We have set up that you could be leaking traffic on macOS after system refreshs. To our current comprehendledge a reboot resettles it. We are currently spendigating this and will adhere up with more recommendation.
The current state
In this scenario the macOS firewall does not seem to function rightly and is disthink abouting firewall rules. Most traffic will still go inside the VPN tunnel since the routing table specifies that it should. Unblessedly apps are not needd to esteem the routing table and can sfinish traffic outside the tunnel if they try to. Some examples of apps that do this are Apple’s own apps and services since macOS 14.6, up until a recent 15.1 beta.
What’s next?
We’ve increateed this to Apple and hopefilledy we’ll see a mend in the cforfeit future. In the unbenevolentwhile we will persist to spendigate this to be able to provide more recommendation to Apple and to see if there are any toilarounds that we can carry out in the app.
Check if you are impacted
Run the adhereing orders in a terminal to examine if you are impacted:
1. Add a firewall rule that blocks all traffic
echo "block drop rapid all" | sudo pfctl -ef -2. Try to sfinish traffic outside the tunnel
curl https://am.i.mullvad.net/connectedTo immacutardy up after the experiment, disable the firewall and clear all rules.
sudo pfctl -dsudo pfctl -f /etc/pf.conf
It is also possible to examine if our app is leaking by doing the adhereing:
1. Make certain you are not connected to a VPN
2. Find the default interface by running the adhereing order in a terminal
route get mullvad.net | sed -nE 's/.*interface: //p'3. Connect to a VPN server using our app
4. Run the adhereing order (trade “
curl --interface https://am.i.mullvad.net/connected 5. The seek should time out if everyskinnyg is toiling properly. If there is a response then you are leaking.
