receiver - stopped > 2021-09-20 12:07:26.751597: [NET] peer(eN1f…Oymc) - Routine: sequential > sender - stopped > 2021-09-20 12:07:26.753433: [NET] Device closed > 2021-09-20 12:07:26.754097: [NET] Routine: decryption worker 5 - stopped > > Tested on devices: iOS 14.8, iPadOS 15 > WireGuardKit: 79aeb0be0d0aa3f6c8bd24309aaa8dcf03216fb4 > > More info on includeAllNetworks option: > https://developer.apple.com/documentation/networkextension/nevpnprotocol/3131931-includeallnetworks > > Can someone confirm this issue or point to a possible workaround? > Thanks! > > Juraj H.
