Force stray connections to be routed via the VPN utun

CHANGELOG.md

@@ -41,8 +41,8 @@ Line wrap the file at 100 chars.                                              Th
 
 ### Fixed
 #### macOS
-- Fix Apple leak toggle not working. The issue was that DNS queries to the tunnel resolver were
-  being sent on the physical interface.
+- Fix Apple services not working by forcing stray connections out through the VPN tunnel. The
+  "bypass" toggle has been removed.
 
 
 ## [2024.6-beta1] - 2024-09-26

gui/locales/messages.pot

@@ -1526,34 +1526,14 @@ msgctxt "settings-view"
 msgid "App version"
 msgstr ""
 
-msgctxt "settings-view"
-msgid "Apple services bypass"
-msgstr ""
-
-msgctxt "settings-view"
-msgid "Attention: this traffic will go outside of the VPN tunnel. Any application that tries to can bypass the VPN tunnel and send traffic to these Apple networks."
-msgstr ""
-
-msgctxt "settings-view"
-msgid "Enabling this setting allows traffic to specific Apple-owned networks to go outside of the VPN tunnel, allowing services like iMessage and FaceTime to work whilst using Mullvad."
-msgstr ""
-
 msgctxt "settings-view"
 msgid "Multihop"
 msgstr ""
 
-msgctxt "settings-view"
-msgid "Some Apple services have an issue where the network settings set by Mullvad get ignored, this in turn blocks certain apps."
-msgstr ""
-
 msgctxt "settings-view"
 msgid "Support"
 msgstr ""
 
-msgctxt "settings-view"
-msgid "This a temporary fix and we are currently working on a long-term solution."
-msgstr ""
-
 msgctxt "settings-view"
 msgid "Update available. Install the latest app version to stay up to date."
 msgstr ""

gui/src/main/daemon-rpc.ts

@@ -421,10 +421,6 @@ export class DaemonRpc extends GrpcClient {
     await this.call<grpcTypes.DnsOptions, Empty>(this.client.setDnsOptions, dnsOptions);
   }
 
-  public async setAppleServicesBypass(enabled: boolean): Promise<void> {
-    await this.callBool<Empty>(this.client.setAppleServicesBypass, enabled);
-  }
-
   public async getVersionInfo(): Promise<IAppVersionInfo> {
     const response = await this.callEmpty<grpcTypes.AppVersionInfo>(this.client.getVersionInfo);
     return response.toObject();

gui/src/main/default-settings.ts

@@ -81,7 +81,6 @@ export function getDefaultSettings(): ISettings {
     customLists: [],
     apiAccessMethods: getDefaultApiAccessMethods(),
     relayOverrides: [],
-    appleServicesBypass: false,
   };
 }
 

gui/src/main/index.ts

@@ -56,7 +56,7 @@ import NotificationController, {
   NotificationControllerDelegate,
   NotificationSender,
 } from './notification-controller';
-import { isMacOs13OrNewer, isMacOs14p6OrNewer } from './platform-version';
+import { isMacOs13OrNewer } from './platform-version';
 import * as problemReport from './problem-report';
 import { resolveBin } from './proc';
 import ReconnectionBackoff from './reconnection-backoff';
@@ -775,7 +775,6 @@ class ApplicationMain
       navigationHistory: this.navigationHistory,
       currentApiAccessMethod: this.currentApiAccessMethod,
       isMacOs13OrNewer: isMacOs13OrNewer(),
-      isMacOs14p6OrNewer: isMacOs14p6OrNewer(),
     }));
 
     IpcMainEventChannel.map.handleGetData(async () => ({

gui/src/main/platform-version.ts

@@ -1,31 +1,24 @@
 import os from 'os';
 
-export function isMacOs11OrNewer(): boolean {
+export function isMacOs11OrNewer() {
   const [major] = parseVersion();
   return process.platform === 'darwin' && major >= 20;
 }
 
-export function isMacOs13OrNewer(): boolean {
+export function isMacOs13OrNewer() {
   const [major] = parseVersion();
   return process.platform === 'darwin' && major >= 22;
 }
 
