undefined | Better HN

0 pointswizee5y ago0 comments

I'm talking about VPNs, not firewalls. This article (and people in general) are claiming that Apple applications bypass VPNs, and falsely implying that system-wide VPNs are no longer possible in Big Sur. NEAppProxyProvider was never meant for system-wide VPNs. NEPacketTunnelProvider, the system-wide VPN mechanism (when used in destination IP mode), continues to route system-wide VPN traffic, including that of Apple applications.

I'm not denying that NEFilterDataProvider is an inferior solution for per-app firewalls like Little Snitch, compared to their previous kernel extension.

0 comments

1 comments · 1 top-level

AlexandrB5y ago

I think you're right, the article definitely oversteps its bounds and ends up claiming that Apple apps can bypass all VPNs and firewalls. The correct summary of the situation is probably the first tweet in the article:

> Some Apple apps bypass some network extensions and VPN Apps. Maps for example can directly access the internet bypassing any NEFilterDataProvider or NEAppProxyProviders you have running

But then the article sloppily goes on to say:

> What Wardle found is that the Mac App Store on the latest macOS bypasses any firewall.

(emphasis mine)

j / k navigate · click thread line to collapse