I was surprised to find that when I enable the WireGuard tunnel to my hosted VPS my iPhone can still ping devices on my local network (phone is connected to local WiFi). My understanding was that when the tunnel was enabled all traffic would route over it and thus the iPhone would not be able to see local devices.
When I google what’s my IP on my iPhone I get the IP of the hosted VPS (as expected). My current configuration has allowed IPs configured to 0.0.0.0/0 because I want all traffic to the internet from my iPhone to exit from my VPS.
Is there some configuration setting I am missing to force traffic or something?
The above mentions a possible workaround, but it’s not guaranteed
Always-on VPN that tunnels everything requires MDM commmissioning. It’s documented by Apple.
See the section “Always On VPN”: Apple Platform Deployment - Apple Support…
Is it dubious that Apple doesn’t let VPN apps do this as well? Maybe. But this is known and documented. [1]
- Always-on VPN that tunnels *everything* requires MDM commissioning. It's documen... | Hacker News
You’re still a local device on a local network. You SHOULD be able to see local devices on your local network.
configured to 0.0.0.0/0 because I want all traffic to the internet from my iPhone to exit from my VPS.
Sounds like it’s working as expected then, because all of your INTERNET traffic is going through your VPS.
So I’ve read about this and my understanding was that full confidence that nothing would leak requires the use of managed profiles (which that article seems to confirm).
What’s surprising to me is that in my case the leak is completely unrelated to apple services, and it is NEVER intermittent. The way I’ve read these reports has always been that SOMETIMES your data is transmitted outside the tunnel, but I’ve literally always been able to see my local devices regardless of trying any of the airplane mode plus pre-enabled vpn in the WireGuard app work arounds.
I guess I assumed it would work like corporate VPNs I have used in the past where if the VPN was connected all network traffic (local or internet) was routed over the VPN.
Cisco AnyConnect, for example, slurps up all interfaces and dumps them down the vpn route (and actively watches for new routes and devices) … Beside the articles above, I recall a discussion where VPN on iOS hasn’t ever really not leaked (whether it’s apple services or just the VPN itself). It’s not clear to me if the Airplane mode trick from the first article actually helps in your case (drop all connections, re-establish them once your VPN/wireguard is up) ?