-export function isMacOs14p6OrNewer(): boolean {
-  const [major, minor] = parseVersion();
-  const darwin24 = major >= 24;
-  const darwin236 = major == 23 && minor >= 6; // 23.6 is used by macOS 14.6
-  return process.platform === 'darwin' && (darwin236 || darwin24);
-}
-
 // Windows 11 has the internal version 10.0.22000+.
-export function isWindows11OrNewer(): boolean {
+export function isWindows11OrNewer() {
   const [major, minor, patch] = parseVersion();
   return (
     process.platform === 'win32' && (major > 10 || (major === 10 && (minor > 0 || patch >= 22000)))
   );
 }
 
-function parseVersion(): number[] {
+function parseVersion() {
   return os
     .release()
     .split('.')

gui/src/main/settings.ts

@@ -72,9 +72,6 @@ export default class Settings implements Readonly<ISettings> {
     IpcMainEventChannel.settings.handleSetDnsOptions((dns) => {
       return this.daemonRpc.setDnsOptions(dns);
     });
-    IpcMainEventChannel.settings.handleSetAppleServicesBypass((enabled) => {
-      return this.daemonRpc.setAppleServicesBypass(enabled);
-    });
     IpcMainEventChannel.autoStart.handleSet((autoStart: boolean) => {
       return this.setAutoStart(autoStart);
     });
@@ -190,9 +187,6 @@ export default class Settings implements Readonly<ISettings> {
   public get relayOverrides() {
     return this.settingsValue.relayOverrides;
   }
-  public get appleServicesBypass() {
-    return this.settingsValue.appleServicesBypass;
-  }
 
   public get gui() {
     return this.guiSettings;

gui/src/renderer/app.tsx

@@ -246,7 +246,6 @@ export default class AppRenderer {
     this.setChangelog(initialState.changelog, initialState.forceShowChanges);
     this.setCurrentApiAccessMethod(initialState.currentApiAccessMethod);
     this.reduxActions.userInterface.setIsMacOs13OrNewer(initialState.isMacOs13OrNewer);
-    this.reduxActions.userInterface.setIsMacOs14p6OrNewer(initialState.isMacOs14p6OrNewer);
 
     if (initialState.macOsScrollbarVisibility !== undefined) {
       this.reduxActions.userInterface.setMacOsScrollbarVisibility(
@@ -325,8 +324,6 @@ export default class AppRenderer {
     IpcRendererEventChannel.settings.updateBridgeSettings(bridgeSettings);
   public setDnsOptions = (dnsOptions: IDnsOptions) =>
     IpcRendererEventChannel.settings.setDnsOptions(dnsOptions);
-  public setAppleServicesBypass = (enabled: boolean) =>
-    IpcRendererEventChannel.settings.setAppleServicesBypass(enabled);
   public clearAccountHistory = () => IpcRendererEventChannel.accountHistory.clear();
   public setAutoConnect = (value: boolean) =>
     IpcRendererEventChannel.guiSettings.setAutoConnect(value);
@@ -832,7 +829,6 @@ export default class AppRenderer {
     reduxSettings.updateWireguardDaita(newSettings.tunnelOptions.wireguard.daita);
     reduxSettings.updateBridgeState(newSettings.bridgeState);
     reduxSettings.updateDnsOptions(newSettings.tunnelOptions.dns);
-    reduxSettings.updateAppleServicesBypass(newSettings.appleServicesBypass);
     reduxSettings.updateSplitTunnelingState(newSettings.splitTunnel.enableExclusions);
     reduxSettings.updateObfuscationSettings(newSettings.obfuscationSettings);
     reduxSettings.updateCustomLists(newSettings.customLists);

