From: Jeroen Massar <firstname.lastname@example.org>
To: Juraj Hilje <email@example.com>
Subject: Re: [wireguard-apple] [iOS] Changing network fails with includeAllNetworks (Kill Switch)
Date: Wed, 22 Sep 2021 10:19:46 +0200 [thread overview]
Message-ID: <20076636-54BD-46DF-A4F2-ADD0E559C5F3@massar.ch> (raw)
That flag, is a MAJOR privacy improvement.
If "All" really includes "all" networks.
Before, "some" undefined traffic to Apple systems might be routed outside the VPN.
I guess this is so that Apple Private Relay is private, and other VPNs, eg wireguard, can't say "but you still route traffic elsewhere" like before, which would be an unfair advantage.
Thanks Apple Employee X who arranged getting this in! Very very much appreciated!
> On 20210921, at 12:55, Juraj Hilje <firstname.lastname@example.org> wrote:
> If NETunnelProviderProtocol is configured with includeAllNetworks=true (Kill Switch), when network change is detected the device connectivity goes offline instead of routing VPN tunnel traffic through a new network.
> Here are some logs from the moment of this event:
> 2021-09-20 12:07:26.735453: [NET] Network change detected with unsatisfied route and interface order [en0, utun4, pdp_ip0]
> 2021-09-20 12:07:26.736186: [NET] Connectivity offline, pausing backend.
> 2021-09-20 12:07:26.736732: [NET] Device closing
> 2021-09-20 12:07:26.737503: [NET] Routine: TUN reader - stopped
> 2021-09-20 12:07:26.738970: [NET] Routine: event worker - stopped
> 2021-09-20 12:07:26.739613: [NET] Routine: receive incoming v4 - stopped
> 2021-09-20 12:07:26.742070: [NET] Routine: receive incoming v6 - stopped
> 2021-09-20 12:07:26.746712: [NET] peer(eN1f…Oymc) - Stopping
> 2021-09-20 12:07:26.751550: [NET] peer(eN1f…Oymc) - Routine: sequential receiver - stopped
> 2021-09-20 12:07:26.751597: [NET] peer(eN1f…Oymc) - Routine: sequential sender - stopped
> 2021-09-20 12:07:26.753433: [NET] Device closed
> 2021-09-20 12:07:26.754097: [NET] Routine: decryption worker 5 - stopped
> Tested on devices: iOS 14.8, iPadOS 15
> WireGuardKit: 79aeb0be0d0aa3f6c8bd24309aaa8dcf03216fb4
> More info on includeAllNetworks option:
> Can someone confirm this issue or point to a possible workaround?
> Juraj H.
prev parent reply other threads:[~2021-09-22 13:29 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-09-21 10:55 [wireguard-apple] [iOS] Changing network fails with includeAllNetworks (Kill Switch) Juraj Hilje
2021-09-22 8:08 ` Andrej Mihajlov
2021-09-22 8:55 ` Juraj Hilje
2021-09-22 8:59 ` Andrej Mihajlov
2021-09-22 13:26 ` Juraj Hilje
2021-09-28 11:03 ` Andrej Mihajlov
2021-10-19 9:54 ` Andrej Mihajlov
2021-10-19 12:22 ` Juraj Hilje
2021-09-22 14:41 ` Jeffrey Walton
2021-09-22 8:19 ` Jeroen Massar [this message]
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).