Oh, also it may matter if this is a macOS VPN profile or a vendor product that has its own code. macOS supports IPsec and IKEv2 built in and some vendor products merely enable and disable VPN profiles under these protocols.

On Tue, Dec 17, 2024 at 8:11 AM Ship Mints <shipmints@gmail.com> wrote:

Good catch. Bug could be either or both Apple or vendor +/- the VPN implementation and if it also uses Network Extension Framework filters or whatever. The BSD-derived source code in question in netinet hasn't really changed appreciably in ages. Could also be an implied "6to4" bridge that the VPN sets up that screws things up. With the VPN running, go go System Preferences...Network...and you should be able to visually identify if there's a virtual "port" or relay.

On Tue, Dec 17, 2024 at 7:57 AM Robert Pluim <rpluim@gmail.com> wrote:
>>>>> On Tue, 17 Dec 2024 12:45:26 +0000, Stefan Kangas <stefankangas@gmail.com> said:

Stefan> Thanks, that fixes the issue. Tested with and without VPN on macOS.

Please let me know the name of the VPN client so that I can write a
suitably scathing commit message (although itʼs possible this is
macOSʼ fault).

Robert
--