gui/src/renderer/components/Settings.tsx

@@ -7,20 +7,10 @@ import { useAppContext } from '../context';
 import { useHistory } from '../lib/history';
 import { RoutePath } from '../lib/routes';
 import { useSelector } from '../redux/store';
-import {
-  AriaDescribed,
-  AriaDescription,
-  AriaDescriptionGroup,
-  AriaDetails,
-  AriaInput,
-  AriaInputGroup,
-  AriaLabel,
-} from './AriaGroup';
+import { AriaDescribed, AriaDescription, AriaDescriptionGroup } from './AriaGroup';
 import * as Cell from './cell';
-import InfoButton from './InfoButton';
 import { BackAction } from './KeyboardNavigation';
 import { Layout, SettingsContainer } from './Layout';
-import { ModalMessage } from './Modal';
 import { NavigationBar, NavigationContainer, NavigationItems, TitleBarItem } from './NavigationBar';
 import SettingsHeader, { HeaderTitle } from './SettingsHeader';
 import {
@@ -38,8 +28,6 @@ export default function Support() {
   const connectedToDaemon = useSelector((state) => state.userInterface.connectedToDaemon);
   const isMacOs13OrNewer = useSelector((state) => state.userInterface.isMacOs13OrNewer);
 
-  const isMacOs14p6OrNewer = useSelector((state) => state.userInterface.isMacOs14p6OrNewer);
-
   const showSubSettings = loginState.type === 'ok' && connectedToDaemon;
   const showSplitTunneling = window.env.platform !== 'darwin' || isMacOs13OrNewer;
 
@@ -91,12 +79,6 @@ export default function Support() {
                     <ApiAccessMethodsButton />
                   </Cell.Group>
 
-                  {isMacOs14p6OrNewer ? (
-                    <Cell.Group>
-                      <AppleServicesBypass />
-                    </Cell.Group>
-                  ) : null}
-
                   <Cell.Group>
                     <SupportButton />
                     <AppVersionButton />
@@ -283,54 +265,6 @@ function SupportButton() {
   );
 }
 
-function AppleServicesBypass() {
-  const { setAppleServicesBypass } = useAppContext();
-  const appleServicesBypass = useSelector((state) => state.settings.appleServicesBypass);
-
-  return (
-    <AriaInputGroup>
-      <Cell.Container>
-        <AriaLabel>
-          <Cell.InputLabel>
-            {messages.pgettext('settings-view', 'Apple services bypass')}
-          </Cell.InputLabel>
-        </AriaLabel>
-        <AriaDetails>
-          <InfoButton>
-            <ModalMessage>
-              {messages.pgettext(
-                'settings-view',
-                'Some Apple services have an issue where the network settings set by Mullvad get ignored, this in turn blocks certain apps.',
-              )}
-            </ModalMessage>
-            <ModalMessage>
-              {messages.pgettext(
-                'settings-view',
-                'Enabling this setting allows traffic to specific Apple-owned networks to go outside of the VPN tunnel, allowing services like iMessage and FaceTime to work whilst using Mullvad.',
-              )}
-            </ModalMessage>
-            <ModalMessage>
-              {messages.pgettext(
-                'settings-view',
-                'Attention: this traffic will go outside of the VPN tunnel. Any application that tries to can bypass the VPN tunnel and send traffic to these Apple networks.',
-              )}
-            </ModalMessage>
-            <ModalMessage>
-              {messages.pgettext(
-                'settings-view',
-                'This a temporary fix and we are currently working on a long-term solution.',
-              )}
-            </ModalMessage>
-          </InfoButton>
-        </AriaDetails>
-        <AriaInput>
-          <Cell.Switch isOn={appleServicesBypass} onChange={setAppleServicesBypass} />
-        </AriaInput>
-      </Cell.Container>
-    </AriaInputGroup>
-  );
-}
-
 function DebugButton() {
   const history = useHistory();
   const navigate = useCallback(() => history.push(RoutePath.debug), [history]);

gui/src/renderer/redux/settings/actions.ts

@@ -93,11 +93,6 @@ export interface IUpdateDnsOptionsAction {
   dns: IDnsOptions;
 }
 
