Try to watch my video stream in the Apple HomeKit through expressVPN is not working.

KiltedTim wrote:

Why are you using a VPN in the first place? It’s doing absolutely nothing to protect your privacy or secure your data. Quite the opposite, in fact.

Out of curiosity, upon what is this statement based?

the way vpn works is that it makes a "tunnel" across the internet making your device be located on the network of the vpn server rather than your own LAN network, this can give issues with accessing other wifi devices not using the same vpn server.

I use vpn for work when I work from home so I can access printers and databases and file servers located at my physical workplace

if you wish to know more about vpn

Virtual private network - Wikipedia

if it was me then I would try not using vpn and see if your logitech camera works then.

The fact that using a VPN to access the internet only results in routing all traffic through a single entity (the VPN provider).

Unless you’re regularly using untrusted, unsecured WiFi networks where a MITM attack might be feasible, they provide absolutely no added security. You’re much better off to just use your cellular data connection in that case.

VPNs were intended to connect one to a secure private network, not to allow access to the public Internet. All you’re accomplishing is moving the egress point to the public Internet from your ISP or cellular provider’s connection to the VPN host’s connection. And, as already pointed out, ALL of your data traffic is routed through, and logged by the VPN provider. If they tell you they don’t keep logs of this traffic and will not turn them over to authorities, they are outright lying. If they tell you they don’t sell that information… if it’s a “free” VPN, they are outright lying. Nothing is free. If you’re getting the service for free, you are not the customer, you are the product. Your data is being sold or otherwise used for the provider to make money. If you’re paying for it, your data is still probably being used or sold.

The modern VPN industry is a scam preying on paranoia and ignorance.

NormandGDrolet wrote:

Thanks KiltedTim……

Your writing is nothing to help resolving my problem.

I would say, useless….. Thanks anyway.

Sorry you feel that way.

You know what the problem is. The problem is the VPN. Stop using it or take the issue up with your VPN provider.

Presumably you are attempting to access HomeKit devices on your local WiFi network from your iPad.

Your VPN client is very likely operating using in a mode known as “no split tunnel” - in which all your network traffic is directed (i.e., “tunnelled”) to the VPN Operator’s VPN Gateway. When the VPN is active, your iPad cannot access any local devices on your local network.

Should you have the option to enable “split tunnelling”, it is possible to have access to local network resources (including HomeKit devices), while passing your internet traffic via the VPN connection. Many simple VPN client Apps do not permit split tunnelling - as this mode of operation is more difficult to securely configure as traffic “leakage” is technically possible.

While some of your points are partially correct, others are not or are substantially misleading. The deniers of VPN often do not understand what a VPN can (and can not) achieve. It is sometimes necessary to burst the bubble or frequently repeated myth.

While some network traffic uses fully encrypted protocols, it is common misconception that all modern network traffic is fully encrypted. Alas, it is not. Many protocols have unencrypted header information; others upon which communication rely are totally in-clear.

By example, your DNS traffic is (by default) an un-encrypted protocol - and conveys (leaks) considerable information about you and your traffic. This DNS traffic, in addition to being commonly monitored by the network operators(s), is often used for malicious purposes and/or as an attack vector/exploit. Where available and correctly configured, there are available mitigations for risks associated with DNS (such as DoH, DoT and DNSSEC), however, these are beyond the technical reach of most users.

As a further example, without delving into the technicalities, when using public/open networks your network traffic can be easily intercepted by other users of the same WiFi network. One immediate source of risk is session hijack/replay.

There are many legitimate reasons to use VPN. Contrary to your assertion, using VPN over public networks does provide useful and significant protection against local attacks and traffic monitoring which are endemic on public networks. For this reason alone, it may argued that using a VPN reduces (but does not fully eliminate) some avoidable risk.

You are correct in your assertion that, where used, a commercial VPN operator has visibility of your network traffic - as your network traffic is obviously being routed via their VPN endpoint/gateway. Whilst your VPN-tunnelled traffic is protected from locally prying eyes, your traffic is delivered to the internet from VPN endpoint in its original (partially encrypted) form.  In using a reputable VPN service, your internet traffic is at no greater risk of traffic monitoring than when using your ISP - who monitors your traffic anyway as it traverses their own gateway to the broader internet.

To reiterate, traffic visible at the VPN Gateway/endpoint is already partially encrypted at protocol level. As such, for practical purposes, the traffic exposed to the VPN Operator is no more at risk than would otherwise be exposed on an open/insecure WiFi network. If the VPN Provider is chosen with care, risk of traffic interception over high-risk networks (such as public hotspots) can be significantly mitigated.

