User profile for user: mr88cet
mr88cet Author
User level: Level 1
58 points

All VPN Leakage the Same?

I seem to recall having read somewhere that on iOS, iPadOS, and VisionOS, but not MacOS, VPNs are required to use Apple APIs, meaning that their security is limited to the levels of security of Apple’s VPN code. That is, if you do most of your work on those OSes, then from a Security perspective, it doesn’t matter which VPN provider you use.  


More precisely, if Apple’s VPN code, for whatever reason, “leaks” a given packet (fails to route it through the VPN server), then that security hole will persist regardless of which VPN service you sign up for. All VPN providers will see the same leaks, that is.


Even more specifically, what I think I recall reading is not so much that Apple’s VPN code has leaks, but that when you turn on the VPN, it fails to close all connections and re-open them through the VPN, so some previously-open connections will leak.


Now, of course, this doesn’t affect any considerations on the server side, like speed, cost, nor additional security features.


Am I indeed remembering correctly in this regard? (Googled it, and what I found seems to confirm my recollection, but perhaps you folks might know better?)

iPhone 15 Pro Max

Posted on Jul 9, 2025 6:43 AM

Reply

Similar questions

7 replies
User profile for user: LotusPilot
LotusPilot
User level: Level 10
303,890 points

Jul 9, 2025 6:57 AM in response to mr88cet

Be prepared to be lectured here as to the use and security of VPNs in general - in particular with Apple devices.


Setting aside discussions as to the relative merits of VPN and their efficacy, some third-party VPN clients do use native APIs - while others do not. This aside, packet leakage is primarily attributable to the VPN configuration. A VPN that is configured to support Split Tunnelling will, by design, allow access to local network resources in addition to sending other traffic via the VPN tunnel. This type of configuration is vulnerable to packet leakage.


By contrast, a VPN that is configured to prevent Split Tunnelling should direct all network traffic via the VPN to the VPN Gateway. By definition, this type of VPN will deny access to all local network resources, such as Printers and local Network storage.

Reply
User profile for user: mr88cet
mr88cet Author
User level: Level 1
58 points

Jul 9, 2025 7:05 AM in response to lobsterghost1

Ultimately, I’m not particularly interested in the mechanisms involved, as much as whether it makes sense to change VPN providers based upon having seen leakage in a leakage test. What I had previously heard at least said that that wouldn’t likely plug those leaks, but LotusPilot’s response suggests that it might or might not, depending upon the vendor.

Reply
User profile for user: LotusPilot
LotusPilot
User level: Level 10
303,890 points

Jul 9, 2025 7:12 AM in response to mr88cet

Whether or not you need to use Split Tunnelling will be determined by your specific needs.


For example, if connected to your Home or Office network and need to access local resources while simultaneously connecting to remote resources using a VPN, then you will need a VPN client/configuration that supports Split Tunnelling.


By contrast, from a Hotel or connecting to the Internet from an untrusted (or public) WiFi network, you may have no need to access local network resources. In such circumstances you may wish to send all network traffic via your VPN connection. This configuration is atypical of needing to securely connect to a Corporate/Enterprise network.

Reply

This thread has been closed by the system or the community team. You may vote for any posts you find helpful, or search the Community for additional answers.

All VPN Leakage the Same?

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple Account.
Learn more Sign up