> The SDK’s config ships a flag “use_netifs”: true. That flag triggers code in the SDK binary tha...

calcifer • today at 12:25 PM • 2 replies • view on HN

> The SDK’s config ships a flag “use_netifs”: true. That flag triggers code in the SDK binary that constructs its NWConnection with a specific required interface: en0 (WiFi) or pdp_ip0 (cellular), rather than using the system default route.

> On iOS, this bypasses any configured VPN’s tun0 interface entirely. The peer tunnel does not cross a user-configured VPN, even when the rest of the app’s HTTPS traffic does.

What's a legitimate use case for this API? When/why should an app be allowed to bypass a user-configured VPN?

Replies

chmod775 • today at 12:56 PM

> What's a legitimate use case for this API?

When you're the application providing the VPN or when you're any app built to communicate with something on a local-ish network, not something actually reachable globally.

picofarad • today at 12:48 PM

> When/why should an app be allowed to bypass a user-configured VPN?

temporarily if full tunnelling isn't working, one can split tunnel to route around issues due to VPN

But imo an app should never bypass something like a network boundary.

➕ show 1 reply

alt Hacker News

Replies