Network blocked while connecting

[ggal625]

I've noticed that pings fail immediately after I tell the client to try to connect. If I block the server on my local router, the client will for the connectTimeout period, and the network will be blocked the entire time.

When I try the same client config with "OpenVPN Connect", which is presumably based off of the same openvpn 3 source, I get different behavior. Pings continue to flow even while the client is connecting.

I've tried "route-delay" but that appears to be ignored by openvpn 3.

Any ideas?

[ss-abramchuk]

Hi @ggal625, this is unexpected behavior and I can't replicate it on my devices. Definitely, OpenVPNAdapter shouldn't block network. It just establishes connection to the VPN server, receives configuration and then creates the tunnel. Alas, but I have no idea why it happens for you.

[ggal625]

Mystery solved. I have the VPN configured to start on demand:

let manager = NETunnelProviderManager()
…
let connectRule = NEOnDemandRuleConnect()
connectRule.interfaceTypeMatch = .any
manager.onDemandRules = [connectRule]
manager.isOnDemandEnabled = true

If I disable that it no longer blocks traffic while connecting.

[ggal625]

From [https://developer.apple.com/documentation/networkextension/neondemandruleconnect]():

When rules of this class match, the VPN connection is started whenever an application running on the system opens a network connection. Network connectivity will be blocked until the VPN is connected.

[ggal625]

In case it's helpful to someone else that may want an always on VPN connection that starts on device boot but doesn't block the network if the server is unreachable:

You can use the on demand config above and then immediately set reasserting = false in startTunnel().

The VPN status will show as Connected in Settings even though the VPN is still trying to connect but the network won't be locked.

This may also be related to my previous ticket on why reconnecting occassionally blocks the network.