LAN traffic

includeAllNetworks does what it says on the tin. However, there are additional flags to opt out of specific types of traffic. The obvious one here is excludeLocalNetworks, but you should survey the full set of properties in the NEVPNProtocol class.

IMPORTANT One of the most important is the brand new excludeDeviceCommunication. We recently published a couple of technotes that touch on this:

• TN3158 Resolving Xcode 15 device connection issues

• TN3165 Packet Filter is not API

Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

Thanks eskimo, but please let me rephrase the question:

• 'includeAllNetworks' is disabled.
• At the provider, all routes are included: [NEIPv4Route.default()]

In this case, should the LAN traffic go via the VPN? Or is the LAN traffic excluded from the VPN?

includeAllNetworks is disabled.

Oh, wow, I completely misread that. Sorry about the confusion.

If you claim the default route then you’ll receive traffic for which there isn’t a specific route. By default Apple platforms add routes for all locally connected networks. So, if you have a Mac on Wi-Fi and a printer on that same Wi-Fi, the traffic to that printer shouldn’t come to your VPN.

Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"