-export interface ISetAppleServicesBypass {
-  type: 'SET_APPLE_SERVICES_BYPASS';
-  enabled: boolean;
-}
-
 export interface IUpdateSplitTunnelingStateAction {
   type: 'UPDATE_SPLIT_TUNNELING_STATE';
   enabled: boolean;
@@ -150,7 +145,6 @@ export type SettingsAction =
   | IUpdateWireguardDaitaAction
   | IUpdateAutoStartAction
   | IUpdateDnsOptionsAction
-  | ISetAppleServicesBypass
   | IUpdateSplitTunnelingStateAction
   | ISetSplitTunnelingApplicationsAction
   | ISetObfuscationSettings
@@ -279,13 +273,6 @@ function updateDnsOptions(dns: IDnsOptions): IUpdateDnsOptionsAction {
   };
 }
 
-function updateAppleServicesBypass(enabled: boolean): ISetAppleServicesBypass {
-  return {
-    type: 'SET_APPLE_SERVICES_BYPASS',
-    enabled,
-  };
-}
-
 function updateSplitTunnelingState(enabled: boolean): IUpdateSplitTunnelingStateAction {
   return {
     type: 'UPDATE_SPLIT_TUNNELING_STATE',
@@ -356,7 +343,6 @@ export default {
   updateWireguardDaita,
   updateAutoStart,
   updateDnsOptions,
-  updateAppleServicesBypass,
   updateSplitTunnelingState,
   setSplitTunnelingApplications,
   updateObfuscationSettings,

gui/src/renderer/redux/settings/reducers.ts

@@ -114,7 +114,6 @@ export interface ISettingsReduxState {
     daita?: IDaitaSettings;
   };
   dns: IDnsOptions;
-  appleServicesBypass: boolean;
   splitTunneling: boolean;
   splitTunnelingApplications: ISplitTunnelingApplication[];
   obfuscationSettings: ObfuscationSettings;
@@ -182,7 +181,6 @@ const initialState: ISettingsReduxState = {
       addresses: [],
     },
   },
-  appleServicesBypass: false,
   splitTunneling: false,
   splitTunnelingApplications: [],
   obfuscationSettings: {
@@ -312,12 +310,6 @@ export default function (
         dns: action.dns,
       };
 
-    case 'SET_APPLE_SERVICES_BYPASS':
-      return {
-        ...state,
-        appleServicesBypass: action.enabled,
-      };
-
     case 'UPDATE_SPLIT_TUNNELING_STATE':
       return {
         ...state,

gui/src/renderer/redux/userinterface/actions.ts

@@ -61,11 +61,6 @@ export interface ISetIsMacOs13OrNewer {
   isMacOs13OrNewer: boolean;
 }
 
-export interface ISetIsMacOs14p6OrNewer {
-  type: 'SET_IS_MACOS14_6_OR_NEWER';
-  isMacOs14p6OrNewer: boolean;
-}
-
 export type UserInterfaceAction =
   | IUpdateLocaleAction
   | IUpdateWindowArrowPositionAction
@@ -78,8 +73,7 @@ export type UserInterfaceAction =
   | ISetForceShowChanges
   | ISetIsPerformingPostUpgrade
   | ISetSelectLocationView
-  | ISetIsMacOs13OrNewer
-  | ISetIsMacOs14p6OrNewer;
+  | ISetIsMacOs13OrNewer;
 
 function updateLocale(locale: string): IUpdateLocaleAction {
   return {
@@ -166,13 +160,6 @@ function setIsMacOs13OrNewer(isMacOs13OrNewer: boolean): ISetIsMacOs13OrNewer {
   };
 }
 
-function setIsMacOs14p6OrNewer(isMacOs14p6OrNewer: boolean): ISetIsMacOs14p6OrNewer {
-  return {
-    type: 'SET_IS_MACOS14_6_OR_NEWER',
-    isMacOs14p6OrNewer,
-  };
-}
-
 export default {
   updateLocale,
   updateWindowArrowPosition,
@@ -186,5 +173,4 @@ export default {
   setIsPerformingPostUpgrade,
   setSelectLocationView,
   setIsMacOs13OrNewer,
-  setIsMacOs14p6OrNewer,
 };