Use of a VPN is a “trust” exercise. In whom do you place greater (dis)trust? The open/insecure WiFi network to which you make your network connection (with all of its consequential risk), or the VPN Operator? Which carries greatest risk to you, the security of your network traffic, or your privacy?

A reputable VPN Operator (noting that “free” services are generally outside of this category) has no commercial interest in your network traffic - but may be bound by legislation of the country in which it is based to collect metadata concerning your connection - as is your ISP. Your can do very little to avoid nation-state actors - and unless you engage in nefarious activity, this should offer no concern. As choice of the VPN Operator, this simply requires wise selection, perhaps considering the country within which the Operator itself is based.

If the user has the technical capability (and competence) to correctly configure a VPN endpoint/gateway, trust in the VPN moves from that of a commercial VPN Operator to the end-user entirely - removing any perceived issues with the VPN Operators interest.

In theory, you’re correct in what kind of protection a VPN may provide… What you don’t cover is the risks inherent is putting your trust in a vendor whose entire model is based on paranoia.

The simple answer here is don’t use untrusted public networks. Full stop.

If you or anyone else wants to trust their data to a single 3rd party, that’s your business, but I will never recommend that anyone use a VPN to access the public Internet. Instead, they should exercise good common sense when it comes to connecting to WiFi networks they don’t control or can’t trust.

In using a reputable VPN provider, you have little to be concerned about.

All encrypted protocol data (e.g., TLS, SSL, DoH etc.) is no more visible to the VPN operator than anyone else. You are correct in that your “in clear” protocol data (e.g., DNS and http) is visible to the VPN operator - in exactly same manner as it is visible for monitoring (as legislation dictates) by your ISP.

Unencrypted protocols can further mitigated from interception using appropriate additional controls (e.g., for DNS - employ DoH, DoT, DNSSEC - or ODoH as now implemented by Apple Private Relay).

The key here is to understand what a VPN can protect - and what it can’t of itself protect. A VPN with no split tunnel will ensure that no traffic from a device can be intercepted or manipulated on the least-trust network segment - i.e., the local network, be it WiFi, Ethernet or Cellular.

Use of VPN to enhance integrity and security of network traffic is fully valid. If you personally choose to avoid appropriate security measures, that is entirely your own choice - as it is for others to make an informed decision based upon need.

LotusPilot wrote:

In using a reputable VPN provider, you have little to be concerned about.

Unfortunately, that’s where my problem lies with VPNs… I don’t consider any of the so-called public VPN providers reputable.

Reputable “paid” commercial VPN services have no vested interest in your internet traffic beyond statutory obligations imposed by the authorities in whose territory in which they operate. Again, from a regulatory and technical perspective, this is no different to your ISP or mobile phone operator. Reputable commercial VPN services are fully and profitably monetised by service subscriptions.

Free or “low cost” VPN operators are funded differently. Clearly, these VPN operators have cost overheads that must be fully funded; such services are often funded through commercial advertising served via the VPN connection, or traffic analysis and data mining - this data being sold-on to other interested parties. Dishonest VPN operators may attract business with express intention of misusing your data - or to facilitate criminal activity.

Looking now areas where commercial VPN provides useful threat mitigation…

Assuming that your home wired/WiFi network is secure - and that other network devices using the network are trusted - use of a VPN within your local network offers no significant benefit. By contrast, public WIFi networks (such as Airports and Hotels) are high risk; other users of these networks can access and manipulate your network traffic - and it is here that a commercial VPN provides useful protection. Here, when using a VPN, all your traffic is fully protected from actors over the high-risk elements of the network path - between your client device and the VPN Gateway.

Regardless of anyone’s opinions regarding the wisdom of using a VPN, the answer here is pretty straightforward.

You do not have a problem with your phone. You do not have a problem with your homekit equipment. You have a problem with the VPN. That is not an Apple product or service. Something about the way the VPN is altering the traffic is interfering with your ability to view the homekit secure video.

Contact the VPN provider for support.

Apple has no control over what they are doing.

NormandGDrolet wrote:

The subject and the question is clear and precise. I wish to receive only the answers which correspond to the subject.

As equally clear and precise, my direct reply to you explained the nature of your problem. When using your ExpressVPN, due to the no-split-tunneling connection policy, you cannot connect to your HomeKit devices while the VPN is active.

Why are you using a VPN in the first place? It’s doing absolutely nothing to protect your privacy or secure your data. Quite the opposite, in fact.