In short, I’m curious if multicast traffic (in general) is forwarded via IOS’s native IKEv2 VPN tunnel? (“road warrior”)… More specifically, I'm trying to understand how that may influence mDNS/Bonjour traffic? NOTE: The way that I am framing this discussion is inherently IPv4/IGMP-centric, although if there's a substantive IPv6 difference, that clarification would also be appreciated. Is there an obvious scenario where mDNS/SSDP/Bonjour name resolution of "something.local” or just “something” (hostname without FQDN) would be resolved on the IP-network associated with the physical ethernet interface / broadcast IP subnet of the end user Apple IOS device (either wifi or LTE), rather than the virtual interface of the VPN? For instance, if the IOS/BSD kernel processing expressly treats multicast differently from unicast traffic, then it’s conceivable that an IKEv2 tunnel could be established, and yet multicast could be operated in a “split-tunnel” mode where (intentionally, or even due to a race condition) mDNS/bonjour traffic emanates locally, or possibly across all interfaces, regardless of preferred-default route? I was hoping you would respond to this query with an answer like: The IKEv2 (road Warrior) VPN ensures all traffic, including broadcast + multicast are exclusively routed to the remote VPN endpoint, with no leakage... or There are known scenarios where multicast or broadcast traffic can operate effectively as a split-tunnel to the unicast traffic routing over the IKEv2 VPN, and if mDNS name resolution is of concern to you, you should review ________ for how to use MDM services to control that. Thank you!