Hacker News new | ask | show | jobs
by responsible 1399 days ago
You can mitigate this by using a VPN router. I have a little GL.Inet router I use that ensures all traffic is passed through the VPN. The only caveat is you can’t travel with it even though they’re advertised as ‘travel routers’. You could use it in a hotel if you don’t trust random Wi-Fi hotspots. All I need is a .OVPN config file which I upload in the router’s admin dashboard, copy and paste my username and password and I’m set. A nice feature is if the VPN connection drops, the router doesn’t leak your IP.
3 comments
egberts1 1399 days ago
Apple App Store mandates that their Apple network infrastructure shall not be impacted by an app (VPN, TailScale, WireGuard, et. al.)

In addition to unimpeded Apple network pathway, DNS resolver is being resolved by Apple DNS recursive DNS server during your tunneling setup, arguably resolving even just the IP address(es) as well as DNS names of VPN server.

More on this sad saga of Apple iOS and VPN, et. al.:

https://www.michaelhorowitz.com/VPNs.on.iOS.are.scam.php#whe...

Edit: of course, an external router would only leverage the WiFi part of iOS. We could use just the WiFi part of iOS and totally ignore the mysterious cellular traffic.

link
responsible 1399 days ago
I’m not talking about an app. I’m talking about a router that VPN-ifies all your traffic to mitigate any form of leak. That article talks about iOS leaking traffic when using VPN apps. A VPN router is the only solution to stop this from happening.
link
smoldesu 1399 days ago
Or you can just use a different device. There's plenty of hardware/software that respects your VPN routing rules, Apple is the outlier here. You don't need a complicated racked-and-stacked Ubiquiti when kernel-level WireGuard will do the trick.
link
egberts1 1399 days ago
Noted and edited.
link
rsync 1399 days ago
See my comment elsewhere in the thread about using your normal network setup, but inserting a "slug" that only allows your VPN port and/or endpoint(s).

Since the slug is invisible, and has no IP address, and runs no daemons, etc., the only misconfiguration possible would be the initial one.

Once the slug is in place, there is no more "accidentally didn't use the VPN..."

link
thfuran 1399 days ago
>The only caveat is you can’t travel with it even though they’re advertised as ‘travel routers’.

Why not?

link
responsible 1399 days ago
Well I have a Gl.inet mango router which I think supports 3g USB modems, so you could hook up that and power the router with a power bank. You can use it traveling, but not when driving as you would need some sort of Wi-Fi hotspot in the car. You could setup one on your phone though this is where everything gets complicated and not for the average user.
link